set "multi-master" automatically with multiple primaries

By default, named logs a message at level info if a secondary zone receives an update indicating that the serial number has gone backwards. The "multi-master" option was provided to allow this message to be suppressed if a zone was configured with multiple primary servers. That option has now been marked obsolete. The message is now logged at debug level 1 when there are multiple primary server addresses configured for the zone. It is still logged at level info if there is only address.
2024-12-11 11:15:04 -08:00
11 changed files with 49 additions and 41 deletions
--- a/bin/named/zoneconf.c
+++ b/bin/named/zoneconf.c
@@ -897,7 +897,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 	const char *dupcheck;
 	dns_checkdstype_t checkdstype = dns_checkdstype_yes;
 	dns_notifytype_t notifytype = dns_notifytype_yes;
-	uint32_t count;
 	unsigned int dbargc;
 	char **dbargv;
 	static char default_dbtype[] = ZONEDB_DEFAULT;
@@ -907,7 +906,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 	dns_zonetype_t ztype;
 	int i;
 	int32_t journal_size;
-	bool multi;
 	dns_kasp_t *kasp = NULL;
 	bool check = false, fail = false;
 	bool warn = false, ignore = false;
@@ -1838,7 +1836,6 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 	case dns_zone_secondary:
 	case dns_zone_stub:
 	case dns_zone_redirect:
-		count = 0;
 		obj = NULL;
 		(void)cfg_map_get(zoptions, "primaries", &obj);
 		if (obj == NULL) {
@@ -1866,22 +1863,12 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 			dns_zone_setprimaries(mayberaw, ipkl.addrs,
 					      ipkl.sources, ipkl.keys,
 					      ipkl.tlss, ipkl.count);
-			count = ipkl.count;
 			dns_ipkeylist_clear(mctx, &ipkl);
 		} else {
 			dns_zone_setprimaries(mayberaw, NULL, NULL, NULL, NULL,
 					      0);
 		}

-		multi = false;
-		if (count > 1) {
-			obj = NULL;
-			result = named_config_get(maps, "multi-master", &obj);
-			INSIST(result == ISC_R_SUCCESS && obj != NULL);
-			multi = cfg_obj_asboolean(obj);
-		}
-		dns_zone_setoption(mayberaw, DNS_ZONEOPT_MULTIMASTER, multi);
-
 		obj = NULL;
 		result = named_config_get(maps, "max-transfer-time-in", &obj);
 		INSIST(result == ISC_R_SUCCESS && obj != NULL);
--- a/bin/tests/system/checkconf/tests.sh
+++ b/bin/tests/system/checkconf/tests.sh
@@ -736,5 +736,16 @@ if [ $ret != 0 ]; then
 fi
 status=$((status + ret))

+n=$((n + 1))
+echo_i "check for obsolete option warnings ($n)"
+ret=0
+$CHECKCONF warn-obsolete.conf >checkconf.out$n 2>&1 || ret=1
+grep -F "option 'multi-master' is obsolete and should be removed" checkconf.out$n >/dev/null || ret=1
+if [ $ret != 0 ]; then
+  echo_i "failed"
+  ret=1
+fi
+status=$((status + ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/bin/tests/system/checkconf/warn-obsolete.conf
+++ b/bin/tests/system/checkconf/warn-obsolete.conf
@@ -0,0 +1,18 @@
+/*
+ * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+ *
+ * SPDX-License-Identifier: MPL-2.0
+ *
+ * This Source Code Form is subject to the terms of the Mozilla Public
+ * License, v. 2.0.  If a copy of the MPL was not distributed with this
+ * file, you can obtain one at https://mozilla.org/MPL/2.0/.
+ *
+ * See the COPYRIGHT file distributed with this work for additional
+ * information regarding copyright ownership.
+ */
+
+zone . {
+	type secondary;
+	primaries { 10.53.0.1; 10.53.0.2; };
+	multi-master yes;
+};
--- a/doc/arm/reference.rst
+++ b/doc/arm/reference.rst
@@ -2525,13 +2525,9 @@ Boolean Options
   :any:`ixfr-from-differences` setting is ignored for that zone.

 .. namedconf:statement:: multi-master
-   :tags: transfer
-   :short: Controls whether serial number mismatch errors are logged.
+   :tags: obsolete

-   This should be set when there are multiple primary servers for a zone and the
-   addresses refer to different machines. If ``yes``, :iscman:`named` does not
-   log when the serial number on the primary is less than what :iscman:`named`
-   currently has. The default is ``no``.
+   This option no longer has any effect.

 .. namedconf:statement:: dnssec-validation
   :tags: dnssec
--- a/doc/misc/mirror.zoneopt
+++ b/doc/misc/mirror.zoneopt
@@ -26,7 +26,7 @@ zone <string> [ <class> ] {
 	max-types-per-name <integer>;
 	min-refresh-time <integer>;
 	min-retry-time <integer>;
-	multi-master <boolean>;
+	multi-master <boolean>; // obsolete
 	notify ( explicit | master-only | primary-only | <boolean> );
 	notify-delay <integer>;
 	notify-source ( <ipv4_address> | * );
--- a/doc/misc/options
+++ b/doc/misc/options
@@ -204,7 +204,7 @@ options {
 	min-retry-time <integer>;
 	minimal-any <boolean>;
 	minimal-responses ( no-auth | no-auth-recursive | <boolean> );
-	multi-master <boolean>;
+	multi-master <boolean>; // obsolete
 	new-zones-directory <quoted_string>;
 	no-case-compress { <address_match_element>; ... };
 	nocookie-udp-size <integer>;
@@ -489,7 +489,7 @@ view <string> [ <class> ] {
 	min-retry-time <integer>;
 	minimal-any <boolean>;
 	minimal-responses ( no-auth | no-auth-recursive | <boolean> );
-	multi-master <boolean>;
+	multi-master <boolean>; // obsolete
 	new-zones-directory <quoted_string>;
 	no-case-compress { <address_match_element>; ... };
 	nocookie-udp-size <integer>;
--- a/doc/misc/secondary.zoneopt
+++ b/doc/misc/secondary.zoneopt
@@ -38,7 +38,7 @@ zone <string> [ <class> ] {
 	max-types-per-name <integer>;
 	min-refresh-time <integer>;
 	min-retry-time <integer>;
-	multi-master <boolean>;
+	multi-master <boolean>; // obsolete
 	notify ( explicit | master-only | primary-only | <boolean> );
 	notify-delay <integer>;
 	notify-source ( <ipv4_address> | * );
--- a/doc/misc/stub.zoneopt
+++ b/doc/misc/stub.zoneopt
@@ -18,7 +18,7 @@ zone <string> [ <class> ] {
 	max-types-per-name <integer>;
 	min-refresh-time <integer>;
 	min-retry-time <integer>;
-	multi-master <boolean>;
+	multi-master <boolean>; // obsolete
 	primaries [ port <integer> ] [ source ( <ipv4_address> | * ) ] [ source-v6 ( <ipv6_address> | * ) ] { ( <remote-servers> | <ipv4_address> [ port <integer> ] | <ipv6_address> [ port <integer> ] ) [ key <string> ] [ tls <string> ]; ... };
 	transfer-source ( <ipv4_address> | * );
 	transfer-source-v6 ( <ipv6_address> | * );
--- a/lib/dns/include/dns/zone.h
+++ b/lib/dns/include/dns/zone.h
@@ -73,11 +73,9 @@ typedef enum {
 	DNS_ZONEOPT_NOMERGE = 1 << 2,	    /*%< don't merge journal */
 	DNS_ZONEOPT_CHECKNS = 1 << 3,	    /*%< check if NS's are addresses */
 	DNS_ZONEOPT_FATALNS = 1 << 4,	    /*%< DNS_ZONEOPT_CHECKNS is fatal */
-	DNS_ZONEOPT_MULTIMASTER = 1 << 5,   /*%< this zone has multiple
-						 primaries */
-	DNS_ZONEOPT_USEALTXFRSRC = 1 << 6,  /*%< use alternate transfer sources.
-						 Obsoleted. */
-	DNS_ZONEOPT_CHECKNAMES = 1 << 7,    /*%< check-names */
+	/*% 5: formerly _MULTIMASTER */
+	/*%< 6: formerly _USEALTXFRSRC */
+	DNS_ZONEOPT_CHECKNAMES = 1 << 7,     /*%< check-names */
 	DNS_ZONEOPT_CHECKNAMESFAIL = 1 << 8, /*%< fatal check-name failures */
 	DNS_ZONEOPT_CHECKWILDCARD = 1 << 9, /*%< check for internal wildcards */
 	DNS_ZONEOPT_CHECKMX = 1 << 10,	    /*%< check-mx */
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -553,7 +553,7 @@ typedef enum {
 	DNS_ZONEFLG_NOIXFR = 0x00100000U, /*%< IXFR failed, force AXFR */
 	DNS_ZONEFLG_FLUSH = 0x00200000U,
 	DNS_ZONEFLG_NOEDNS = 0x00400000U,
-	DNS_ZONEFLG_USEALTXFRSRC = 0x00800000U, /*%< Obsoleted. */
+	/* 0x00800000U obsoleted. */
 	DNS_ZONEFLG_SOABEFOREAXFR = 0x01000000U,
 	DNS_ZONEFLG_NEEDCOMPACT = 0x02000000U,
 	DNS_ZONEFLG_REFRESHING = 0x04000000U, /*%< Refreshing keydata */
@@ -14246,16 +14246,13 @@ refresh_callback(void *arg) {
 		dns_remote_mark(&zone->primaries, true);
 		goto next_primary;
 	} else {
-		if (!DNS_ZONE_OPTION(zone, DNS_ZONEOPT_MULTIMASTER)) {
-			dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN,
-				      ISC_LOG_INFO,
-				      "serial number (%u) "
-				      "received from primary %s < ours (%u)",
-				      soa.serial, primary, oldserial);
-		} else {
-			zone_debuglogc(zone, DNS_LOGCATEGORY_XFER_IN, __func__,
-				       1, "ahead");
-		}
+		int level = (dns_remote_count(&zone->primaries) == 1)
+				    ? ISC_LOG_INFO
+				    : ISC_LOG_DEBUG(1);
+		dns_zone_logc(zone, DNS_LOGCATEGORY_XFER_IN, level,
+			      "serial number (%u) received from "
+			      "primary %s < ours (%u)",
+			      soa.serial, primary, oldserial);
 		dns_remote_mark(&zone->primaries, true);
 		goto next_primary;
 	}
--- a/lib/isccfg/namedconf.c
+++ b/lib/isccfg/namedconf.c
@@ -2316,7 +2316,8 @@ static cfg_clausedef_t zone_clauses[] = {
 	{ "min-retry-time", &cfg_type_uint32,
 	  CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
 	{ "multi-master", &cfg_type_boolean,
-	  CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB },
+	  CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR | CFG_ZONE_STUB |
+		  CFG_CLAUSEFLAG_OBSOLETE },
 	{ "notify", &cfg_type_notifytype,
 	  CFG_ZONE_PRIMARY | CFG_ZONE_SECONDARY | CFG_ZONE_MIRROR },
 	{ "notify-delay", &cfg_type_uint32,