A policy for removing named.conf options.

Matthijs Mekking matthijs at isc.org
Thu Jun 13 10:46:38 UTC 2019 

Dear BIND 9 users,

BIND 9 has a lot of configuration options.  Some have lost value over
the years, but the policy was to keep the options to not break old
configurations.

However, we also want to clean up the code at some point.  Keeping these
options increases the number of corner cases and makes maintenance more
cumbersome.  It can also be confusing to new users.  We are trying to
establish an orderly, staged process that gives existing users ample
time to react and adapt to deprecated options.

The policy below describes our proposal for the procedure for removing
named.conf options. We would like to hear your feedback.

Thanks, best regards,

Matthijs


# Policy for removing named.conf options

A named.conf option will first become deprecated before it is removed
from the code and becomes an unknown option.

## Deprecating

A configuration option that is candidate for removal will be deprecated
first.  During this phase the option will still work, but we will be
communicating to users that the option is going to be removed soon. A
user that has deprecated options configured will see warnings in their
logs and needs to take action to get rid of those log messages.
Configuration options that are deprecated will be identified in the
Release Note for the release they are deprecated in.

Deprecating an option can be done at any time, but preferably before the
next ESV release.  For example, an option that that needs to be
deprecated before the ESV 9.16 will need to flagged so in the 9.15
development or the 9.14 stable release.

## Removing

A user that has a removed option configured will be unable to start
`named` because the configuration option is no longer known.  We plan to
remove options first in an annual stable release, so that we will learn
what the impact is of removing a certain option before the change hits
the more popular ESV release.  Configuration options that are removed
from BIND 9 will be noted in the Release Note for the first version they
are removed from.

For example, an option that has been marked as deprecated before 9.16
could be removed in the 9.17 development release (that will become the
stable ESV release, 9.18).

If it is not removed in the stable release it should also not be removed
in the following ESV release.  Following the example, it thus should
also stay in 9.19/9.20.

## Removing related code

The code that relates to a configuration option that is to be removed
will in general be deleted at the same time as the configuration option
is removed.  The BIND 9 team may decide to remove the related code at an
earlier stage if it is considered harmful to keep. In that case the
option will become obsolete rather than deprecated.

## Candidate options to be deprecated/removed

We certainly don't want to remove any options that are still in
widespread use. Before making the decision to go ahead with removing an
option, we plan to post a notice on the bind-users mailing list to
solicit feedback. Depending on the level of concern from the list, we
may move ahead or decide to defer deprecating the option.

Below is a table of candidate options we may deprecate and remove.  This
list is by no means set in stone. Feel free to add suggestions, or add
comments.

| option | will be deprecated in | comments                  |
| ------ | --------------------- | ------------------------- |
| cleaning-interval  | 9.15/9.16 | obsolete                  |
| dnssec-update-mode |           | use auto-dnssec instead   |
| dialup             |           |                           |
| managed-keys       | 9.15/9.16 | replaced with dnssec-keys |
| trusted-keys       | 9.15/9.16 | replaced with dnssec-keys |

In addition, there are already quite some options that are ancient,
obsoleted, or never implemented before 9.15. They are listed in this issue:

  https://gitlab.isc.org/isc-projects/bind9/issues/1086

and may be removed in the next stable release after 9.16.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 488 bytes
Desc: OpenPGP digital signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20190613/62217863/attachment.bin>

More information about the bind-users mailing list