]> git.ipfire.org Git - thirdparty/bind9.git/log
thirdparty/bind9.git
3 years agoadd a regression test for duplicate NS output
Evan Hunt [Mon, 24 Apr 2023 11:34:50 +0000 (12:34 +0100)] 
add a regression test for duplicate NS output

check that an NS RRset with two servers is only printed once.

3 years agoprevent duplicate output from delv +ns
Evan Hunt [Mon, 17 Apr 2023 21:49:55 +0000 (14:49 -0700)] 
prevent duplicate output from delv +ns

when printing the result of a query, delv +ns repeated the
answer RRset as many times as there were records in the RRset;
this has been fixed by suppressing the printing of records with
the same name and type as the preceding one.

3 years agoMerge branch '4043-fix-mul-check' into 'main'
Ondřej Surý [Tue, 2 May 2023 13:49:07 +0000 (13:49 +0000)] 
Merge branch '4043-fix-mul-check' into 'main'

configure: Fix __builtin_mul_overflow() compiler support check

Closes #4043

See merge request isc-projects/bind9!7877

3 years agoconfigure: Fix __builtin_mul_overflow() compiler support check
Arjun Shankar [Tue, 2 May 2023 11:58:18 +0000 (13:58 +0200)] 
configure: Fix __builtin_mul_overflow() compiler support check

`UINT64_C(UINT64_MAX)' is redundant and leads to a compilation error
since UINT64_C involves token concatenation, causing the check to fail.

This change fixes that by using UINT64_MAX directly, and including the
appropriate header.

Signed-off-by: Arjun Shankar <arjun@redhat.com>
3 years agoMerge branch 'pspacek/post-release-tweaks' into 'main'
Petr Špaček [Tue, 2 May 2023 13:36:12 +0000 (13:36 +0000)] 
Merge branch 'pspacek/post-release-tweaks' into 'main'

Post release tweaks

See merge request isc-projects/bind9!7840

3 years agoSynchronize Sphinx package version on ReadTheDocs with our CI
Petr Špaček [Thu, 20 Apr 2023 13:54:41 +0000 (15:54 +0200)] 
Synchronize Sphinx package version on ReadTheDocs with our CI

Related: isc-projects/images!235

3 years agoRecommend -S edition rebase before starting out with release
Petr Špaček [Fri, 14 Apr 2023 15:42:38 +0000 (17:42 +0200)] 
Recommend -S edition rebase before starting out with release

3 years agoProvide examples and links for steps in release checklist
Petr Špaček [Fri, 14 Apr 2023 10:19:24 +0000 (12:19 +0200)] 
Provide examples and links for steps in release checklist

3 years agoUpdate release comparison scripts with liburcu and new Sphinx
Petr Špaček [Fri, 14 Apr 2023 09:41:15 +0000 (11:41 +0200)] 
Update release comparison scripts with liburcu and new Sphinx

3 years agoMerge branch 'mnowak/pairwise-fix-typo-in-with-liburcu-definition' into 'main'
Ondřej Surý [Fri, 28 Apr 2023 10:12:38 +0000 (10:12 +0000)] 
Merge branch 'mnowak/pairwise-fix-typo-in-with-liburcu-definition' into 'main'

Fix the typo in --with-liburcu=mb pairwise definition

See merge request isc-projects/bind9!7875

3 years agoFix the typo in --with-liburcu=mb pairwise definition
Michal Nowak [Fri, 28 Apr 2023 07:35:33 +0000 (09:35 +0200)] 
Fix the typo in --with-liburcu=mb pairwise definition

It was "ucru," but it should be "urcu". The pairwise CI job fails as a
result with:

    configure: error: unrecognized options: --with-libucru

3 years agoMerge branch 'each-fix-mutex-test' into 'main'
Ondřej Surý [Fri, 28 Apr 2023 05:06:44 +0000 (05:06 +0000)] 
Merge branch 'each-fix-mutex-test' into 'main'

fix commit error in mutex_test

See merge request isc-projects/bind9!7874

3 years agofix commit error in mutex_test
Evan Hunt [Fri, 28 Apr 2023 01:37:29 +0000 (02:37 +0100)] 
fix commit error in mutex_test

when the branch implementing mutex_test was rebased and merged,
a rebasing error was missed: the isc_threadresult and isc_threadarg
types no longer exist.

3 years agoMerge branch 'ondrej/add-isc_mutex-unit-test' into 'main'
Ondřej Surý [Thu, 27 Apr 2023 11:17:30 +0000 (11:17 +0000)] 
Merge branch 'ondrej/add-isc_mutex-unit-test' into 'main'

Add mutex unit test

See merge request isc-projects/bind9!7858

3 years agoAdd mutex unit test
Ondřej Surý [Thu, 30 Mar 2023 07:18:29 +0000 (09:18 +0200)] 
Add mutex unit test

Add simple mutex unit test and mutex benchmark.  The benchmark compares
the pthread mutext with isc mutex implementation, so it's mainly useful
when developing a new isc mutex implementation.

3 years agoMerge branch 'ondrej-urcu-fixes' into 'main'
Ondřej Surý [Thu, 27 Apr 2023 10:39:51 +0000 (10:39 +0000)] 
Merge branch 'ondrej-urcu-fixes' into 'main'

Improve the Userspace RCU integration

See merge request isc-projects/bind9!7752

3 years agoPrint out the Userspace-RCU flavor and version
Ondřej Surý [Mon, 24 Apr 2023 11:32:34 +0000 (13:32 +0200)] 
Print out the Userspace-RCU flavor and version

The `named -V` now prints out the liburcu flavor used and the
compile-time version.

3 years agoMove per-thread RCU setup into isc_thread
Tony Finch [Fri, 31 Mar 2023 19:42:47 +0000 (20:42 +0100)] 
Move per-thread RCU setup into isc_thread

All the per-loop `libuv` setup remains in `isc_loop`, but the per-thread
RCU setup is moved to `isc_thread` alongside the other per-thread setup.
This avoids repeating the per-thread setup for `call_rcu()` helpers,
and explains a little better why some parts of the per-thread setup
is missing for `call_rcu()` helpers.

This also removes the per-loop `call_rcu()` helpers as we refactored the
isc__random_initialize() in the previous commit.

3 years agoMove the isc_random API initialization to the thread_local variable
Ondřej Surý [Tue, 25 Apr 2023 06:53:57 +0000 (08:53 +0200)] 
Move the isc_random API initialization to the thread_local variable

Instead of writing complicated wrappers for every thread, move the
initialization back to isc_random unit and check whether the random seed
was initialized with a thread_local variable.

Ensure that isc_entropy_get() returns a non-zero seed.

This avoids problems with thread sanitizer tests getting stuck in an
infinite loop.

3 years agoSimplify isc_thread a little
Tony Finch [Tue, 4 Apr 2023 16:40:39 +0000 (17:40 +0100)] 
Simplify isc_thread a little

Remove the `isc_threadarg_t` and `isc_threadresult_t`
typedefs which were unhelpful disguises for `void *`,
and free the dummy jemalloc allocation sooner.

3 years agoAvoid spurious compilation failures in liburcu headers
Tony Finch [Fri, 31 Mar 2023 19:39:40 +0000 (20:39 +0100)] 
Avoid spurious compilation failures in liburcu headers

When liburcu is not installed from a system package, its headers are
not treated as system headers by the compiler, so BIND's -Werror and
other warning options take effect. The liburcu headers have a lot
of inline functions, some of which do not use all their arguments,
which BIND's build treats as an error.

3 years agoImprove the Userspace RCU integration
Ondřej Surý [Thu, 30 Mar 2023 15:04:22 +0000 (17:04 +0200)] 
Improve the Userspace RCU integration

This commit allows BIND 9 to be compiled with different flavours of
Userspace RCU, and improves the integration between Userspace RCU and
our event loop:

- In the RCU QSBR, the thread is put offline when polling and online
  when rcu_dereference, rcu_assign_pointer (or friends) are called.

- In other RCU modes, we check that we are not reading when reaching the
  quiescent callback in the event loop.

- We register the thread before uv_work_run() callback is called and
  after it has finished.  The rcu_(un)register_thread() has a large
  overhead, but that's fine in this case.

3 years agoMerge branch '4018-use-server-socket-to-log-accept-failures' into 'main'
Ondřej Surý [Thu, 27 Apr 2023 10:12:22 +0000 (10:12 +0000)] 
Merge branch '4018-use-server-socket-to-log-accept-failures' into 'main'

Use server socket to log TCP accept failures

Closes #4018

See merge request isc-projects/bind9!7851

3 years agoAdd CHANGES note for [GL #4018]
Ondřej Surý [Tue, 18 Apr 2023 12:38:08 +0000 (14:38 +0200)] 
Add CHANGES note for [GL #4018]

3 years agoUse server socket to log TCP accept failures
Ondřej Surý [Tue, 18 Apr 2023 12:35:34 +0000 (14:35 +0200)] 
Use server socket to log TCP accept failures

The accept_connection() could detach from the child socket on a failure,
so we need to keep and use the server socket for logging the accept
failures.

3 years agoMerge branch '4030-fix-UAF-in-isc_httpd' into 'main'
Ondřej Surý [Tue, 25 Apr 2023 06:18:02 +0000 (06:18 +0000)] 
Merge branch '4030-fix-UAF-in-isc_httpd' into 'main'

Fix potential UAF when shutting down isc_httpd

Closes #4030

See merge request isc-projects/bind9!7865

3 years agoAdd CHANGES note for [GL #4031]
Ondřej Surý [Mon, 24 Apr 2023 10:48:46 +0000 (12:48 +0200)] 
Add CHANGES note for [GL #4031]

3 years agoFix potential UAF when shutting down isc_httpd
Ondřej Surý [Mon, 24 Apr 2023 10:45:54 +0000 (12:45 +0200)] 
Fix potential UAF when shutting down isc_httpd

Use the ISC_LIST_FOREACH_SAFE() macro to safely walk the running https
and shut them down in a manner safe from deletion.

3 years agoAdd ISC_LIST_FOREACH(_SAFE) macros
Ondřej Surý [Mon, 24 Apr 2023 10:40:33 +0000 (12:40 +0200)] 
Add ISC_LIST_FOREACH(_SAFE) macros

There's a recurring pattern walking the ISC_LISTs that just repeats over
and over.  Add two macros:

 * ISC_LIST_FOREACH(list, elt, link) - walk the static list
 * ISC_LIST_FOREACH_SAFE(list, elt, link, next) - walk the list in
   a manner that's safe against list member deletions

3 years agoMerge branch '4027-nsec3-of-removed-empty-non-terminal-remains-in-chain-breaking...
Mark Andrews [Tue, 25 Apr 2023 05:44:08 +0000 (05:44 +0000)] 
Merge branch '4027-nsec3-of-removed-empty-non-terminal-remains-in-chain-breaking-validation-tools' into 'main'

Resolve "NSEC3 of removed empty-non-terminal remains in chain, breaking validation tools"

Closes #4027

See merge request isc-projects/bind9!7857

3 years agoAdd CHANGES note for [GL #4027]
Mark Andrews [Fri, 21 Apr 2023 04:03:03 +0000 (14:03 +1000)] 
Add CHANGES note for [GL #4027]

3 years agoCheck removal of ENT when subdomains are removed
Mark Andrews [Fri, 21 Apr 2023 03:49:32 +0000 (13:49 +1000)] 
Check removal of ENT when subdomains are removed

Empty-non-terminal NSEC records where not always removed when the
delegations generating them where removed via update. Check that
they now are.

3 years agoCleanup orphaned empty-non-terminal NSEC3
Mark Andrews [Fri, 21 Apr 2023 02:11:15 +0000 (12:11 +1000)] 
Cleanup orphaned empty-non-terminal NSEC3

When OPTOUT was in use we didn't ensure that NSEC3 records
for orphaned empty-non-terminals where removed.  Check if
there are orphaned empty-non-terminal NSEC3 even if there
wasn't an NSEC3 RRset to be removed in dns_nsec3_delnsec3.

3 years agoMerge branch 'jpmens-main-patch-10650' into 'main'
Ondřej Surý [Mon, 24 Apr 2023 15:12:12 +0000 (15:12 +0000)] 
Merge branch 'jpmens-main-patch-10650' into 'main'

ARM: replace word in TLS section

See merge request isc-projects/bind9!7864

3 years agoFix typo in the ARM - missed -> missing
JP Mens [Sat, 22 Apr 2023 17:46:20 +0000 (17:46 +0000)] 
Fix typo in the ARM - missed -> missing

3 years agoMerge branch '4004-reimplemented-max-transfer--in' into 'main'
Ondřej Surý [Fri, 21 Apr 2023 11:31:04 +0000 (11:31 +0000)] 
Merge branch '4004-reimplemented-max-transfer--in' into 'main'

Implement maximum global and idle time for incoming XFR

Closes #4004

See merge request isc-projects/bind9!7810

3 years agoAdd CHANGES note for [GL #4004]
Ondřej Surý [Wed, 5 Apr 2023 21:07:44 +0000 (23:07 +0200)] 
Add CHANGES note for [GL #4004]

3 years agoImplement new checks for the xfer system test
Aram Sargsyan [Mon, 17 Apr 2023 12:22:49 +0000 (12:22 +0000)] 
Implement new checks for the xfer system test

Check the max-transfer-time-in and max-transfer-idle-in options.

3 years agoImplement new -T options for xfer system tests
Aram Sargsyan [Mon, 17 Apr 2023 12:22:38 +0000 (12:22 +0000)] 
Implement new -T options for xfer system tests

'-T transferinsecs' makes named interpret the max-transfer-time-out,
max-transfer-idle-out, max-transfer-time-in and max-transfer-idle-in
configuration options as seconds instead of minutes.

'-T transferslowly' makes named to sleep for one second for every
xfrout message.

'-T transferstuck' makes named to sleep for one minute for every
xfrout message.

3 years agoImplement maximum global and idle time for incoming XFR
Ondřej Surý [Wed, 5 Apr 2023 20:35:00 +0000 (22:35 +0200)] 
Implement maximum global and idle time for incoming XFR

After the dns_xfrin was changed to use network manager, the maximum
global (max-transfer-time-in) and idle (max-transfer-idle-in) times for
incoming transfers were turned inoperational because of missing
implementation.

Restore this functionality by implementing the timers for the incoming
transfers.

3 years agoMerge branch '4005-handle-ISC_R_INVALIDPROTO-from-libuv' into 'main'
Ondřej Surý [Fri, 21 Apr 2023 10:43:14 +0000 (10:43 +0000)] 
Merge branch '4005-handle-ISC_R_INVALIDPROTO-from-libuv' into 'main'

Handle ISC_R_INVALIDPROTO in the dispatch

Closes #4005

See merge request isc-projects/bind9!7860

3 years agoAdd CHANGES and release note for [GL #4005]
Ondřej Surý [Fri, 21 Apr 2023 08:16:44 +0000 (10:16 +0200)] 
Add CHANGES and release note for [GL #4005]

3 years agocheck for invalid protocol when dispatch fails
Evan Hunt [Wed, 5 Apr 2023 21:05:46 +0000 (14:05 -0700)] 
check for invalid protocol when dispatch fails

treat ISC_R_INVALIDPROTO as a networking error when it occurs.

3 years agoadd a result code for ENOPROTOOPT, EPROTONOSUPPORT
Evan Hunt [Wed, 5 Apr 2023 21:05:46 +0000 (14:05 -0700)] 
add a result code for ENOPROTOOPT, EPROTONOSUPPORT

there was no isc_result_t value for invalid protocol errors
that could be returned from libuv.

3 years agoMerge branch '3977-add-isc_spinlock-implementation' into 'main'
Ondřej Surý [Fri, 21 Apr 2023 10:10:47 +0000 (10:10 +0000)] 
Merge branch '3977-add-isc_spinlock-implementation' into 'main'

Add isc_spinlock unit with shim pthread_spin implementation

Closes #3977

See merge request isc-projects/bind9!7749

3 years agoAdd CHANGES note for [GL #3977]
Ondřej Surý [Thu, 30 Mar 2023 08:44:21 +0000 (10:44 +0200)] 
Add CHANGES note for [GL #3977]

3 years agoAdd isc_spinlock unit with shim pthread_spin implementation
Ondřej Surý [Fri, 3 Mar 2023 08:24:13 +0000 (09:24 +0100)] 
Add isc_spinlock unit with shim pthread_spin implementation

The spinlock is small (atomic_uint_fast32_t at most), lightweight
synchronization primitive and should only be used for short-lived and
most of the time a isc_mutex should be used.

Add a isc_spinlock unit which is either (most of the time) a think
wrapper around pthread_spin API or an efficient shim implementation of
the simple spinlock.

3 years agoAlways initialize the workers in the libtest
Ondřej Surý [Thu, 30 Mar 2023 07:14:21 +0000 (09:14 +0200)] 
Always initialize the workers in the libtest

The workers variable might be needed even to tests not using
loopmgr. Split the workers initialization into setup_workers() function
and always call it from the default main loop.

3 years agoMerge branch '4011-fix-read_stop-in-streaming-protocols' into 'main'
Ondřej Surý [Thu, 20 Apr 2023 12:03:52 +0000 (12:03 +0000)] 
Merge branch '4011-fix-read_stop-in-streaming-protocols' into 'main'

Fix the streaming read callback shutdown logic

Closes #4011

See merge request isc-projects/bind9!7836

3 years agoAdd CHANGES note for [GL #4011]
Ondřej Surý [Fri, 14 Apr 2023 03:43:32 +0000 (05:43 +0200)] 
Add CHANGES note for [GL #4011]

3 years agoFix the streaming read callback shutdown logic
Ondřej Surý [Thu, 13 Apr 2023 15:27:50 +0000 (17:27 +0200)] 
Fix the streaming read callback shutdown logic

When shutting down TCP sockets, the read callback calling logic was
flawed, it would call either one less callback or one extra.  Fix the
logic in the way:

1. When isc_nm_read() has been called but isc_nm_read_stop() hasn't on
   the handle, the read callback will be called with ISC_R_CANCELED to
   cancel active reading from the socket/handle.

2. When isc_nm_read() has been called and isc_nm_read_stop() has been
   called on the on the handle, the read callback will be called with
   ISC_R_SHUTTINGDOWN to signal that the dormant (not-reading) socket
   is being shut down.

3. The .reading and .recv_read flags are little bit tricky.  The
   .reading flag indicates if the outer layer is reading the data (that
   would be uv_tcp_t for TCP and isc_nmsocket_t (TCP) for TLSStream),
   the .recv_read flag indicates whether somebody is interested in the
   data read from the socket.

   Usually, you would expect that the .reading should be false when
   .recv_read is false, but it gets even more tricky with TLSStream as
   the TLS protocol might need to read from the socket even when sending
   data.

   Fix the usage of the .recv_read and .reading flags in the TLSStream
   to their true meaning - which mostly consist of using .recv_read
   everywhere and then wrapping isc_nm_read() and isc_nm_read_stop()
   with the .reading flag.

4. The TLS failed read helper has been modified to resemble the TCP code
   as much as possible, clearing and re-setting the .recv_read flag in
   the TCP timeout code has been fixed and .recv_read is now cleared
   when isc_nm_read_stop() has been called on the streaming socket.

5. The use of Network Manager in the named_controlconf, isccc_ccmsg, and
   isc_httpd units have been greatly simplified due to the improved design.

6. More unit tests for TCP and TLS testing the shutdown conditions have
   been added.

Co-authored-by: Ondřej Surý <ondrej@isc.org>
Co-authored-by: Artem Boldariev <artem@isc.org>
3 years agoMerge tag 'v9.19.12'
Michał Kępień [Thu, 20 Apr 2023 10:43:46 +0000 (12:43 +0200)] 
Merge tag 'v9.19.12'

BIND 9.19.12

3 years agoMerge branch '3986-handle-ISC_R_NOPERM-in-dns_dispatch-and-honour-the-source-port...
Ondřej Surý [Thu, 20 Apr 2023 09:01:49 +0000 (09:01 +0000)] 
Merge branch '3986-handle-ISC_R_NOPERM-in-dns_dispatch-and-honour-the-source-port' into 'main'

Honour the source-port when retrying in dns_dispatch

Closes #3986

See merge request isc-projects/bind9!7806

3 years agoAdd CHANGES note for [GL #3986]
Ondřej Surý [Wed, 5 Apr 2023 13:42:05 +0000 (15:42 +0200)] 
Add CHANGES note for [GL #3986]

3 years agoHonour the source-port when retrying in dns_dispatch
Ondřej Surý [Wed, 5 Apr 2023 13:28:32 +0000 (15:28 +0200)] 
Honour the source-port when retrying in dns_dispatch

When retrying in the DNS dispatch, the local port would be forgotten on
ISC_R_ADDRINUSE, keep the configured source-port even when retrying.

Additionally, treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.

Closes: #3986
3 years agoMerge branch '4001-4002-retry-over-TCP-when-notify-sending-fails' into 'main'
Ondřej Surý [Thu, 20 Apr 2023 08:41:02 +0000 (08:41 +0000)] 
Merge branch '4001-4002-retry-over-TCP-when-notify-sending-fails' into 'main'

Handle the failure to send notify more gracefully and with log

Closes #4001 and #4002

See merge request isc-projects/bind9!7805

3 years agoAdd CHANGES and release note for [GL #4001] [GL #4002]
Ondřej Surý [Wed, 5 Apr 2023 13:37:07 +0000 (15:37 +0200)] 
Add CHANGES and release note for [GL #4001] [GL #4002]

3 years agoHandle the failure to send notify more gracefully and with log
Ondřej Surý [Wed, 5 Apr 2023 13:24:21 +0000 (15:24 +0200)] 
Handle the failure to send notify more gracefully and with log

When dns_request_create() failed in notify_send_toaddr(), sending the
notify would silently fail.  When notify_done() failed, the error would
be logged on the DEBUG(2) level.

This commit remedies the situation by:

 * Promoting several messages related to notifies to INFO level and add
   a "success" log message at the INFO level

 * Adding a TCP fallback - when sending the notify over UDP fails, named
   will retry sending notify over TCP and log the information on the
   NOTICE level

 * When sending the notify over TCP fails, it will be logged on the
   WARNING level

Closes: #4001, #4002
3 years agoMerge branch '3998-check-countlabels' into 'main'
Tony Finch [Tue, 18 Apr 2023 12:58:09 +0000 (12:58 +0000)] 
Merge branch '3998-check-countlabels' into 'main'

Check dns_name_countlabels() wrt DNS_NAME_MAXLABELS

Closes #3998

See merge request isc-projects/bind9!7822

3 years agoCheck dns_name_countlabels() wrt DNS_NAME_MAXLABELS
Tony Finch [Thu, 6 Apr 2023 17:22:51 +0000 (18:22 +0100)] 
Check dns_name_countlabels() wrt DNS_NAME_MAXLABELS

This test case was omitted from [GL !7803]

3 years agoMerge branch 'fanf-inane' into 'main'
Tony Finch [Tue, 18 Apr 2023 12:22:55 +0000 (12:22 +0000)] 
Merge branch 'fanf-inane' into 'main'

Fix several typoes in name_test

See merge request isc-projects/bind9!7800

3 years agoFix several typos in name_test
Tony Finch [Wed, 5 Apr 2023 11:56:02 +0000 (12:56 +0100)] 
Fix several typos in name_test

`nane` -> `name`

3 years agoMerge branch 'aram/xfer-test-bugfix' into 'main'
Arаm Sаrgsyаn [Tue, 18 Apr 2023 09:38:12 +0000 (09:38 +0000)] 
Merge branch 'aram/xfer-test-bugfix' into 'main'

Fix variable name error in the xfer system test

See merge request isc-projects/bind9!7845

3 years agoFix variable name error in the xfer system test
Aram Sargsyan [Mon, 17 Apr 2023 15:56:37 +0000 (15:56 +0000)] 
Fix variable name error in the xfer system test

There is no 'ret' in this test, and it is obvious that 'ret=1'
should be 'tmp=1' for the check to work correctly, if the string
is not found in the log file.

3 years agoMerge branch '3996-in-fatal-only-pause-when-running' into 'main'
Mark Andrews [Tue, 18 Apr 2023 01:11:49 +0000 (01:11 +0000)] 
Merge branch '3996-in-fatal-only-pause-when-running' into 'main'

In fatal only pause loops when they are running.

Closes #3996

See merge request isc-projects/bind9!7825

3 years agoisc_loopmgr_pause was called inappropriately
Mark Andrews [Tue, 11 Apr 2023 05:32:51 +0000 (15:32 +1000)] 
isc_loopmgr_pause was called inappropriately

isc_loopmgr_pause can't be called before isc_loopmgr_run is
called as the thread ids are not yet valid.  If there is a
fatal error before isc_loopmgr_run is run then don't call
isc_loopmgr_pause.

3 years agoMerge branch '3769-migrate-zsk-ksk-split-tocsk' into 'main'
Matthijs Mekking [Mon, 17 Apr 2023 09:39:59 +0000 (09:39 +0000)] 
Merge branch '3769-migrate-zsk-ksk-split-tocsk' into 'main'

kasp: Add test case for migrating KSK/ZSK to CSK

See merge request isc-projects/bind9!7306

3 years agoAdd key state init debugging
Matthijs Mekking [Fri, 6 Jan 2023 11:39:10 +0000 (12:39 +0100)] 
Add key state init debugging

When debugging an issue it can be useful to see what BIND initially
set the key states to.

3 years agokasp: Add test case for migrating KSK/ZSK to CSK
Matthijs Mekking [Fri, 6 Jan 2023 11:36:23 +0000 (12:36 +0100)] 
kasp: Add test case for migrating KSK/ZSK to CSK

Add a test case to cover #3679 where a user migrates from a KSK/ZSK
split using auto-dnssec maintain, to the default dnssec-policy (CSK).

The test actually does not use the default dnssec-policy, but it does
use one that has the same keys clause. For testing convenience, we use
the same propagation time values as other test cases that migrate to
dnssec-policy with mismatching existing key set.

3 years agoMerge branch '4015-fix-forward_cancel-from-the-wrong-loop' into 'main'
Ondřej Surý [Fri, 14 Apr 2023 15:13:03 +0000 (15:13 +0000)] 
Merge branch '4015-fix-forward_cancel-from-the-wrong-loop' into 'main'

Run the forward_cancel on the appropriate zone->loop

Closes #4015

See merge request isc-projects/bind9!7835

3 years agoAdd CHANGES note for [GL #4015]
Ondřej Surý [Fri, 14 Apr 2023 04:12:54 +0000 (06:12 +0200)] 
Add CHANGES note for [GL #4015]

3 years agoRun the forward_cancel on the appropriate zone->loop
Ondřej Surý [Fri, 14 Apr 2023 03:43:53 +0000 (05:43 +0200)] 
Run the forward_cancel on the appropriate zone->loop

If the zone forwards are canceled from dns_zonemgr_shutdown(), the
forward_cancel() would get called from the main loop, which is wrong.
It needs to be called from the matching zone->loop.

Run the dns_request_cancel() via isc_async_run() on the loop associated
with the zone instead of calling the dns_request_cancel() directly from
the main loop.

3 years agoMerge branch 'ondrej/remove-unused-netmgr-worker-sendbuf' into 'main'
Ondřej Surý [Fri, 14 Apr 2023 14:20:52 +0000 (14:20 +0000)] 
Merge branch 'ondrej/remove-unused-netmgr-worker-sendbuf' into 'main'

Remove unused netmgr->worker->sendbuf

See merge request isc-projects/bind9!7841

3 years agoRemove unused netmgr->worker->sendbuf
Ondřej Surý [Fri, 14 Apr 2023 11:38:41 +0000 (13:38 +0200)] 
Remove unused netmgr->worker->sendbuf

By inspecting the code, it was discovered that .sendbuf member of the
isc__nm_networker_t was unused and just consuming ~64k per worker.
Remove the member and the association allocation/deallocation.

3 years agoMerge branch '4000-openssl-attr-malloc-vs-cmocka-define-malloc' into 'main'
Arаm Sаrgsyаn [Fri, 14 Apr 2023 12:12:13 +0000 (12:12 +0000)] 
Merge branch '4000-openssl-attr-malloc-vs-cmocka-define-malloc' into 'main'

unit tests: include an OpenSSL header before including cmocka.h

Closes #4000

See merge request isc-projects/bind9!7820

3 years agoAdd a CHANGES note for [GL #4000]
Aram Sargsyan [Thu, 6 Apr 2023 13:22:46 +0000 (13:22 +0000)] 
Add a CHANGES note for [GL #4000]

3 years agounit tests: include an OpenSSL header before including cmocka.h
Aram Sargsyan [Thu, 6 Apr 2023 13:18:04 +0000 (13:18 +0000)] 
unit tests: include an OpenSSL header before including cmocka.h

OpenSSL 3.1.0 uses __attribute__(malloc), conflicting with a redefined
malloc in cmocka.h.

As a workaround, include an OpenSSL header file before including
cmocka.h in the unit tests where OpenSSL is used.

3 years agoMerge branch 'pspacek/set-up-version-and-release-notes-for-bind-9.19.13' into 'main'
Petr Špaček [Fri, 14 Apr 2023 09:03:19 +0000 (09:03 +0000)] 
Merge branch 'pspacek/set-up-version-and-release-notes-for-bind-9.19.13' into 'main'

Set up version and release notes for BIND 9.19.13

See merge request isc-projects/bind9!7839

3 years agoUpdate BIND version to 9.19.13-dev
Petr Špaček [Fri, 14 Apr 2023 08:51:44 +0000 (10:51 +0200)] 
Update BIND version to 9.19.13-dev

3 years agoSet up release notes for BIND 9.19.13
Petr Špaček [Fri, 14 Apr 2023 08:51:23 +0000 (10:51 +0200)] 
Set up release notes for BIND 9.19.13

3 years agoMerge branch 'aram/dns_xfrin_create-use-after-free' into 'main'
Arаm Sаrgsyаn [Fri, 14 Apr 2023 07:40:01 +0000 (07:40 +0000)] 
Merge branch 'aram/dns_xfrin_create-use-after-free' into 'main'

Fix a use-after-free bug in dns_xfrin_create()

See merge request isc-projects/bind9!7832

3 years agoAdd a CHANGES note for [GL !7832]
Aram Sargsyan [Thu, 13 Apr 2023 14:46:32 +0000 (14:46 +0000)] 
Add a CHANGES note for [GL !7832]

3 years agoFix a use-after-free bug in dns_xfrin_create()
Aram Sargsyan [Thu, 13 Apr 2023 14:42:29 +0000 (14:42 +0000)] 
Fix a use-after-free bug in dns_xfrin_create()

'xfr' is used after detaching the only reference, which would
have destroyed the object.

Call dns_xfrin_detach() only after the final use of 'xfr'.

3 years agoMerge branch '3980-add-timeouts-to-unit-tests' into 'main'
Mark Andrews [Fri, 14 Apr 2023 06:34:36 +0000 (06:34 +0000)] 
Merge branch '3980-add-timeouts-to-unit-tests' into 'main'

Draft: Resolve "Add timeouts to unit tests."

Closes #3980

See merge request isc-projects/bind9!7837

3 years agoUse SIGABRT rather than SIGKILL for long running unit test
Mark Andrews [Fri, 14 Apr 2023 05:40:02 +0000 (15:40 +1000)] 
Use SIGABRT rather than SIGKILL for long running unit test

SIGABRT will produce a core dump which will allow for forensic
analysis of the unit test

3 years agoMerge branch '3980-revert-unit-test-forking' into 'main'
Ondřej Surý [Fri, 14 Apr 2023 04:19:40 +0000 (04:19 +0000)] 
Merge branch '3980-revert-unit-test-forking' into 'main'

Revert "Kill unit tests that run more than 1200 seconds"

Closes #3980

See merge request isc-projects/bind9!7833

3 years agoRevert "Kill unit tests that run more than 1200 seconds"
Ondřej Surý [Fri, 14 Apr 2023 04:14:19 +0000 (06:14 +0200)] 
Revert "Kill unit tests that run more than 1200 seconds"

This reverts commit 3d5c7cd46c60e0a534dce0640c4e47b699e7003e which
added wrapper around all the unit tests that would run the unit test in
the forked process.

This makes any debugging of the unit tests too hard.  Futures attempts
to fix #3980 should add a custom automake test harness (log driver) that
would kill the unit test after configured timeout.

3 years agoMerge branch '4003-dump_histo-defined-but-not-used-on-fips-in-bin-named-statschannel...
Mark Andrews [Wed, 12 Apr 2023 23:49:55 +0000 (23:49 +0000)] 
Merge branch '4003-dump_histo-defined-but-not-used-on-fips-in-bin-named-statschannel-c' into 'main'

Resolve "'dump_histo' defined but not used on FIPS in bin/named/statschannel.c"

Closes #4003

See merge request isc-projects/bind9!7826

3 years agodump_histo is only used with extended stats
Mark Andrews [Wed, 12 Apr 2023 06:00:39 +0000 (16:00 +1000)] 
dump_histo is only used with extended stats

Wrap dump_histo with #if defined(EXTENDED_STATS)/#endif.  Reproduce
build failure with "configure --without-libxml2 --without-json-c"

3 years agoMerge branch '3985-make-TCP-accept-a-tad-bit-faster' into 'main'
Ondřej Surý [Wed, 12 Apr 2023 12:12:33 +0000 (12:12 +0000)] 
Merge branch '3985-make-TCP-accept-a-tad-bit-faster' into 'main'

Fix the TCP accept quota code

Closes #3985

See merge request isc-projects/bind9!7823

3 years agoAdd CHANGES note for [GL #3985]
Ondřej Surý [Sun, 9 Apr 2023 06:50:18 +0000 (08:50 +0200)] 
Add CHANGES note for [GL #3985]

3 years agoRefactor the isc_quota code and fix the quota in TCP accept code
Ondřej Surý [Tue, 11 Apr 2023 05:54:58 +0000 (07:54 +0200)] 
Refactor the isc_quota code and fix the quota in TCP accept code

In e18541287231b721c9cdb7e492697a2a80fd83fc, the TCP accept quota code
became broken in a subtle way - the quota would get initialized on the
first accept for the server socket and then deleted from the server
socket, so it would never get applied again.

Properly fixing this required a bigger refactoring of the isc_quota API
code to make it much simpler.  The new code decouples the ownership of
the quota and acquiring/releasing the quota limit.

After (during) the refactoring it became more clear that we need to use
the callback from the child side of the accepted connection, and not the
server side.

3 years agoConvert tls_send() callback to use isc_job_run()
Ondřej Surý [Tue, 11 Apr 2023 10:37:21 +0000 (12:37 +0200)] 
Convert tls_send() callback to use isc_job_run()

The tls_send() was already using uvreq; convert this to use more direct
isc_job_run() - the on-loop no-allocation method.

3 years agoConvert isc__nm_http_send() from isc_async_run() to isc_job_run()
Ondřej Surý [Tue, 11 Apr 2023 10:04:38 +0000 (12:04 +0200)] 
Convert isc__nm_http_send() from isc_async_run() to isc_job_run()

The isc__nm_http_send() was already using uvreq; convert this to use
more direct isc_job_run() - the on-loop no-allocation method.

3 years agoUse isc_job_run() for reading from StreamDNS socket
Ondřej Surý [Mon, 10 Apr 2023 05:16:45 +0000 (07:16 +0200)] 
Use isc_job_run() for reading from StreamDNS socket

Change the reading in the StreamDNS code to use isc_job_run() instead of
using isc_async_run() for less allocations and more streamlined
execution.

3 years agoRun closehandle_cb on run queue instead of async queue
Ondřej Surý [Sun, 9 Apr 2023 04:48:46 +0000 (06:48 +0200)] 
Run closehandle_cb on run queue instead of async queue

Instead of using isc_async_run() when closing StreamDNS handle, add
isc_job_t member to the isc_nmhandle_t structure and use isc_job_run()
to avoid allocation/deallocation on the StreamDNS hot-path.

3 years agoAccept overquota TCP connection on local thread if possible
Ondřej Surý [Sat, 8 Apr 2023 11:54:52 +0000 (13:54 +0200)] 
Accept overquota TCP connection on local thread if possible

If the quota callback is called on a thread matching the socket, call
the TCP accept function directly instead of using isc_async_run() which
allocates-deallocates memory.

3 years agoMake isc_tid() a header-only function
Ondřej Surý [Sat, 8 Apr 2023 11:56:13 +0000 (13:56 +0200)] 
Make isc_tid() a header-only function

The isc_tid() function is often called on the hot-path and it's the only
function is to return thread_local variable, make the isc_tid() function
a header-only to save several function calls during query-response
processing.

3 years agoMerge branch 'tkrizek/dnsrps-test-replace-egrep' into 'main'
Tom Krizek [Wed, 12 Apr 2023 11:55:28 +0000 (11:55 +0000)] 
Merge branch 'tkrizek/dnsrps-test-replace-egrep' into 'main'

Replace egrep with grep -E in rpz tests

See merge request isc-projects/bind9!7821

3 years agoReplace egrep with grep -E in rpz tests
Tom Krizek [Thu, 6 Apr 2023 14:33:06 +0000 (16:33 +0200)] 
Replace egrep with grep -E in rpz tests

GNU Grep 3.8 reports the following warnings:

    egrep: warning: egrep is obsolescent; using grep -E