Alessio Podda [Sat, 25 Oct 2025 09:01:27 +0000 (11:01 +0200)]
Clean up ixfr transaction API
Make the API tighter. The idea of this commit is to highlight the
distinction between a database transaction and a journal transaction,
and ensure we run dns_zone_verifydb on error.
Mark Andrews [Wed, 28 Jan 2026 14:06:54 +0000 (01:06 +1100)]
[9.20] fix: test: ISC_RUN_TEST_IMPL should use a static declaration
These functions don't need to be called from multiple places and
by making them static we will detect when they are not added to the
list functions to be tested.
Closes #5715
Backport of MR !11480
Merge branch 'backport-5715-isc_run_test_impl-should-use-a-static-declaration-9.20' into 'bind-9.20'
Mark Andrews [Fri, 23 Jan 2026 04:57:42 +0000 (15:57 +1100)]
ISC_RUN_TEST_IMPL should use a static declaration
These functions don't need to be called from multiple places and
by making them static we will detect when they are not added to the
list functions to be tested.
Mark Andrews [Tue, 27 Jan 2026 21:40:42 +0000 (08:40 +1100)]
[9.20] chg: dev: Use enum rather than numbers for isc_base64_tobuffer and isc_hex_tobuffer
Use isc_one_or_more and isc_zero_or_more rather than (-2) and
(-1) when calling isc_base64_tobuffer. Similarly for
isc_hex_tobuffer. This should help reduce the probability
that the wrong number is used and it makes the intent clearer.
Closes #5713
Backport of MR !11479
Merge branch 'backport-5713-use-macros-with-isc_base64_tobuffer-and-isc_hex_tobuffer-9.20' into 'bind-9.20'
Mark Andrews [Fri, 23 Jan 2026 03:53:18 +0000 (14:53 +1100)]
Add enum for use with isc_base64_tobuffer and isc_hex_tobuffer
This adds the following enum isc_one_or_more and isc_zero_or_more
which specify if one or more or zeror or more bytes are required
when reading the unbounded base64 / hex encoded data.
Arаm Sаrgsyаn [Tue, 27 Jan 2026 13:28:33 +0000 (13:28 +0000)]
[9.20] fix: usr: Fix a possible issue with reponse policy zones and catalog zones
If a response policy zone (RPZ) or a catalog zone contained an
`$INCLUDE` directive, then manually reloading that zone could
fail to process the changes in the response policy or in the
catalog, respectively. This has been fixed.
Closes #5714
Backport of MR !11489
Merge branch 'backport-5714-zone_loaddone-rpz-and-catz-bugfix-9.20' into 'bind-9.20'
Aram Sargsyan [Mon, 26 Jan 2026 15:34:00 +0000 (15:34 +0000)]
Fix a bug in zone_loaddone()
The zone_loaddone() function disables database notifications for
a catalog zones and response policy zones (RPZ) when loading had
failed. Howerer, the 'result != ISC_R_SUCCESS' check is insufficient,
because the DNS_R_SEENINCLUDE result also indicates success.
Nicki Křížek [Tue, 27 Jan 2026 12:20:24 +0000 (13:20 +0100)]
[9.20] fix: test: Resolve the system_test_dir in pytest
If the system_test_dir contains a symlink, then it might cause issues
further down when using relative_to(), unless it is resolved first. This
has been observed on FreeBSD13 in CI where /home is a symlink to
/usr/home.
Backport of MR !11490
Merge branch 'backport-nicki/pytest-freebsd13-artifacts-path-9.20' into 'bind-9.20'
Nicki Křížek [Mon, 26 Jan 2026 17:37:00 +0000 (18:37 +0100)]
Resolve the system_test_dir in pytest
If the system_test_dir contains a symlink, then it might cause issues
further down when using relative_to(), unless it is resolved first. This
has been observed on FreeBSD13 in CI where /home is a symlink to
/usr/home.
Štěpán Balážik [Thu, 25 Dec 2025 15:58:35 +0000 (16:58 +0100)]
Store the most specific matched domain in DomainHandler
Store the most specific matching domain in DomainHandler and
expose it through the `matched_domain` property for subclasses
to use in their implementations of `get_responses`.
Mark Andrews [Fri, 23 Jan 2026 15:19:23 +0000 (02:19 +1100)]
[9.20] fix: usr: DSYNC record incorrectly used two octets for the Scheme Field
When creating the `DSYNC` record from a structure, `uint16_tobuffer` was used instead of `uint8_tobuffer` when adding the scheme, causing a `DSYNC` record that was one octet too long. This has been fixed.
Closes #5711
Backport of MR !11477
Merge branch 'backport-5711-dsync_fromstruct-produces-an-invalid-record-9.20' into 'bind-9.20'
Mark Andrews [Fri, 23 Jan 2026 02:32:41 +0000 (13:32 +1100)]
dsync_from struct produced an invalid record
uint16_tobuffer was used instead of uint8_tobuffer when adding the
scheme to the buffer. This produced a record that was one octet
too long. This has been fixed.
Andoni Duarte [Fri, 23 Jan 2026 12:38:56 +0000 (12:38 +0000)]
[9.20] chg: ci: Use a small always-on runner for lightweight CI jobs
Some CI jobs spend more time pulling the docker image and setting up their environment than running the script. This MR adds a tag `smalljob` to jobs considered lightweight in order to run them on a dedicated small VM.
Backport of MR !11266
Merge branch 'backport-andoni/try-small-vm-for-lightweight-ci-jobs-9.20' into 'bind-9.20'
Move CI stage "other-checks" right after "quick-checks"
Move CI stage "other-checks" right after "quick-checks" and get the jobs
in it as close to each other as possible in .gitlab-ci.yml.
Since no job is allowed to depend (via "needs") on any job that is
assigned to a stage later than its own, move the "tsan:stress" and
"gcov" jobs to the "system" stage.
Rename the "postcheck" stage to "other-checks" in CI
Rename the "postcheck" CI stage to the more generic "other-checks".
Slower jobs that still run in autoscaled runners belong here, as opposed
to the lightweight ones in "quick-checks".
Rename the "precheck" stage in CI to "quick-checks"
Most jobs in the "precheck" stage spend more time setting up their
environment than running the script (seconds), this allows us to add a
small always on dedicated runner instead of the autoscaled ones.
Hence, the stage is renamed to "quick-checks", and a tag "smalljob" is
added to the anchor so that these jobs are picked by the dedicated
runner.
Andoni Duarte [Thu, 22 Jan 2026 19:17:49 +0000 (19:17 +0000)]
[9.20] fix: ci: Read the Docs picking old version when stable tag is updated
Read the Docs fails to pick the latest version when updating the `stable` tag, i.e. a build is triggered but it takes the previous version of it. This is a known bug in RtD: https://github.com/readthedocs/readthedocs.org/issues/10838.
The only approach that seems to solve this on our end, is to wait some time and trigger the build again so that it picks the latest version of the tag.
Backport of MR !11475
Merge branch 'backport-andoni/fix-rtd-picking-old-version-when-stable-branch-update-9.20' into 'bind-9.20'
Read the Docs fails to pick the latest version of the stable tag when
updated, i.e. a build is triggered but it takes the previous version.
This commit triggers a second build after 5 minutes to ensure that the
correct tag version is used for the documentation.
This is a known bug in RtD:
https://github.com/readthedocs/readthedocs.org/issues/10838.
Nicki Křížek [Wed, 21 Jan 2026 15:36:52 +0000 (16:36 +0100)]
[9.20] chg: pkg: Update requirements for system test suite
Python 3.10 or newer is now required for running the system test suite. The required python packages and their version requirements are now tracked in `bin/tests/system/requirements.txt`.
Support for pytest 9.0.0 has been added its minimum supported version has been raised to 7.0.0. The minimum supported dnspython version has been raised to 2.3.0.
Closes #5690
Closes #5614
Backport of MR !11415
Merge branch 'backport-nicki/pytest-9-compat-9.20' into 'bind-9.20'
Nicki Křížek [Tue, 30 Dec 2025 12:45:50 +0000 (13:45 +0100)]
Bump the minimum required python version to 3.10
Drop support of EoL python versions for running system tests. The
maintenance cost of supporting end of life ecosystem, especially Python
3.6 on EL8 and the related outdated packages (pytest, dnspython, ...),
has become unreasonable.
Nicki Křížek [Tue, 16 Dec 2025 17:27:20 +0000 (18:27 +0100)]
Add requirements.txt for system tests
This file lists the required Python packages and versions for running
system tests. The easiest way to obtain them is:
pip install -r requirements.txt
The minimum dnspython version is 2.7.0 because it supports TSIG parsing
without validation (for tsig/tests_tsig_hypothesis.py) and wire() (for
names/tests_names.py).
The minimum pytest version was bumped to 7.0.0 because it supports the
collection hook API required by pytest 9.
The minimum hypothesis version was set to 4.41.2 as prior versions might
have issues on FIPS systems.
Mark Andrews [Fri, 19 Dec 2025 01:32:33 +0000 (12:32 +1100)]
Use const pointer with strchr of const pointer
C23 now has qualifier preserving standard functions for strchr,
bsearch, strpbrk, strrchr, strstr, memchr. There where a few places
where the return value was not assigned to a const qualified pointer.
These have been fixed.
Štěpán Balážik [Tue, 23 Dec 2025 13:36:56 +0000 (14:36 +0100)]
Add SwitchControlCommand for ControllableAsyncServer
To provide feature parity with `bin/tests/system/ans.pl` add a control
command to allow easy switching between different sequences of
ResponseHandlers.
Štěpán Balážik [Wed, 17 Dec 2025 13:08:03 +0000 (14:08 +0100)]
Use variadic positional parameters for plural install_* methods
It saves an indent and brackets on the call sites.
Also sort the handlers alphabetically where their order doesn't matter
and split the fallback handlers into a separate call to signify that
their position in the end matters.
Aram Sargsyan [Thu, 25 Dec 2025 12:25:48 +0000 (12:25 +0000)]
Make catalog zones' entry names case-insensitive
Previously, the isc_ht hash table module was case-sensitive, but now
it supports case-insensitive mode. Use the case-insensitive mode
for the catalog zones' entry names.
Aram Sargsyan [Fri, 19 Dec 2025 17:51:08 +0000 (17:51 +0000)]
Make catalog zone names case-insensitive
Previously, the isc_ht hash table module was case-sensitive, but now
it supports case-insensitive mode. Use the case-insensitive mode
for catalog zone names.
Nicki Křížek [Fri, 28 Nov 2025 15:41:44 +0000 (16:41 +0100)]
Replace digdelv/ans8 with AsyncDnsServer
Previously, the ans8 server had different response modes that applied to
all queries. Replace it with AsyncDnsServer that has serves the different
response modes under different domains without the need to change the
server behaviour at runtime.
Add the new queries that require an ns3 fallback to the ns3/example.db
zone.
Nicki Křížek [Fri, 28 Nov 2025 15:13:43 +0000 (16:13 +0100)]
Replace digdelv/ans5 with ControllableAsyncDnsServer
The server has three modes of operation - either no response, a partial
AXFR or a complete AXFR. To test the fallback behaviour of dig, these
actions are be combined in a specific sequences. To set up the desired
server behaviour, use the _control queries for the server.
Nicki Křížek [Fri, 28 Nov 2025 14:34:38 +0000 (15:34 +0100)]
Rename ResponseDropAndCloseConnection action
The action can be used to close the connection even after some response
was sent, depending on the ordering of actions in the handler that uses
it. Rename it to CloseConnection to use a more fitting name.
Štěpán Balážik [Fri, 9 Jan 2026 17:26:49 +0000 (17:26 +0000)]
[9.20] chg: test: Avoid sending manually created responses in asyncserver
If at all possible, all the responses should be created by
AsyncDnsServer's internal methods. To ensure this, mark them with a
magic attribute and check it on send and crash the server if a manually
created response is detected.
Backport of MR !11420
Merge branch 'backport-stepan/avoid-using-hand-rolled-responses-in-asyncserver-9.20' into 'bind-9.20'
Štěpán Balážik [Fri, 2 Jan 2026 19:36:29 +0000 (20:36 +0100)]
Avoid sending manually created responses in asyncserver
If at all possible, all the responses should be created by
AsyncDnsServer's internal methods. To ensure this, mark them with a
magic attribute and check it on send and crash the server if a manually
created response is detected.
Fix the qmin test server which uses `make_response`.
projects / thirdparty / bind9.git / log
