Aydın Mercan [Wed, 11 Jun 2025 08:01:15 +0000 (08:01 +0000)]
new: dev: replace the build system with meson
This MR replaces the build system with meson.
Speed: Meson is noticeably faster to setup and build than automake/autoconf.
The improvements will likely add up in CI and development over time.
Readability: Readability is a subjective criteria but meson is generally regarded as easier to read compared to CMake and automake/autoconf.
Developer Ergonomics: Meson produces a compilation database, doesn't require libtool wrapping of executables/debuggers and offers JSON based build introspection.
WrapDB and downloading dependencies is a non-issue for us since it requires writing wrap files explicitly and has been disabled by default via the `wrap_mode=nofallback` project option as a measure.
Aydın Mercan [Tue, 16 Apr 2024 12:13:53 +0000 (15:13 +0300)]
replace the build system with meson
Meson is a modern build system that has seen a rise in adoption and some
version of it is available in almost every platform supported.
Compared to automake, meson has the following advantages:
* Meson provides a significant boost to the build and configuration time
by better exploiting parallelism.
* Meson is subjectively considered to be better in readability.
These merits alone justify experimenting with meson as a way of
improving development time and ergonomics. However, there are some
compromises to ensure the transition goes relatively smooth:
* The system tests currently rely on various files within the source
directory. Changing this requirement is a non-trivial task that can't
be currently justified. Currently the last compiled build directory
writes into the source tree which is in turn used by pytest.
* The minimum version supported has been fixed at 0.61. Increasing this
value will require choosing a baseline of distributions that can
package with meson. On the contrary, there will likely be an attempt
to decrease this value to ensure almost universal support for building
BIND 9 with meson.
Ondřej Surý [Wed, 4 Jun 2025 10:48:18 +0000 (10:48 +0000)]
fix: dev: Try to skip lock on fully lower names
If the name is fully lowercase, we don't need to access the case bitmap in order to set the case. Therefore, we can check for the FULLYLOWERCASE flag using only atomic operations, and skip a lock in the hot path, provided we clear the FULLYLOWERCASE flag before changing the case bitmap.
Merge branch 'alessio/skip-lock-on-fully-lower-names' into 'main'
Alessio Podda [Wed, 28 May 2025 12:33:04 +0000 (14:33 +0200)]
Try to skip lock on fully lower names
If the name is fully lowercase, we don't need to access the case bitmap
in order to set the case. Therefore, we can check for the FULLYLOWERCASE
flag using only atomic operations, and skip a lock in the hot path,
provided we clear the FULLYLOWERCASE flag before changing the case
bitmap.
Arаm Sаrgsyаn [Wed, 4 Jun 2025 10:22:38 +0000 (10:22 +0000)]
new: usr: Redesign the unreachable primaries cache
Previously, the cache for the unreachable primary servers was limited
to 10 entries (LRU) and a fixed 10 minutes delay for each entry, unless
removed forcibly by a new entry. The cache is now redesigned to remove the
10 entry limitation and to introduce delay values with exponential
backoff time - initially an unreachable primary server is cached as
being unreachable for 10 seconds, but each time the cache entry is expired
and the same server is added again during the eligibility period of the next
120 seconds, the delay time is doubled up until to the maximum of 640
seconds.
Closes #3992
Merge branch '3992-unreachable-cache-redesign' into 'main'
Aram Sargsyan [Tue, 18 Feb 2025 08:34:41 +0000 (08:34 +0000)]
Redesign the unreachable primaries cache
The cache for unreachable primaries was added to BIND 9 in 2006 via 1372e172d0e0b08996376b782a9041d1e3542489. It features a 10-slot LRU
array with 600 seconds (10 minutes) fixed delay. During this time, any
primary with a hiccup would be blocked for the whole block duration
(unless overwritten by a different entry).
As this design is not very flexible (i.e. the fixed delay and the fixed
amount of the slots), redesign it based on the badcache.c module, which
was implemented earlier for a similar mechanism.
The differences between the new code and the badcache module were large
enough to create a new module instead of trying to make the badcache
module universal, which could complicate the implementation.
The new design implements an exponential backoff for entries which are
added again soon after expiring, i.e. the next expiration happens in
double the amount of time of the previous expiration, but in no more
time than the defined maximum value.
The initial and the maximum expiration values are hard-coded, but, if
required, it should be trivial to implement configurable knobs.
A dns_view_t has a queryonacl property, which is supposed to hold the
ACL matching the configuration "allow-query-on". However the code
parsing this configuration ACL was missing (or removed by mistake?),
hence this property was always NULL. The ACL was still built but
individually for each zone (which checks if the property exists in the
zone definition, view definition, and finally options definition).
We now create the ACL instance at the view level, enabling zones to
share the same (identical) ACL instead of having their own copies.
Merge branch 'colin/view-allowqueryon' into 'main'
Colin Vidal [Tue, 3 Jun 2025 14:12:59 +0000 (16:12 +0200)]
initialize queryonacl dns_view_t property
A dns_view_t has a queryonacl property, which is supposed to hold the
ACL matching the configuration "allow-query-on". However the code
parsing this configuration ACL was missing (or removed by mistake?),
hence this property was always NULL. The ACL was still built but
individually for each zone (which checks if the property exists in the
zone definition, view definition, and finally options definition).
It now create the ACL instance at the view level, enabling zones to
share the same (identical) ACL instead of having their own copies.
Evan Hunt [Tue, 3 Jun 2025 19:45:06 +0000 (19:45 +0000)]
new: usr: Add support for zone templates
To simplify the configuration of multiple similar zones, BIND now supports a zone template mechanism. `template` blocks containing zone options can be defined at the top level of the configuration file; they can then be referenced in `zone` statements. A zone referencing a template will use the options in the specified `template` block as defaults. (Options locally defined in the `zone` statement override the template.)
The filename for a zone can now be generated parametrically from a format specified in the `file` option. The first occurrences of `$name`, `$type` and `$view` in `file` are replaced with the zone origin, the zone type (i.e., primary, secondary, etc), and the view name, respectively.
Primary zones can now take an `initial-file` option, specifying the path to a generic zone file that will be copied into the zone's `file` path when the zone is first loaded, if the `file` does not already exist.
For example, the following template can be used for primary zones:
```
template primary {
type primary;
file "$name.db";
initial-file "generic.db";
};
```
With this template in place, a new primary zone could be added using a single `rndc addzone` command:
A "template" statement can contain the same configuration clauses
as a "zone" statement. A "zone" statement can now reference a
template, and all the clauses in that template will be used as
default values for the zone. For example:
template primary {
type primary;
file "$name.db";
initial-file "primary.db";
};
zone example.com {
template primary;
file "different-name.db"; // overrides the template
};
Special tokens can now be specified in a zone "file" option
in order to generate the filename parametrically. The first
instead of "$name" in the "file" option is replaced with the
zone origin, the first instance of "$type" is replaced with the
zone type (i.e., primary, secondary, etc), and the first instance
of "$view" is replaced with the view name..
This simplifies the creation of zones using initial-file templates.
For example:
When loading a primary zone for the first time, if the zonefile
does not exist but an "initial-file" option has been set, then a
new file will be copied into place from the path specified by
"initial-file".
This can be used to simplify the process of adding new zones. For
instance, a template zonefile could be used by running:
Evan Hunt [Tue, 3 Jun 2025 19:01:19 +0000 (19:01 +0000)]
fix: dev: Call zone syntax checks when running rndc addzone/modzone
The function that checks zone syntax in libisccfg was previously
only called when loading `named.conf`, not when parsing an an
`rndc addzone` or `rndc modzone` command. This has been corrected.
Evan Hunt [Sat, 31 May 2025 06:11:14 +0000 (23:11 -0700)]
normalize syntax checks between named and libisccfg
there were some duplicated syntax checks in named_zone_configure()
that are no longer needed, now that we perform those same checks
using isccfg_check_zoneconf().
there were also some syntax checks that were *only* in
named_zone_configure(), which have now been moved to
isccfg_check_zoneconf(). test cases for them have been
added to the checkconf system test.
Evan Hunt [Fri, 30 May 2025 00:27:12 +0000 (17:27 -0700)]
call zone syntax checks when running rndc addzone/modzone
the function that checks zone syntax in libisccfg was previously
only called when loading named.conf, not when parsing an an
"rndc addzone" or "rndc modzone" command. this has been corrected.
note that some checks are still skipped: those that check for
duplication of filenames, key directories, etc. to fix this, we'd need
to export the symbol tables that are set up when loading named.conf and
preserve them so they could be reused later.
Since 70b1777d8aef75da1b184fe8155dc818ce66628a was commited the OSS-Fuzz
build was broken because the `chunk_get_raw()` was not updated in the
`FUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION`-enabled area. Add the `size`
argument to the fuzzing version of the `chunk_get_raw()` function.
Evan Hunt [Thu, 29 May 2025 17:55:25 +0000 (10:55 -0700)]
Prevent .hypothesis artifacts in system test directories
The "run.sh" script, used by "make test", changes the working
directory to the system test directory before executing pytest.
If the test drops hypothesis artifacts while running, this
can cause spurious test failures due to an apparent mismatch
between the contents of the system test directory and the
temporary pytest directory. This has been addressed by having
"run.sh" call pytest from the parent directory instead.
Mark Andrews [Tue, 3 Jun 2025 02:27:03 +0000 (02:27 +0000)]
fix: nil: Extend named-rrchecker multi-line parsing support
named-rrchecker now parses the braces which support multi-line input
from the beginning of the input rather than only when reading the
data fields of the record.
Closes #5336
Merge branch '5336-extend-named-rrchecker-multiline-support' into 'main'
Mark Andrews [Fri, 30 May 2025 03:03:16 +0000 (13:03 +1000)]
Extend named-rrchecker multi-line parsing support
named-rrchecker now parses the braces which support multi-line input
from the beginning of the input rather than only when reading the
data fields of the record.
Mark Andrews [Mon, 2 Jun 2025 23:40:43 +0000 (23:40 +0000)]
fix: nil: Silence potential divide by zero warning in qpmulti.c
Coverity flagged a potential divide by zero error in collect in
qpmulti.c when the elapsed time is zero but that is only called
once the elapsed time is greater than or equal to RUNTIME (1/4
second) so INSIST this is the case.
Closes #5329
Merge branch '5329-potential-divide-by-zero-in-qpmulti-c' into 'main'
Mark Andrews [Fri, 30 May 2025 00:51:21 +0000 (10:51 +1000)]
Silence potential divide by zero warning in qpmulti.c
Coverity flagged a potential divide by zero error in collect in
qpmulti.c when the elapsed time is zero but that is only called
once the elapsed time is greater than or equal to RUNTIME (1/4
second) so INSIST this is the case.
Petr Špaček [Mon, 2 Jun 2025 09:59:23 +0000 (11:59 +0200)]
Fix link to TXT RRtype specification
The odd-looking "\ " escape is required to italicize <character-string>
without italicizing the final "s". See reStructuredText Markup
Specification, sections "Inline markup recognition rules" and "Escaping
Mechanism". Most importantly:
Escaped whitespace characters are removed from the output document
together with the escaping backslash. This allows for character-level
inline markup.
Petr Špaček [Wed, 28 May 2025 13:46:14 +0000 (15:46 +0200)]
Run CI danger job even if user canceled it while it was running
Limitation: The after_script is not executed if the job did not start at
all, i.e. if the user canceled the job before it got onto a runner.
See https://gitlab.com/groups/gitlab-org/-/epics/10158
Nicki Křížek [Mon, 26 May 2025 15:10:15 +0000 (17:10 +0200)]
Add dynamic update facility to NamedInstance
Deduplicate the code for dynamic updates and increase code clarity by
using an actual dns.update.UpdateMessage rather than an undefined
intermediary format passed around as a list of arguments.
Matthijs Mekking [Wed, 19 Mar 2025 09:10:13 +0000 (10:10 +0100)]
Convert csk rollover test cases to pytest
Move the 'csk-roll1' and 'csk-roll2' zones to the rollover test dir and
convert CSK rollover tests to pytest.
The DS swap spans multiple steps. Only the first time we should check
if the "CDS is now published" log is there, and only the first time we
should run 'rndc dnssec -checkds' on the keys. Add a new key to the
step dictionary to disable the DS swap checks.
This made me realize that we need to check for "is not None" in case
the value in the dictionary is False. Update check_rollover_step()
accordingly, and also add a log message which step/zone we are currently
checking.
Matthijs Mekking [Tue, 18 Mar 2025 13:20:54 +0000 (14:20 +0100)]
Convert ksk rollover test case to pytest
Move the 'ksk-doubleksk' zones to the rollover test dir and convert KSK
rollover test to pytest.
Since the 'ksk-doubleksk' policy publishes different CDNSKEY/CDS RRsets,
update the 'check_rollover_step' to check which CDNSKEY/CDS RRsets should
be published and which should be prohibited. Update 'isctest.kasp'
accordingly.
We are changing the ZSK lifetime to unlimited in this test case as it
is of no importance (this actually discovered a bug in setting the
next time the keymgr should run).
Matthijs Mekking [Tue, 18 Mar 2025 11:18:34 +0000 (12:18 +0100)]
Convert zsk rollover test case to pytest
Move the 'zsk-prepub' zones to the rollover test dir and convert ZSK
rollover test to pytest.
We need a way to signal a smooth rollover is going on. Signatures are
being replaced gradually during a ZSK rollover, so the existing
signatures of the predecessor ZSK are still being used. Add a smooth
operator to set the right expectations on what signatures are being
used.
Setting expected key relationships is a bit crude: a list of two
elements where the first element is the index of the expected keys that
is the predecessor, and the second element is the index of the expected
keys that is the successor.
We are changing the KSK lifetime to unlimited in this test case as it
is of no importance.
Matthijs Mekking [Tue, 18 Mar 2025 09:34:53 +0000 (10:34 +0100)]
Convert enable dnssec test case to pytest
Move the 'enable-dnssec' to the rollover test dir and convert to pytest.
This requires new test functionality to check that "CDS is published"
messages are logged (or prohibited).
The setup part is slightly adapted such that it no longer needs to
set the '-P sync' value in most cases (this is then set by 'named'),
and to adjust for the inappropriate safety intervals fix.
Matthijs Mekking [Tue, 18 Mar 2025 07:41:02 +0000 (08:41 +0100)]
Convert kasp multi-signer tests to pytest
Move the multi-signer test scenarios to the rollover directory and
convert tests to pytest.
- If the KeyProperties set the "legacy" to True, don't set expected
key times, nor check them. Also, when a matching key is found, set
key.external to True.
- External keys don't show up in the 'rndc dnssec -status' output so
skip them in the 'check_dnssecstatus' function. External keys never
sign RRsets, so also skip those keys in the '_check_signatures'
function.
- Key properties strings now can set expected key tag ranges, and if
KeyProperties have tag ranges set, they are checked.
Matthijs Mekking [Fri, 28 Feb 2025 14:52:20 +0000 (15:52 +0100)]
Move rollover test cases to separate test dir
In order to keep the kasp system test somewhat approachable, let's
move all rollover scenarios to its own test directory. Starting with
the manual rollover test cases.
A new test function is added to 'isctest.kasp', to verify that the
relationship metadata (Predecessor, Successor) is set correctly.
The configuration and setup for the zone 'manual-rollover.kasp' are
almost copied verbatim, the only exception is the keytimes. Similar
to the test kasp cases, we no longer set "SyncPublish/PublishCDS" in
the setup script. In addition to that, the offset is changed from one
day ago to one week ago, so that the key states match the timing
metadata (one day is too short to move a key from "hidden" to
"omnipresent").
Michal Nowak [Mon, 2 Jun 2025 09:01:09 +0000 (09:01 +0000)]
fix: dev: Allow commandline.c to compile on Solaris
commandline.c failed to compile on Solaris because NAME_MAX was
undefined. Include 'isc/dir.h' which defines NAME_MAX for platforms
that don't define it.
In file included from commandline.c:54:
./include/isc/commandline.h:31:38: error: 'NAME_MAX' undeclared here (not in a function)
31 | extern char isc_commandline_progname[NAME_MAX];
| ^~~~~~~~
Merge branch 'mnowak/fix-solaris-commandline-h' into 'main'
Michal Nowak [Fri, 30 May 2025 08:22:48 +0000 (10:22 +0200)]
Allow commandline.c to compile on Solaris
commandline.c failed to compile on Solaris because NAME_MAX was
undefined. Include 'isc/dir.h' which defines NAME_MAX for platforms
that don't define it.
In file included from commandline.c:54:
./include/isc/commandline.h:31:38: error: 'NAME_MAX' undeclared here (not in a function)
31 | extern char isc_commandline_progname[NAME_MAX];
| ^~~~~~~~
Michał Kępień [Fri, 30 May 2025 17:37:53 +0000 (17:37 +0000)]
chg: test: Use isctest.asyncserver in the "chain" test
Replace the custom DNS servers used in the "chain" system test with
new code based on the isctest.asyncserver module.
For ans3, replace the sequence of logical conditions present in Perl
code with zone files and a limited amount of custom logic applied on top
of them where necessary.
For ans4, replace the ctl_channel() and create_response() functions with
a custom control command handler coupled with a dynamically instantiated
response handler, making the code more robust and readable.
Migrate sendcmd() and its uses to the new way of sending control queries
to custom servers used in system tests.
Depends on !10409
Merge branch 'michal/chain-asyncserver' into 'main'
Michał Kępień [Fri, 30 May 2025 16:23:21 +0000 (18:23 +0200)]
Use isctest.asyncserver in the "chain" test
Replace the custom DNS servers used in the "chain" system test with
new code based on the isctest.asyncserver module.
For ans3, replace the sequence of logical conditions present in Perl
code with zone files and a limited amount of custom logic applied on top
of them where necessary.
For ans4, replace the ctl_channel() and create_response() functions with
a custom control command handler coupled with a dynamically instantiated
response handler, making the code more robust and readable.
Migrate sendcmd() and its uses to the new way of sending control queries
to custom servers used in system tests.
Michał Kępień [Fri, 30 May 2025 16:23:21 +0000 (18:23 +0200)]
Improve readability of sendcmd() calls
To improve readability of sendcmd() calls used for controlling
isctest.asyncserver-based custom DNS servers, pass the command's name
and arguments as separate parameters.
Michał Kępień [Fri, 30 May 2025 16:18:07 +0000 (16:18 +0000)]
new: test: Handle alias records in zone files loaded by AsyncDnsServer
dnspython does not treat CNAME records in zone files in any special way;
they are just RRsets belonging to zone nodes. Process CNAMEs when
preparing zone-based responses just like a normal authoritative DNS
server would.
Adding proper DNAME support to AsyncDnsServer would add complexity to
its code for little gain: DNAME use in custom system test servers is
limited to crafting responses that attempt to trigger bugs in named.
This fact will not be obvious to AsyncDnsServer users as it
automatically loads all zone files it finds and handles CNAME records
like a normal authoritative DNS server would.
Therefore, to prevent surprises:
- raise an exception whenever DNAME records are found in any of the
zone files loaded by AsyncDnsServer,
- add a new optional argument to the AsyncDnsServer constructor that
enables suppressing this new behavior, enabling zones with DNAME
records to be loaded anyway.
This enables response handlers to use the DNAME records present in zone
files in arbitrary ways without complicating the "base" code.
Merge branch 'michal/asyncserver-alias-records' into 'main'
Michał Kępień [Fri, 30 May 2025 16:08:54 +0000 (18:08 +0200)]
Force manual DNAME handling to be acknowledged
Adding proper DNAME support to AsyncDnsServer would add complexity to
its code for little gain: DNAME use in custom system test servers is
limited to crafting responses that attempt to trigger bugs in named.
This fact will not be obvious to AsyncDnsServer users as it
automatically loads all zone files it finds and handles CNAME records
like a normal authoritative DNS server would.
Therefore, to prevent surprises:
- raise an exception whenever DNAME records are found in any of the
zone files loaded by AsyncDnsServer,
- add a new optional argument to the AsyncDnsServer constructor that
enables suppressing this new behavior, enabling zones with DNAME
records to be loaded anyway.
This enables response handlers to use the DNAME records present in zone
files in arbitrary ways without complicating the "base" code.
Michał Kępień [Fri, 30 May 2025 16:08:54 +0000 (18:08 +0200)]
Drop unused AsyncDnsServer constructor argument
The constructor for the AsyncDnsServer class takes a 'load_zones'
argument that is not used anywhere and is not expected to be useful in
the future: zone files are not required for an AsyncDnsServer instance
to start and, if necessary, zone-based answers can be suppressed or
modified by installing a custom response handler.
Michał Kępień [Fri, 30 May 2025 16:08:54 +0000 (18:08 +0200)]
Properly handle CNAMEs when preparing responses
dnspython does not treat CNAME records in zone files in any special way;
they are just RRsets belonging to zone nodes. Process CNAMEs when
preparing zone-based responses just like a normal authoritative DNS
server would.
Nicki Křížek [Thu, 29 May 2025 12:34:15 +0000 (12:34 +0000)]
fix: test: Fix intermittent kasp pytest failures
The `pytest` cases checks if a zone is signed by looking at the `NSEC` record at the apex. If that has an RRSIG record, it is considered signed. But `named` signs zones incrementally (in batches) and so the zone may still lack some signatures. In other words, the tests may consider a zone signed while in fact signing is not yet complete, then performs additional checks such as is a subdomain signed with the right key. If this check happens before the zone is actually fully
signed, the check will fail.
Fix this by using `check_dnssec_verify` instead of `check_is_zone_signed`. We were already doing this check, but we now move it up. This will transfer the zone and then run `dnssec-verify` on the response. If the zone is partially signed, the check will fail, and it will retry for up to ten times.
Closes #5303
Merge branch '5303-kasp-pytest-intermittent-test-failures' into 'main'
The pytest cases checks if a zone is signed by looking at the NSEC
record at the apex. If that has an RRSIG record, it is considered
signed. But 'named' signs zones incrementally (in batches) and so
the zone may still lack some signatures. In other words, the tests
may consider a zone signed while in fact signing is not yet complete,
then performs additional checks such as is a subdomain signed with the
right key. If this check happens before the zone is actually fully
signed, the check will fail.
Fix this by using 'check_dnssec_verify' instead of
'check_is_zone_signed'. We were already doing this check, but we now
move it up. This will transfer the zone and then run 'dnssec-verify'
on the response. If the zone is partially signed, the check will fail,
and it will retry for up to ten times.
Nicki Křížek [Thu, 29 May 2025 09:04:04 +0000 (09:04 +0000)]
chg: test: Add utility module to import correct version of hypothesis
On FIPS-enabled platforms, we need to ensure a minimal version of
hypothesis which no longer uses MD5. This doesn't need to be enforced
for other platforms.
Move the import magic to a utility module to avoid copy-pasting the
boilerplate code around.
Merge branch 'nicki/pytest-import-hypothesis' into 'main'
Nicki Křížek [Mon, 5 May 2025 16:00:07 +0000 (18:00 +0200)]
Ensure supported version of hypothesis is available
On FIPS-enabled platforms, we need to ensure a minimal version of
hypothesis which no longer uses MD5. This doesn't need to be enforced
for other platforms.
Move the import magic to a utility module to avoid copy-pasting the
boilerplate code around.
Mark Andrews [Thu, 29 May 2025 06:59:00 +0000 (06:59 +0000)]
fix: nil: silence tainted scalar in client.c
Coverity detected that 'optlen' was not being checked in 'process_opt'.
This is actually already done when the OPT record was initially
parsed. Add an INSIST to silence Coverity as is done in message.c.
Closes #5330
Merge branch '5330-tainted-scalar-in-client-c' into 'main'
Mark Andrews [Wed, 28 May 2025 23:42:08 +0000 (09:42 +1000)]
Silence tainted scalar in client.c
Coverity detected that 'optlen' was not being checked in 'process_opt'.
This is actually already done when the OPT record was initially
parsed. Add an INSIST to silence Coverity as is done in message.c.
Ondřej Surý [Thu, 29 May 2025 04:24:26 +0000 (04:24 +0000)]
chg: dev: Unify handling of the program name in all the utilities
There were several methods how we used 'argv[0]'. Some programs had a
static value, some programs did use isc_file_progname(), some programs
stripped 'lt-' from the beginning of the name. And some used argv[0]
directly.
Unify the handling and all the variables into isc_commandline_progname
that gets populated by the new isc_commandline_init(argc, argv) call.
Merge branch 'ondrej/unify-handling-of-the-program-name' into 'main'
Ondřej Surý [Wed, 28 May 2025 20:43:38 +0000 (22:43 +0200)]
Unify handling of the program name in all the utilities
There were several methods how we used 'argv[0]'. Some programs had a
static value, some programs did use isc_file_progname(), some programs
stripped 'lt-' from the beginning of the name. And some used argv[0]
directly.
Unify the handling and all the variables into isc_commandline_progname
that gets populated by the new isc_commandline_init(argc, argv) call.
Ondřej Surý [Thu, 29 May 2025 03:50:44 +0000 (03:50 +0000)]
chg: dev: Set name for all the isc_mem context from isc_mem_create()
Instead of giving the memory context names with an explicit call to
isc_mem_setname(), add the name to isc_mem_create() call to have all the
memory contexts an unconditional name.
Merge branch 'ondrej/ondrej-isc_mem_create-with-name' into 'main'
Ondřej Surý [Wed, 28 May 2025 21:00:24 +0000 (23:00 +0200)]
Give every memory pool a name
Instead of giving the memory pools names with an explicit call to
isc_mempool_setname(), add the name to isc_mempool_create() call to have
all the memory pools an unconditional name.
Ondřej Surý [Fri, 21 Feb 2025 11:45:08 +0000 (12:45 +0100)]
Give every memory context a name
Instead of giving the memory context names with an explicit call to
isc_mem_setname(), add the name to isc_mem_create() call to have all the
memory contexts an unconditional name.
Colin Vidal [Wed, 28 May 2025 20:55:52 +0000 (22:55 +0200)]
coccinelle patch for isc_mem_free()/isc_mem_put()
add a Coccinelle patch to ensure the pointer being used by
isc_mem_free() and isc_mem_put() is not explicitly set to NULL (those
mecros are taking care of it).
The memory context for isc_managers and dst_api units had no name and
that was causing trouble with the statistics channel output. Set the
name for the two memory context that were missing a proper name.
Ondřej Surý [Wed, 28 May 2025 17:48:57 +0000 (17:48 +0000)]
fix: usr: Fix zone deletion issue
A secondary zone could initiate a new zone transfer from the
primary server after it had been already deleted from the
secondary server, and before the internal garbage collection
was activated to clean it up completely. This has been fixed.
Aram Sargsyan [Mon, 12 May 2025 13:58:38 +0000 (13:58 +0000)]
Prepare a zone for shutting down when deleting it from a view
After b171cacf4f0123ba96bef6eedfc92dfb608db6b7, a zone object can
remain in the memory for a while, until garbage collection is run.
Setting the DNS_ZONEFLG_EXITING flag should prevent the zone
maintenance function from running while it's in that state.
Otherwise, a secondary zone could initiate a zone transfer after
it had been deleted.
Ondřej Surý [Wed, 28 May 2025 16:51:33 +0000 (16:51 +0000)]
fix: usr: Fix a zone refresh bug
A secondary zone could fail to further refresh with new
versions of the zone from a primary server if named was
reconfigured during the SOA request step of an ongoing
zone transfer. This has been fixed.
Closes #5307
Merge branch '5307-zone-refresh-stuck-after-reconfiguration-fix' into 'main'
Aram Sargsyan [Wed, 21 May 2025 15:27:53 +0000 (15:27 +0000)]
Emit a ISC_R_CANCELED result instead of ISC_R_SHUTTINGDOWN
When request manager shuts down, it also shuts down all its ongoing
requests. Currently it calls their callback functions with a
ISC_R_SHUTTINGDOWN result code for the request. Since a request
manager can shutdown not only during named shutdown but also during
named reconfiguration, instead of sending ISC_R_SHUTTINGDOWN result
code send a ISC_R_CANCELED code to avoid confusion and errors with
the expectation that a ISC_R_SHUTTINGDOWN result code can only be
received during actual shutdown of named.
All the callback functions which are passed to either the
dns_request_create() or the dns_request_createraw() functions have
been analyzed to confirm that they can process both the
ISC_R_SHUTTINGDOWN and ISC_R_CANCELED result codes. Changes were
made where it was necessary.
Aram Sargsyan [Wed, 21 May 2025 14:44:50 +0000 (14:44 +0000)]
Fix a zone refresh bug in zone.c:refresh_callback()
When the zone.c:refresh_callback() callback function is called during
a SOA request before a zone transfer, it can receive a
ISC_R_SHUTTINGDOWN result for the sent request when named is shutting
down, and in that case it just destroys the request and finishes the
ongoing transfer, without clearing the DNS_ZONEFLG_REFRESH flag of the
zone. This is alright when named is going to shutdown, but currently
the callback can get a ISC_R_SHUTTINGDOWN result also when named is
reconfigured during the ongoibg SOA request. In that case, leaving the
DNS_ZONEFLG_REFRESH flag set results in the zone never being able
to refresh again, because any new attempts will be caneled while
the flag is set. Clear the DNS_ZONEFLG_REFRESH flag on the 'exiting'
error path of the callback function.
Colin Vidal [Wed, 28 May 2025 15:44:21 +0000 (15:44 +0000)]
fix: test: enable shell-based rndc system tests
Enable existing rndc system tests (the python test function calling the
shell file was missing). Also update the extra artifacts list to remove
one generated file which was left behind.
Colin Vidal [Wed, 28 May 2025 13:15:56 +0000 (15:15 +0200)]
enable shell-based rndc system tests
Enable existing rndc system tests (the python test function calling the
shell file was missing). Also update the extra artifacts list to remove
one generated file which was left behind.
projects / thirdparty / bind9.git / log
