Commit 66074f15 authored by Evan Hunt's avatar Evan Hunt

[master] log message when using ISC DLV

4352.	[cleanup]	The ISC DNSSEC Lookaside Validation (DLV) service
			is scheduled to be disabled in 2017.  A warning is
			now logged when named is configured to use it,
			either explicitly or via "dnssec-lookaside auto;"
			[RT #42207]
parent 9e6e0881
4352. [cleanup] The ISC DNSSEC Lookaside Validation (DLV) service
is scheduled to be disabled in 2017. A warning is
now logged when named is configured to use it,
either explicitly or via "dnssec-lookaside auto;"
[RT #42207]
4351. [bug] 'dig +noignore' didn't work. [RT #42273]
4350. [contrib] Declare result in dlz_filesystem_dynamic.c.
......
......@@ -2540,6 +2540,7 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
const cfg_obj_t *zonelist;
const cfg_obj_t *dlzlist;
const cfg_obj_t *dlz;
const cfg_obj_t *dlvobj = NULL;
unsigned int dlzargc;
char **dlzargv;
const cfg_obj_t *dyndb_list;
......@@ -3852,7 +3853,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
result = ns_config_get(optionmaps, "dnssec-lookaside", &obj);
if (result == ISC_R_SUCCESS) {
/* If set to "auto", use the version from the defaults */
const cfg_obj_t *dlvobj;
const char *dom;
dlvobj = cfg_listelt_value(cfg_list_first(obj));
dom = cfg_obj_asstring(cfg_tuple_get(dlvobj, "domain"));
......@@ -3870,18 +3870,34 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist,
}
if (result == ISC_R_SUCCESS) {
dns_name_t *dlv, *iscdlv;
dns_fixedname_t f;
dns_fixedname_init(&f);
iscdlv = dns_fixedname_name(&f);
CHECK(dns_name_fromstring(iscdlv, "dlv.isc.org", 0, NULL));
for (element = cfg_list_first(obj);
element != NULL;
element = cfg_list_next(element))
{
dns_name_t *dlv;
obj = cfg_listelt_value(element);
obj = cfg_tuple_get(obj, "trust-anchor");
dlv = dns_fixedname_name(&view->dlv_fixed);
CHECK(dns_name_fromstring(dlv, cfg_obj_asstring(obj),
DNS_NAME_DOWNCASE, NULL));
view->dlv = dns_fixedname_name(&view->dlv_fixed);
if (dns_name_equal(view->dlv, iscdlv)) {
if (auto_dlv)
obj = dlvobj;
cfg_obj_log(obj, ns_g_lctx, ISC_LOG_WARNING,
"WARNING: the DLV server at "
"'dlv.isc.org' is expected to "
"cease operation by the end "
"of 2017");
}
}
} else
view->dlv = NULL;
......
......@@ -12,8 +12,6 @@
# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
# PERFORMANCE OF THIS SOFTWARE.
# $Id: tests.sh,v 1.3 2011/03/03 16:16:46 each Exp $
SYSTEMTESTTOP=..
. $SYSTEMTESTTOP/conf.sh
......@@ -22,9 +20,17 @@ DIGOPTS="+tcp +noadd +nosea +nostat +nocmd +dnssec -p 5300"
status=0
n=1
echo "I:checking that a warning was logged about the ISC DLV service ($n)"
ret=0
warnings=`grep "WARNING: the DLV server at 'dlv.isc.org'" ns2/named.run`
[ -z "$warnings" ] && ret=1
if [ $ret != 0 ]; then echo "I:failed"; fi
status=`expr $status + $ret`
#
# When this was initialy reported there was a REQUIRE failure on restarting.
#
n=`expr $n + 1`
echo "I:checking dnssec-lookaside "'"auto"'"; with views of multiple classes ($n)"
if [ -s ns2/named.pid ]
then
......
......@@ -484,6 +484,15 @@
<section xml:id="relnotes_changes"><info><title>Feature Changes</title></info>
<itemizedlist>
<listitem>
<para>
The ISC DNSSEC Lookaside Validation (DLV) service is scheduled
to be disabled in 2017. A warning is now logged when
<command>named</command> is configured to use this service,
either explicitly or via <option>dnssec-lookaside auto;</option>.
[RT #42207]
</para>
</listitem>
<listitem>
<para>
The timers returned by the statistics channel (indicating current
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment