Fail the build if it updates any of the files in the git repository
There are still some pregenerated files left in the git
repository (cleaned up during `make maintainer-clean`) and we currently
don't notice if any of those needs to be updated in the git repository
because we ignore changes in the repository done during the build.
This commit adds a safeguard that fails the build job if the contents of
the git repository gets modified during the build.
Fixup the manpages after ddns-confgen.rst -> tsig-keygen.rst rename
There were some missing bits in the other rst files and Makefile.am(s)
that didn't reflect the rename of the main document. Also add
ddns-confgen.8 manpage.
Ondřej Surý [Thu, 25 Jun 2020 15:48:34 +0000 (17:48 +0200)]
Update STALE and ANCIENT header attributes atomically
The ThreadSanitizer found a data race when updating the stale header.
Instead of trying to acquire the write lock and failing occasionally
which would skew the statistics, the dns_rdatasetheader_t.attributes
field has been promoted to use stdatomics. Updating the attributes in
the mark_header_ancient() and mark_header_stale() now uses the cmpxchg
to update the attributes forfeiting the need to hold the write lock on
the tree. Please note that mark_header_ancient() still needs to hold
the lock because .dirty is being updated in the same go.
Mark Andrews [Wed, 1 Jul 2020 07:06:28 +0000 (17:06 +1000)]
Make the stdatomic shim and mutexatomic type complete
The stdatomic shims for non-C11 compilers (Windows, old gcc, ...) and
mutexatomic implemented only and minimal subset of the atomic types.
This commit adds 16-bit operations for Windows and all atomic types as
defined in standard.
While the creation and publication times of the various keys
in this policy are nearly at the same time there is a chance that
one key is created a second later than the other.
The `set_keytimes_algorithm_policy` mistakenly set the keytimes
for KEY3 based of the "published" time from KEY2.
Evan Hunt [Tue, 30 Jun 2020 20:10:59 +0000 (13:10 -0700)]
further tidying of primary/secondary terminology in system tests
this changes most visble uses of master/slave terminology in tests.sh
and most uses of 'type master' or 'type slave' in named.conf files.
files in the checkconf test were not updated in order to confirm that
the old syntax still works. rpzrecurse was also left mostly unchanged
to avoid interference with DNSRPS.
Evan Hunt [Fri, 26 Jun 2020 04:59:56 +0000 (21:59 -0700)]
prevent "primaries" lists from having duplicate names
it is now an error to have two primaries lists with the same
name. this is true regardless of whether the "primaries" or
"masters" keywords were used to define them.
Don't destroy a non-closed socket, wait for all the callbacks.
We erroneously tried to destroy a socket after issuing
isc__nm_tcp{,dns}_close. Under some (race) circumstances we could get
nm_socket_cleanup to be called twice for the same socket, causing an
access to a dead memory.
Witold Kręcicki [Mon, 29 Jun 2020 06:43:54 +0000 (08:43 +0200)]
Fix possible race in isc__nm_tcpconnect.
There's a possibility of race in isc__nm_tcpconnect if the asynchronous
connect operation finishes with all the callbacks before we exit the
isc__nm_tcpconnect itself we might access an already freed memory.
Fix it by creating an additional reference to the socket freed at the
end of isc__nm_tcpconnect.
Witold Kręcicki [Thu, 21 May 2020 09:18:53 +0000 (11:18 +0200)]
Fix assertion failure during startup when the server is under load.
When we're coming back from recursion fetch_callback does not accept
DNS_R_NXDOMAIN as an rcode - query_gotanswer calls query_nxdomain in
which an assertion fails on qctx->is_zone. Yet, under some
circumstances, qname minimization will return an DNS_R_NXDOMAIN - when
root zone mirror is not yet loaded. The fix changes the DNS_R_NXDOMAIN
answer to DNS_R_SERVFAIL.
Diego Fronza [Mon, 25 May 2020 18:03:32 +0000 (15:03 -0300)]
Added test for the fix
This test ensures that named will correctly shutdown
when receiving multiple control connections after processing
of either "rncd stop" or "kill -SIGTERM" commands.
Before the fix, named was crashing due to a race condition happening
between two threads, one running shutdown logic in named/server.c
and other handling control logic in controlconf.c.
This test tries to reproduce the above scenario by issuing multiple
queries to a target named instance, issuing either rndc stop or kill
-SIGTERM command to the same named instance, then starting multiple rndc
status connections to ensure it is not crashing anymore.
Ondřej Surý [Tue, 23 Jun 2020 11:02:21 +0000 (13:02 +0200)]
Don't continue opening a new rndc connection if we are shutting down
Due to lack of synchronization, whenever named was being requested to
stop using rndc, controlconf.c module could be trying to access an already
released pointer through named_g_server->interfacemgr in a separate
thread.
The race could only be triggered if named was being shutdown and more
rndc connections were ocurring at the same time.
This fix correctly checks if the server is shutting down before opening
a new rndc connection.
Evan Hunt [Wed, 17 Jun 2020 19:09:10 +0000 (12:09 -0700)]
restore "blackhole" functionality
the blackhole ACL was accidentally disabled with respect to client
queries during the netmgr conversion.
in order to make this work for TCP, it was necessary to add a return
code to the accept callback functions passed to isc_nm_listentcp() and
isc_nm_listentcpdns().
Matthijs Mekking [Thu, 18 Jun 2020 15:07:52 +0000 (17:07 +0200)]
Output rndc dnssec -status
Implement the 'rndc dnssec -status' command that will output
some information about the key states, such as which policy is
used for the zone, what keys are in use, and when rollover is
scheduled.
Add loose testing in the kasp system test, the actual times are
already tested via key file inspection.
Matthijs Mekking [Wed, 17 Jun 2020 12:58:57 +0000 (14:58 +0200)]
Implement dummy 'rndc dnssec -status' command
Add the code and documentation required to provide DNSSEC signing
status through rndc. This does not yet show any useful information,
just provide the command that will output some dummy string.
Matthijs Mekking [Wed, 17 Jun 2020 12:00:09 +0000 (14:00 +0200)]
Move dst key printtime in separate function
I'd like to use the same functionality (pretty print the datetime
of keytime metadata) in the 'rndc dnssec -status' command. So it is
better that this logic is done in a separate function.
Since the stdtime.c code have differernt files for unix and win32,
I think the "#ifdef WIN32" define can be dropped.
Ondřej Surý [Mon, 29 Jun 2020 17:37:18 +0000 (19:37 +0200)]
Add missing rndc.conf header that was breaking manpages section
The rndc.conf main header was missing the header markup and that was
breaking the TOC for all manpages in the ARM because sphinx-build
incorrectly remembered the markup for subheader to be ~~~~ instead of
----.
Michał Kępień [Thu, 23 Apr 2020 10:32:35 +0000 (12:32 +0200)]
Fix build-time GSSAPI detection on Tumbleweed
The "krb5-devel" package on openSUSE Tumbleweed installs the
"krb5-config" binary into a custom prefix, which prevents BIND's
"configure" script from autodetecting it. Fix by specifying the path to
the "krb5-config" binary using --with-gssapi.
Michał Kępień [Mon, 29 Jun 2020 08:23:23 +0000 (10:23 +0200)]
Fix libdns CFLAGS
Since lib/dns/include/dns/view.h unconditionally defines dnstap-related
fields in struct dns_view (and includes <dns/dnstap.h>), care must be
taken to ensure that any source file which includes <dns/view.h> gets
built with a set of CFLAGS which allows <dns/dnstap.h> to be properly
processed (particularly its <fstrm.h> and <protobuf-c/protobuf-c.h>
conditional dependencies which are only included for dnstap-enabled
builds). Ensure that by making LIBDNS_CFLAGS include DNSTAP_CFLAGS when
building with dnstap support.
Michał Kępień [Mon, 29 Jun 2020 08:23:23 +0000 (10:23 +0200)]
Fix restoring CFLAGS and LIBS in AX_LIB_LMDB()
The AX_LIB_LMDB() macro attempts to test the potential LMDB installation
path provided to it by temporarily updating CFLAGS and LIBS, calling
AC_SEARCH_LIBS(), and then restoring CFLAGS and LIBS to their original
values. However, including certain statements (e.g. "break") in the
arguments provided to the AX_LIB_LMDB() macro may cause an early exit
from it, in which case CFLAGS and LIBS will be left polluted. Fix by
resetting CFLAGS and LIBS to their original values before executing the
commands provided as AX_LIB_LMDB() arguments.
projects / thirdparty / bind9.git / log
