Ignore and deprecate some profile properties

[mattias-p]

Purpose

Ignore and deprecate profile properties that complicate query parameter semantics for no good reason, and allows user configuration to cause Zonemaster to misbehave for no good reason.

Context

Fixes the remainder of #1148.

Changes

Ignore and deprecate these profile properties:

• resolver.defaults.igntc
• resolver.defaults.recurse
• resolver.defaults.usevc

How to test this PR

Here is a profile file that sets all four properties to unreasonable values:

{"resolver":{"defaults":{"igntc":true,"recurse":true,"usevc":true}}}

I don't have any examples of zones that break with that profile, but it does break ASN lookups without the changes in this PR.

[matsduf]

I cannot find a good documentation of what fallback really means. I find "Use new fallback mechanism (try EDNS, then do TCP)" and that seems wrong. Then fallback should be FALSE by default.

[mattias-p]

I feel the semantics of fallback is out of scope for this particular PR.
I suggest that the desired semantics should be described in Default handling of a DNS Response. Or, I guess they are already?

[matsduf]

This PR suggests to set fallback to always TRUE which is problematic.

Zonemaster/Engine/Profile.pm says:

  resolver.defaults.igntc
    A boolean. If false, UDP queries that get responses with the "TC" flag
    set will be automatically resent over TCP. Default false.

Yes, we want resolver.defaults.igntc to be FALSE by default, but it should be possible to be TRUE in some test cases. That is defined in Default handling of a DNS Response.

Now we come to fallback.

  resolver.defaults.fallback
    A boolean. If true, UDP queries that get responses with the "TC" flag
    set will be automatically resent over TCP or using EDNS. Default true.

    In ldns-1.7.0 (NLnet Labs), in case of truncated answer when UDP is
    used, the same query is resent with EDNS0 and TCP (if needed). If you
    want the original answer (with TC bit set) and avoid this kind of
    replay, set this flag to false.

We want resolver.defaults.fallback to be always FALSE because there should be no magic of converting non-EDNS queries as EDNS queries. That should be done in a controlled manner by creating a new query.

[mattias-p]

Here is some context for why the default "fallback" value is true: #460

[matsduf]

Here is some context for why the default "fallback" value is true: #460

I do not see it in #460. Can you please point it out?

Is that due to some strange behavior in LDNS that makes resolver.defaults.igntc not do what it should? Setting resolver.defaults.igntc should be enough.

[matsduf]

@mattias-p, please set correct V-XXX and RC-XXX labels on it.

[matsduf]

Else it looks fine.

[matsduf]

After removal the profile will break, won't it? Maybe give longer time, v2026.2?

[tgreenx]

For this one I'm fine with either.

[tgreenx]

For this one I'm fine with either.

[tgreenx]

@mattias-p, please set correct V-XXX and RC-XXX labels on it.

@mattias-p @matsduf I've set RC-Deprecations and V-Patch (maybe V-Minor instead? I'm not sure).

[matsduf]

@mattias-p @matsduf I've set RC-Deprecations and V-Patch (maybe V-Minor instead? I'm not sure).

That looks correct. When the deprecated is removed it will be a breaking change, but not now. And no functionality is added.

[MichaelTimbert]

Tested on Rocky 8 and work fine.