rec: actively deprecate old style settings

pdns/recursordist/docs/manpages/rec_control.1.rst

@@ -48,6 +48,8 @@ Options
                       control.
 --timeout=<num>       Number of seconds to wait for the remote PowerDNS
                       Recursor to respond.
+--version             Show the version number of this program. Note that the **version**
+                      command shows the version of the running recursor.
 
 Commands
 --------
@@ -179,7 +181,7 @@ hash-password [*WORK-FACTOR*]
 
 help
     Shows a list of supported commands understood by the running
-    :program:`pdns_recursor`
+    :program:`pdns_recursor`.
 
 list-dnssec-algos
     List supported (and potentially disabled) DNSSEC algorithms.
@@ -329,7 +331,7 @@ unload-lua-script
     Unloads Lua script if one was loaded.
 
 version
-    Report running version.
+    Report the version of the running Recursor.
 
 wipe-cache *DOMAIN* [*DOMAIN*] [...]
     Wipe entries for *DOMAIN* (exact name match) from the cache. This is useful

pdns/recursordist/docs/upgrade.rst

@@ -4,19 +4,14 @@ Upgrade Guide
 Before upgrading, it is advised to read the :doc:`changelog/index`.
 When upgrading several versions, please read **all** notes applying to the upgrade.
 
-5.1.1 to 5.1.2, 5.0.8 to 5.0.9 and 4.9.8 to 4.9.9
--------------------------------------------------
-
-New settings
-^^^^^^^^^^^^
-- The :ref:`setting-yaml-recordcache.max_rrset_size` setting has been introduced to limit the number of records in a result set.
-- The :ref:`setting-yaml-recordcache.limit_qtype_any` setting has been introduced to limit the number of records in answers to ANY queries.
-
 5.1.0 to master
 ----------------
 
 Changed behaviour
 ^^^^^^^^^^^^^^^^^
+Parsing of old-style settings is no longer enabled by default.
+Convert your settings file to YAML (see :doc:`appendices/yamlconversion`) or pass ``--enable-old-settings`` on the command line.
+
 The way :ref:`setting-yaml-incoming.max_tcp_clients` is enforced has changed.
 If there are too many incoming TCP connections, new connections will be accepted but then closed immediately.
 Previously, excess connections would linger in the OS listen queue until timeout or until processing of incoming TCP connections resumed due to the number of connections being processed dropping below the limit.
@@ -25,6 +20,14 @@ There is a new metric ``tcp-overflow`` that counts the connections closed immedi
 The ``outqueries-per-query`` value reported in the log by the periodic statistics function is now reported as ``outqueries-per-query-perc`` as it is a percentage.
 A value of 1 means that on average each 100 incoming queries lead to a single query to an authoritative server.
 
+5.1.1 to 5.1.2, 5.0.8 to 5.0.9 and 4.9.8 to 4.9.9
+-------------------------------------------------
+
+New settings
+^^^^^^^^^^^^
+- The :ref:`setting-yaml-recordcache.max_rrset_size` setting has been introduced to limit the number of records in a result set.
+- The :ref:`setting-yaml-recordcache.limit_qtype_any` setting has been introduced to limit the number of records in answers to ANY queries.
+
 5.0.6 to 5.1.0
 --------------
 

pdns/recursordist/rec-main.cc

@@ -3223,6 +3223,12 @@ int main(int argc, char** argv)
         SLOG(g_log << Logger::Warning << "Unable to open configuration file '" << configname << "'" << endl,
              startupLog->error("No such file", "Unable to open configuration file", "config_file", Logging::Loggable(configname)));
       }
+      else {
+        if (!::arg().mustDo("enable-old-settings")) {
+          startupLog->info(Logr::Error, "Old-style settings syntax not enabled by default anymore. Use YAML or enable with --enable-old-settings on the command line", "configname", Logging::Loggable(configname));
+          return EXIT_FAILURE;
+        }
+      }
     }
 
     // Reparse, now with config file as well, both for old-style as for YAML settings

pdns/recursordist/rec_channel_rec.cc

@@ -1886,14 +1886,14 @@ static RecursorControlChannel::Answer help()
           "                                 notice: queries from cache aren't being counted yet\n"
           "get-remotelogger-stats           get remote logger statistics\n"
           "hash-password [work-factor]      ask for a password then return the hashed version\n"
-          "help                             get this list\n"
+          "help                             get this list (from the running recursor)\n"
           "list-dnssec-algos                list supported DNSSEC algorithms\n"
           "ping                             check that all threads are alive\n"
           "quit                             stop the recursor daemon\n"
           "quit-nicely                      stop the recursor daemon nicely\n"
           "reload-acls                      reload ACLS\n"
           "reload-lua-script [filename]     (re)load Lua script\n"
-          "reload-lua-config [filename]     (re)load Lua configuration file\n"
+          "reload-lua-config [filename]     (re)load Lua configuration file or equivalent YAML clauses\n"
           "reload-zones                     reload all auth and forward zones\n"
           "set-ecs-minimum-ttl value        set ecs-minimum-ttl-override\n"
           "set-max-aggr-nsec-cache-size value set new maximum aggressive NSEC cache size\n"
@@ -1917,7 +1917,7 @@ static RecursorControlChannel::Answer help()
           "top-servfail-remotes             show top remotes receiving servfail answers\n"
           "top-bogus-remotes                show top remotes receiving bogus answers\n"
           "unload-lua-script                unload Lua script\n"
-          "version                          return Recursor version number\n"
+          "version                          return version number of running Recursor\n"
           "wipe-cache domain0 [domain1] ..  wipe domain data from cache\n"
           "wipe-cache-typed type domain0 [domain1] ..  wipe domain data with qtype from cache\n"};
 }

pdns/recursordist/rec_control.cc

@@ -247,6 +247,10 @@ static RecursorControlChannel::Answer showYAML(const std::string& path)
   try {
     std::string msg;
     auto converted = pdns::settings::rec::oldStyleSettingsFileToYaml(configName, true);
+    if (converted == "{}\n") {
+      msg += "There seems to be no YAML config in " + configName;
+      return {1, std::move(msg)};
+    }
     msg += "# Start of converted recursor.yml based on " + configName + "\n";
     msg += converted;
     msg += "# Validation result: ";

pdns/recursordist/settings/docs-new-preamble-in.rst

@@ -16,7 +16,7 @@ Settings on the command line are processed after the file-based settings are pro
    if that fails, it will be processed as old-style configuration.
    Packages will stop installing a old-style ``recursor.conf`` file and start installing a default ``recursor.conf`` file containing YAML syntax.
 
-   With the release of 5.2.0, the default will be to expect a YAML configuration file and reading of old-style ``recursor.conf`` files will have to be enabled specifically by providing a command line option.
+   With the release of 5.2.0, the default will be to expect a YAML configuration file and reading of old-style ``recursor.conf`` files will have to be enabled specifically by providing a command line option ``--enable-old-settings``.
 
    In a future release support for the "old-style" ``recursor.conf`` settings file will be dropped.
 

pdns/recursordist/settings/docs-old-preamble-in.rst

@@ -6,7 +6,8 @@ The command line overrides the configuration file.
 .. note::
    Starting with version 5.0.0, :program:`Recursor` supports a new YAML syntax for configuration files.
    A configuration using the old style syntax can be converted to a YAML configuration using the instructions in :doc:`appendices/yamlconversion`.
-   In a future release support for the "old-style" settings described here will be dropped.
+   Starting with version 5.2.0, parsing of old-style settings must be explicitly enabled using a command line argument ``--enable-old-settings``.
+   In a future release support for the old-style settings described here will be dropped.
    See :doc:`yamlsettings` for details.
 
 .. note::

pdns/recursordist/settings/table.py

@@ -939,6 +939,19 @@
  ''',
     'versionadded': '4.5.0'
     },
+    {
+        'name' : 'enable_old_settings',
+        'section' : 'recursor',
+        'type' : LType.Bool,
+        'default' : 'false',
+        'help' : 'Enable (deprecated) parsing of old-style settings',
+        'doc' : '''
+Enable the deprecated parsing of old-style settings.
+Only makes sense to set on the command line.
+        ''',
+        'skip-yaml': True,
+        'versionadded': '5.2.0',
+    },
     {
         'name' : 'entropy_source',
         'section' : 'recursor',

regression-tests.recursor-dnssec/recursortests.py

@@ -699,7 +699,8 @@ def startRecursor(cls, confdir, port):
         recursorcmd = [os.environ['PDNSRECURSOR'],
                        '--config-dir=%s' % confdir,
                        '--local-port=%s' % port,
-                       '--security-poll-suffix=']
+                       '--security-poll-suffix=',
+                       '--enable-old-settings']
         print(' '.join(recursorcmd))
 
         logFile = os.path.join(confdir, 'recursor.log')

regression-tests.recursor/vars.sample

@@ -1,5 +1,5 @@
 PREFIX=10.0.3
 # PDNSRECURSOR=    # set to override default location
-# PDNS=            # set to override default location   
+# PDNS=            # set to override default location
 AUTHRUN="exec authbind ${PDNS} --config-dir=. > logfile 2>&1"
-RECRUN="exec authbind ${PDNSRECURSOR} --config-dir=. --daemon=no --trace=yes --dont-query= --local-address=$PREFIX.9 --hint-file=hintfile --packetcache-ttl=0 --max-cache-ttl=15 --threads=1 > logfile 2>&1"
+RECRUN="exec authbind ${PDNSRECURSOR} --config-dir=. --daemon=no --trace=yes --dont-query= --local-address=$PREFIX.9 --hint-file=hintfile --packetcache-ttl=0 --max-cache-ttl=15 --threads=1 --enable-old-settings > logfile 2>&1"

regression-tests/recursor-test

@@ -31,7 +31,7 @@ rm -f recursor.pid pdns_recursor.pid
 <measurement><name>system CPU seconds</name><value>%S</value></measurement>
 <measurement><name>wallclock seconds</name><value>%e</value></measurement>
 <measurement><name>%% CPU used</name><value>%P</value></measurement>
-'         ${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --max-mthreads=$mthreads --query-local-address="0.0.0.0${QLA6}" --threads=$threads --record-cache-shards=$shards --refresh-on-ttl-perc=10 --dnssec=validate --pdns-distributes-queries --reuseport=no > recursor.log 2>&1 &
+'         ${RECURSOR} --daemon=no --local-port=$port --socket-dir=./ --trace=$TRACE --config-dir=. --max-mthreads=$mthreads --query-local-address="0.0.0.0${QLA6}" --threads=$threads --record-cache-shards=$shards --refresh-on-ttl-perc=10 --dnssec=validate --pdns-distributes-queries --reuseport=no --enable-old-settings > recursor.log 2>&1 &
 sleep 3
 if [ ! -e pdns_recursor.pid ]; then
         cat recursor.log