For testing purposes mainly, we want to allow set keytimings on
generated keys, such that we don't have to "keygen/settime" which
can result in one second off times.
Michał Kępień [Mon, 25 May 2020 10:49:36 +0000 (12:49 +0200)]
Add Danger Python to GitLab CI
Certain rules of the BIND development process are not codified anywhere
and/or are used inconsistently. In an attempt to improve this
situation, add a GitLab CI job which uses Danger Python to add comments
to merge requests when certain expectations are not met. Two categories
of feedback are used, only one of which - fail() - causes the GitLab CI
job to fail. Exclude dangerfile.py from Python QA checks as the way the
contents of that file are evaluated triggers a lot of Flake8 and PyLint
warnings.
Evan Hunt [Tue, 19 May 2020 01:09:08 +0000 (18:09 -0700)]
pass the nodename to add32() instead of calling dns_rbt_fullnamefromnode()
in addition to being more efficient, this prevents a possible crash by
looking up the node name before the tree sructure can be changed when
cleaning up dead nodes in addrdataset().
Ondřej Surý [Thu, 21 May 2020 09:50:56 +0000 (11:50 +0200)]
Update how we build bind.keys.h (both POSIX and Windows)
The code in util/bindkeys.pl was overly complicated and it could not be
reused on Windows because redirecting stdin and stdout at the same time
from perl is overly complicated.
Now the util/bindkeys.pl accepts the input file as the first and only
argument and prints the header file to stdout. This allows the same
utility to be used from automake and win32/Configure script.
Evan Hunt [Fri, 15 May 2020 23:37:44 +0000 (16:37 -0700)]
add a quick-and-dirty method of debugging a single query
when built with "configure --enable-singletrace", named will produce
detailed query logging at the highest debug level for any query with
query ID zero.
this enables monitoring of the progress of a single query by specifying
the QID using "dig +qid=0". the "client" logging category should be set
to a low severity level to suppress logging of other queries. (the
chance of another query using QID=0 at the same time is only 1 in 2^16.)
"--enable-singletrace" turns on "--enable-querytrace" as well, so if the
logging severity is not lowered, all other queries will be logged
verbosely as well. compiling with either of these options will impair
query performance; they should only be turned on when testing or
troubleshooting.
Michał Kępień [Mon, 25 May 2020 12:34:56 +0000 (14:34 +0200)]
Improve the "hint" variable comment
Replace an existing comment with a more verbose explanation of when the
"hint" variable is set in resquery_send() and how its value affects the
advertised UDP buffer size in outgoing queries.
Michał Kępień [Mon, 25 May 2020 12:34:56 +0000 (14:34 +0200)]
Ensure server-specific "edns-udp-size" is obeyed
If "edns-udp-size" is set in a "server" block matching the queried
server, it is accounted for in the process of determining the advertised
UDP buffer size, but its value may still be overridden before the query
is sent. This behavior contradicts the ARM which claims that when set,
the server-specific "edns-udp-size" value is used for all EDNS queries
sent to a given server.
Furthermore, calling dns_peer_getudpsize() with the "udpsize" variable
as an argument makes the code hard to follow as that call may either
update the value of "udpsize" or leave it untouched.
Ensure the code matches the documentation by moving the
dns_peer_getudpsize() call below all other blocks of code potentially
affecting the advertised UDP buffer size, which is where it was located
when server-specific "edns-udp-size" support was first implemented [1].
Improve code readability by calling dns_peer_getudpsize() with a helper
variable instead of "udpsize".
Michał Kępień [Mon, 25 May 2020 12:34:56 +0000 (14:34 +0200)]
Restore semantic meaning of DNS_FETCHOPT_EDNS512
When the DNS_FETCHOPT_EDNS512 flag was first introduced [1], it enforced
advertising a 512-byte UDP buffer size in an outgoing query. Ever since
EDNS processing code got updated [2], that flag has still been set upon
detection of certain query timeout patterns, but it has no longer been
affecting the calculations of the advertised UDP buffer size in outgoing
queries. Restore original semantic meaning of DNS_FETCHOPT_EDNS512 by
ensuring the advertised UDP buffer size is set to 512 bytes when that
flag is set. Update existing comments and add new ones to improve code
readability.
Michał Kępień [Mon, 25 May 2020 12:34:56 +0000 (14:34 +0200)]
Remove fctx->reason and a misleading log message
The following message:
success resolving '<name>' (in '<domain>'?) after reducing the advertised EDNS UDP packet size to 512 octets
can currently be logged even if the EDNS UDP buffer size advertised in
queries sent to a given server had already been set to 512 octets before
the fetch context was created (e.g. due to the server responding
intermittently). In other words, this log message may be misleading as
lowering the advertised EDNS UDP buffer size may not be the actual cause
of <name> being successfully resolved. Remove the log message in
question to prevent confusion.
As this log message is the only existing user of the "reason" field in
struct fetchctx, remove that field as well, along with all the code
related to it.
Michal Nowak [Fri, 3 Apr 2020 09:26:02 +0000 (11:26 +0200)]
Provide unit test driver
This adds a unit test driver for BIND with Automake. It runs the unit
test program provided as its sole command line argument and then looks
for a core dump generated by that test program. If one is found, the
driver prints the backtrace into the test log.
Michał Kępień [Thu, 21 May 2020 09:33:11 +0000 (11:33 +0200)]
Add py.test-3 to the list of tested pytest names
Some operating systems (e.g. CentOS, OpenBSD) install the main pytest
script as "py.test-3". Add that name to the list of names passed to
AC_PATH_PROGS() in order for pytest to be properly detected on a broader
range of operating systems.
Michał Kępień [Thu, 21 May 2020 09:33:11 +0000 (11:33 +0200)]
Do not use f-strings in Python system tests
Use str.format() instead of f-strings in Python system tests to enable
them to work on Python 3 versions older than 3.6 as the latter is not
available on some operating systems used in GitLab CI that are still
actively supported (CentOS 6, Debian 9, Ubuntu 16.04).
Michał Kępień [Thu, 21 May 2020 09:33:11 +0000 (11:33 +0200)]
Do not install doc build tools in GitLab CI jobs
As documentation building utilities are now all included in operating
system images used in GitLab CI, do not install them in each "docs" CI
job any more.
Michał Kępień [Thu, 21 May 2020 09:33:11 +0000 (11:33 +0200)]
Do not install Python packages in GitLab CI jobs
As Python QA tools, BIND system test prerequisites, and documentation
building utilities are now all included in operating system images used
in GitLab CI, do not use pip for installing them in each CI job any
more.
Michał Kępień [Thu, 21 May 2020 07:14:27 +0000 (09:14 +0200)]
Update release checklist
- First merge release branches to maintenance branches, then push
tags. If tags are pushed first and a given set of releases contains
security fixes, the push will be rejected by a server-side Git hook.
- Update ABI check job name.
- Add an item for updating QA tools used in GitLab CI after each
public release.
Witold Kręcicki [Tue, 19 May 2020 08:08:25 +0000 (10:08 +0200)]
Fix possible deadlock in unix/socket.c
In process_fd we lock sock->lock and then internal_accept locks mgr->lock,
in isc_sockmgr_render* functions we lock mgr->lock and then lock sock->lock,
that can cause a deadlock when accessing stats. Unlock sock->lock early in
all the internal_{send,recv,connect,accept} functions instead of late
in process_fd.
Stephen Morris [Thu, 5 Mar 2020 18:46:46 +0000 (18:46 +0000)]
Add test for reduction in number of fetches
Add a system test that counts how many address fetches are made
for different numbers of NS records and checks that the number
are successfully limited.
Mark Andrews [Thu, 6 Feb 2020 06:19:10 +0000 (17:19 +1100)]
Reduce the number of fetches we make when looking up addresses
If there are more that 5 NS record for a zone only perform a
maximum of 4 address lookups for all the name servers. This
limits the amount of remote lookup performed for server
addresses at each level for a given query.
projects / thirdparty / bind9.git / log
