Mark Andrews [Wed, 22 Sep 2021 05:21:45 +0000 (15:21 +1000)]
Handle duplicate catalog zone entries gracefully
Duplicate catalog zone entries caused an assertion failure
in named during configuration. This is now a soft error
that is detected earlier by named and also by named-checkconf.
Matthijs Mekking [Wed, 20 Oct 2021 14:38:37 +0000 (16:38 +0200)]
Update tests to match new nsec3param default
Update the nsec3 system tests to use the new default values. Change
the policy for "nsec3-other" so that we still have a test case for
non-zero salt length.
Matthijs Mekking [Wed, 20 Oct 2021 14:36:11 +0000 (16:36 +0200)]
Change nsec3param default to iter 0 salt-length 0
When using 'nsec3param' in 'dnssec-policy' and no specific parameters
are provided, default to zero additional iterations and no salt, as
recommended by draft-ietf-dnsop-nsec3-guidance.
Michal Nowak [Thu, 18 Feb 2021 15:19:57 +0000 (16:19 +0100)]
Use Fedora image for GCC ASAN and TSAN CI jobs
For the sake of running ASAN and TSAN jobs with the latest stable GCC,
replace "base image" (Debian Buster with GCC 8.3.0) with Fedora 34 image
with GCC 11.
Mark Andrews [Thu, 21 Oct 2021 06:22:58 +0000 (17:22 +1100)]
Accept either 2 or 3 old versions of log file
Depending upon when the directory is sampled there may be 2
(oldest version removed and rename / reopen is in progresss) or
3 old versions of the log file.
Ondřej Surý [Wed, 20 Oct 2021 11:01:13 +0000 (13:01 +0200)]
Add missing DNS_ZONEFLG_DUMPING to setmodtime()
It was found, that the original commit adding the setmodtime() was
incompletely squashed and there was double check for
DNS_ZONEFLG_NEEDDUMP instead of check for DNS_ZONEFLG_NEEDDUMP and
DNS_ZONEFLG_DUMPING.
Change the duplicate check to DNS_ZONEFLG_DUMPING.
Evan Hunt [Tue, 19 Oct 2021 06:14:28 +0000 (23:14 -0700)]
add a system test with an ADB loop
Add a lame delegation to lame.example.org with only an A record
in the additional section; on failure, this will trigger a retry
with AAAA, which will loop. Test that dig returns SERVFAIL, in
addition to confirming that named doesn't hang on shutdown.
Evan Hunt [Wed, 6 Oct 2021 20:42:09 +0000 (13:42 -0700)]
check for loops in ADB finds
If an ADB find is started on behalf of a resolver fetch, and fails to
find any addresses but has a pending resolver fetch associated with it,
then we need to check whether the fetch it's waiting on is the one
that created it. If so, it can never finish and needs to be terminated.
Evan Hunt [Tue, 19 Oct 2021 00:57:58 +0000 (17:57 -0700)]
incidental cleanup
The NAME_FETCH_A and NAME_FETCH_AAAA macros were meant to be
boolean, indicating whether the pointers were set or not, while
the NAME_FETCH_V4 and NAME_FETCH_V6 macros were meant to return
the pointer values. The latter were only used as booleans, so
they've been removed in favor of the former.
Also did some style cleanup and removed an unreachable code block.
Evan Hunt [Wed, 20 Oct 2021 18:39:13 +0000 (11:39 -0700)]
don't set DNS_DISPATCHSTATE_CONNECTED until attaching handle
there was a race possible in which a dispatch was put into
the 'connected' state before it had a TCP handle attached,
which could cause an assertion failure in dns_dispatch_gettcp().
Ondřej Surý [Wed, 20 Oct 2021 10:06:09 +0000 (12:06 +0200)]
Add isc_time_add and isc_time_subtract unit test
The isc_time_add() and isc_time_subtract() didn't have a unit test, add
the unit test with couple of edge case vectors to check whether overflow
and underflow is correctly handled.
Ondřej Surý [Wed, 20 Oct 2021 09:22:52 +0000 (11:22 +0200)]
Use __builtin_*_overflow for isc_time_{add,subtract}()
Use the __builtin_uadd_overflow() and __builtin_usub_overflow() for
overflow checks in isc_time_add() and isc_time_subtract(). This
generates more efficient and safe code.
Evan Hunt [Tue, 19 Oct 2021 18:34:52 +0000 (11:34 -0700)]
fix qmin system test
The qmin system test was printing spurious output. On investigation,
the test case turned out to be both broken and ineffective: its
expectations were wrong, and it was printing the output because its
wrong expectations were not met, and those failed expectations were
not causing a test failure. All of this has been corrected.
Petr Mensik [Fri, 15 Oct 2021 20:07:53 +0000 (22:07 +0200)]
Enable building documentation with Sphinx < 2.0.0
The ReferenceRole class is only available in Sphinx >= 2.0.0, which
makes building BIND 9 documentation impossible with older Sphinx
versions:
Running Sphinx v1.7.6
Configuration error:
There is a programable error in your configuration file:
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/sphinx/config.py", line 161, in __init__
execfile_(filename, config)
File "/usr/lib/python3.6/site-packages/sphinx/util/pycompat.py", line 150, in execfile_
exec_(code, _globals)
File "conf.py", line 21, in <module>
from sphinx.util.docutils import ReferenceRole
ImportError: cannot import name 'ReferenceRole'
Work around the problem by defining a stub version of the ReferenceRole
class if the latter cannot be imported. This allows documentation
(without GitLab hyperlinks in release notes) to be built with older
Sphinx versions.
Ondřej Surý [Tue, 19 Oct 2021 07:16:39 +0000 (09:16 +0200)]
Remove isc_mem_t from fctxbucket_t
The fctxbucket_t properly attaches to the fetchctx_t, so it can safely
use its memory context. Save a little bit of memory by removing own
memory context from fctxbucket_t.
Ondřej Surý [Fri, 15 Oct 2021 12:04:42 +0000 (14:04 +0200)]
Rewrite fetchctx_t reference counting
Using proper attach/detach functions for the fetch context
instead of fctx_increference() and _decreference() makes
it easier to debug reference counting errors in the resolver.
Fixed several such errors that were found as a result.
Evan Hunt [Sun, 17 Oct 2021 20:30:47 +0000 (13:30 -0700)]
check statichandle before attaching
it is possible for udp_recv_cb() to fire after the socket
is already shutting down and statichandle is NULL; we need to
create a temporary handle in this case.
Evan Hunt [Sun, 17 Oct 2021 23:45:22 +0000 (16:45 -0700)]
attach the interface manager when activating a route socket
it was possible for the route socket's udp_recv() callback to fire
after the interfacemgr was detached, causing an assertion failure.
this has now been fixed by referencing the interfacemgr when setting up
the route socket, and dereferencing it when shutting it down.
Evan Hunt [Sun, 17 Oct 2021 18:45:21 +0000 (11:45 -0700)]
Fix catz test error
The catz system test included a test case that was looking for a single
answer record after an update, when it should have been looking for two.
The test usually passed because of timing - the first dig usually got a
response before the update was completed - but occasionally the update
processed fast enough for the test to fail. On investigation, it turned
out to be the test that was wrong.
Evan Hunt [Sun, 17 Oct 2021 18:45:21 +0000 (11:45 -0700)]
Fix digdelv test error
The digdelv system test has a test case in which stderr was
included in the dig output. When trace logging was in use,
this confused the grep and caused a spurious test failure.
Ondřej Surý [Mon, 11 Oct 2021 19:18:49 +0000 (21:18 +0200)]
Use correct compiler version flag in the autoconf script
The autoconf script prints used compiler version at the end of the
configure script. Solaris native compiler doesn't support --version,
and -V has to be used which in turn isn't supported by Gcc/Clang.
Detect which version flag has to be used and call $CC with it.
Evan Hunt [Sun, 3 Oct 2021 08:01:40 +0000 (01:01 -0700)]
Don't use route socket in unit tests
Some of the libns unit tests override the isc_nmhandle_attach() and
_detach() functions. This causes a failure in ns_interface_create()
if a route socket is being used, so we add a parameter to disable it.
Evan Hunt [Sat, 2 Oct 2021 23:26:43 +0000 (16:26 -0700)]
netmgr: refactor isc__nm_incstats() and isc__nm_decstats()
route/netlink sockets don't have stats counters associated with them,
so it's now necessary to check whether socket stats exist before
incrementing or decrementing them. rather than relying on the caller
for this, we now just pass the socket and an index, and the correct
stats counter will be updated if it exists.
Evan Hunt [Sat, 2 Oct 2021 21:52:46 +0000 (14:52 -0700)]
netmgr: add isc_nm_routeconnect()
isc_nm_routeconnect() opens a route/netlink socket, then calls a
connect callback, much like isc_nm_udpconnect(), with a handle that
can then be monitored for network changes.
Internally the socket is treated as a UDP socket, since route/netlink
sockets follow the datagram contract.
Evan Hunt [Sat, 2 Oct 2021 23:26:43 +0000 (16:26 -0700)]
netmgr: refactor isc__nm_incstats() and isc__nm_decstats()
After support for route/netlink sockets is merged, not all sockets
will have stats counters associated with them, so it's now necessary
to check whether socket stats exist before incrementing or decrementing
them. rather than relying on the caller for this, we now just pass the
socket and an index, and the correct stats counter will be updated if
it exists.
Mark Andrews [Wed, 13 Oct 2021 06:39:00 +0000 (17:39 +1100)]
Check that existing catalog zone entries are preserved
Update the 'catz' system test by adding tests that update an
catalog zone (catalog1.example) while preserving existing entries
(increase SOA serial) then check that catalog zone has transferred
and that the existing entries have not accidentally been removed
as a consequence (can return updated zone content).
Mark Andrews [Wed, 13 Oct 2021 06:06:48 +0000 (17:06 +1100)]
Prevent existing catalog zone entries being incorrectly deleted
After receiving a new version of a catalog zone it is required
to merge it with the old version.
The algorithm walks through the new version's hash table and applies
the following logic:
1. If an entry from the new version does not exist in the old
version, then it's a new entry, add the entry to the `toadd` hash
table.
2. If the zone does not exist in the set of configured zones, because
it was deleted via rndc delzone or it was removed from another
catalog zone instance, then add into to the `toadd` hash table to
be reinstantiated.
3. If an entry from the new version also exists in the old version,
but is modified, then add the entry to the `tomod` hash table, then
remove it from the old version's hash table.
4. If an entry from the new version also exists in the old version and
is the same (unmodified) then just remove it from the old version's
hash table.
The algorithm then deletes all the remaining zones which still exist
in the old version's hash table (because only the ones that don't
exist in the new version should now remain there), then adds the ones
that were added to the `toadd`, and modifies the ones that were added
to the `tomod`, completing the merge.
During a recent refactoring, the part when the entry should be
removed from the old version's hash table on condition (4.) above
was accidentally omitted, so the unmodified zones were remaining
in the old version's hash table and consequently being deleted.
The new rules compare the target name in PTR and SRV records against
the machine name embedded in the kerberos principal. This can be
used to further restrict what PTR and SRV records can be added or
deleted via dynamic updates if desired.
Ondřej Surý [Thu, 14 Oct 2021 12:26:07 +0000 (14:26 +0200)]
Remove unused LIBRPZ_(UN)LIKELY macros
The librpz.h defined LIRPZ_LIKELY() and LIBRPZ_UNLIKELY() macros that
were actually unused in the code. Remove the macros and the autoconf
check for __builtin_expect().
Ondřej Surý [Thu, 14 Oct 2021 08:33:24 +0000 (10:33 +0200)]
Stop providing branch prediction information
The __builtin_expect() can be used to provide the compiler with branch
prediction information. The Gcc manual says[1] on the subject:
In general, you should prefer to use actual profile feedback for
this (-fprofile-arcs), as programmers are notoriously bad at
predicting how their programs actually perform.
Stop using __builtin_expect() and ISC_LIKELY() and ISC_UNLIKELY() macros
to provide the branch prediction information as the performance testing
shows that named performs better when the __builtin_expect() is not
being used.
Mark Andrews [Fri, 17 Sep 2021 06:34:25 +0000 (16:34 +1000)]
Don't tests stats channels that haven't been configured
pytest was failing because it was testing features that had
not been configured. test to see if those features have been
configured before running the tests.
Evan Hunt [Tue, 12 Oct 2021 23:31:47 +0000 (16:31 -0700)]
fixed a bug in rolling timestamp logfiles
due to comparing logfile suffixes as 32 bit rather than 64 bit
integers, logfiles with timestamp suffixes that should have been
removed when rolling could be left in place. this has been fixed.
the logfileconfig system test did not conform to the style of
other tests, and was difficult to read and maintain. it has
been cleaned up and simplifeid in several ways:
- named.args used when appropriate so that named can be started with
specified command line arguments, instead of having it launched
directly from tests.sh
- unused root zone removed from named configuration
- an existing directory used instead of using 'mkdir' to create one
- dnssec-validation disabled to stop the server sending unnecessary queries
incidental fix: removed leftover debugging printfs from logconf.c.
projects / thirdparty / bind9.git / log
