While the creation and publication times of the various keys
in this policy are nearly at the same time there is a chance that
one key is created a second later than the other.
The `set_keytimes_algorithm_policy` mistakenly set the keytimes
for KEY3 based of the "published" time from KEY2.
Evan Hunt [Tue, 30 Jun 2020 20:10:59 +0000 (13:10 -0700)]
further tidying of primary/secondary terminology in system tests
this changes most visble uses of master/slave terminology in tests.sh
and most uses of 'type master' or 'type slave' in named.conf files.
files in the checkconf test were not updated in order to confirm that
the old syntax still works. rpzrecurse was also left mostly unchanged
to avoid interference with DNSRPS.
Evan Hunt [Fri, 26 Jun 2020 04:59:56 +0000 (21:59 -0700)]
prevent "primaries" lists from having duplicate names
it is now an error to have two primaries lists with the same
name. this is true regardless of whether the "primaries" or
"masters" keywords were used to define them.
Don't destroy a non-closed socket, wait for all the callbacks.
We erroneously tried to destroy a socket after issuing
isc__nm_tcp{,dns}_close. Under some (race) circumstances we could get
nm_socket_cleanup to be called twice for the same socket, causing an
access to a dead memory.
Witold Kręcicki [Mon, 29 Jun 2020 06:43:54 +0000 (08:43 +0200)]
Fix possible race in isc__nm_tcpconnect.
There's a possibility of race in isc__nm_tcpconnect if the asynchronous
connect operation finishes with all the callbacks before we exit the
isc__nm_tcpconnect itself we might access an already freed memory.
Fix it by creating an additional reference to the socket freed at the
end of isc__nm_tcpconnect.
Witold Kręcicki [Thu, 21 May 2020 09:18:53 +0000 (11:18 +0200)]
Fix assertion failure during startup when the server is under load.
When we're coming back from recursion fetch_callback does not accept
DNS_R_NXDOMAIN as an rcode - query_gotanswer calls query_nxdomain in
which an assertion fails on qctx->is_zone. Yet, under some
circumstances, qname minimization will return an DNS_R_NXDOMAIN - when
root zone mirror is not yet loaded. The fix changes the DNS_R_NXDOMAIN
answer to DNS_R_SERVFAIL.
Diego Fronza [Mon, 25 May 2020 18:03:32 +0000 (15:03 -0300)]
Added test for the fix
This test ensures that named will correctly shutdown
when receiving multiple control connections after processing
of either "rncd stop" or "kill -SIGTERM" commands.
Before the fix, named was crashing due to a race condition happening
between two threads, one running shutdown logic in named/server.c
and other handling control logic in controlconf.c.
This test tries to reproduce the above scenario by issuing multiple
queries to a target named instance, issuing either rndc stop or kill
-SIGTERM command to the same named instance, then starting multiple rndc
status connections to ensure it is not crashing anymore.
Ondřej Surý [Tue, 23 Jun 2020 11:02:21 +0000 (13:02 +0200)]
Don't continue opening a new rndc connection if we are shutting down
Due to lack of synchronization, whenever named was being requested to
stop using rndc, controlconf.c module could be trying to access an already
released pointer through named_g_server->interfacemgr in a separate
thread.
The race could only be triggered if named was being shutdown and more
rndc connections were ocurring at the same time.
This fix correctly checks if the server is shutting down before opening
a new rndc connection.
Evan Hunt [Wed, 17 Jun 2020 19:09:10 +0000 (12:09 -0700)]
restore "blackhole" functionality
the blackhole ACL was accidentally disabled with respect to client
queries during the netmgr conversion.
in order to make this work for TCP, it was necessary to add a return
code to the accept callback functions passed to isc_nm_listentcp() and
isc_nm_listentcpdns().
Matthijs Mekking [Thu, 18 Jun 2020 15:07:52 +0000 (17:07 +0200)]
Output rndc dnssec -status
Implement the 'rndc dnssec -status' command that will output
some information about the key states, such as which policy is
used for the zone, what keys are in use, and when rollover is
scheduled.
Add loose testing in the kasp system test, the actual times are
already tested via key file inspection.
Matthijs Mekking [Wed, 17 Jun 2020 12:58:57 +0000 (14:58 +0200)]
Implement dummy 'rndc dnssec -status' command
Add the code and documentation required to provide DNSSEC signing
status through rndc. This does not yet show any useful information,
just provide the command that will output some dummy string.
Matthijs Mekking [Wed, 17 Jun 2020 12:00:09 +0000 (14:00 +0200)]
Move dst key printtime in separate function
I'd like to use the same functionality (pretty print the datetime
of keytime metadata) in the 'rndc dnssec -status' command. So it is
better that this logic is done in a separate function.
Since the stdtime.c code have differernt files for unix and win32,
I think the "#ifdef WIN32" define can be dropped.
Ondřej Surý [Mon, 29 Jun 2020 17:37:18 +0000 (19:37 +0200)]
Add missing rndc.conf header that was breaking manpages section
The rndc.conf main header was missing the header markup and that was
breaking the TOC for all manpages in the ARM because sphinx-build
incorrectly remembered the markup for subheader to be ~~~~ instead of
----.
Michał Kępień [Thu, 23 Apr 2020 10:32:35 +0000 (12:32 +0200)]
Fix build-time GSSAPI detection on Tumbleweed
The "krb5-devel" package on openSUSE Tumbleweed installs the
"krb5-config" binary into a custom prefix, which prevents BIND's
"configure" script from autodetecting it. Fix by specifying the path to
the "krb5-config" binary using --with-gssapi.
Michał Kępień [Mon, 29 Jun 2020 08:23:23 +0000 (10:23 +0200)]
Fix libdns CFLAGS
Since lib/dns/include/dns/view.h unconditionally defines dnstap-related
fields in struct dns_view (and includes <dns/dnstap.h>), care must be
taken to ensure that any source file which includes <dns/view.h> gets
built with a set of CFLAGS which allows <dns/dnstap.h> to be properly
processed (particularly its <fstrm.h> and <protobuf-c/protobuf-c.h>
conditional dependencies which are only included for dnstap-enabled
builds). Ensure that by making LIBDNS_CFLAGS include DNSTAP_CFLAGS when
building with dnstap support.
Michał Kępień [Mon, 29 Jun 2020 08:23:23 +0000 (10:23 +0200)]
Fix restoring CFLAGS and LIBS in AX_LIB_LMDB()
The AX_LIB_LMDB() macro attempts to test the potential LMDB installation
path provided to it by temporarily updating CFLAGS and LIBS, calling
AC_SEARCH_LIBS(), and then restoring CFLAGS and LIBS to their original
values. However, including certain statements (e.g. "break") in the
arguments provided to the AX_LIB_LMDB() macro may cause an early exit
from it, in which case CFLAGS and LIBS will be left polluted. Fix by
resetting CFLAGS and LIBS to their original values before executing the
commands provided as AX_LIB_LMDB() arguments.
Matthijs Mekking [Tue, 26 May 2020 11:28:29 +0000 (13:28 +0200)]
kasp tests: fix wait for reconfig done
The wait until zones are signed after rndc reconfig is broken
because the zones are already signed before the reconfig. Fix
by having a different way to ensure the signing of the zone is
complete. This does require a call to the "wait_for_done_signing"
function after each "check_keys" call after the ns6 reconfig.
The "wait_for_done_signing" looks for a (newly added) debug log
message that named will output if it is done signing with a certain
key.
Evan Hunt [Mon, 22 Jun 2020 23:45:47 +0000 (16:45 -0700)]
Make netmgr tcpdns send calls asynchronous
isc__nm_tcpdns_send() was not asynchronous and accessed socket
internal fields in an unsafe manner, which could lead to a race
condition and subsequent crash. Fix it by moving tcpdns processing
to a proper netmgr thread.
Witold Kręcicki [Mon, 22 Jun 2020 22:46:11 +0000 (15:46 -0700)]
Fix a shutdown race in netmgr udp
We need to mark the socket as inactive early (and synchronously)
in the stoplistening process; otherwise we might destroy the
callback argument before we actually stop listening, and call
the callback on bad memory.
Mark Andrews [Tue, 23 Jun 2020 07:00:43 +0000 (17:00 +1000)]
Resize unamebuf[] to avoid warnings about snprintf() not having
enough buffer space. Also change named_os_uname() prototype so
that it is now returning (const char *) rather than (char *). If
uname() is not supported on a UNIX build prepopulate unamebuf[]
with "unknown architecture".
Michał Kępień [Wed, 24 Jun 2020 08:07:57 +0000 (10:07 +0200)]
Fix libtool initialization
The LT_INIT() call in configure.ac is effectively a no-op because it is
preceded by a call to AC_PROG_LIBTOOL(), which is the previous name of
LT_INIT() used in older libtool versions. Replace AC_PROG_LIBTOOL()
with AC_PATH_PROG() to look for libtool in PATH without initializing it,
which is the originally intended behavior.
Without this change, --enable-static is used by default, which causes a
plain ./configure invocation to fail because static linking is now
disallowed. Drop --disable-static from the ./configure invocations used
in GitLab CI to test this scenario continuously.
Ondřej Surý [Tue, 16 Jun 2020 08:38:46 +0000 (10:38 +0200)]
Disable and disallow static linking
Linking BIND 9 programs and libraries statically disables several
important features:
* dlopen() - relied on by dynamic loading of modules, dlz, and dyndb,
* RELRO (read-only relocations) and ASLR (address space layout
randomization) - security features which are important for any
program interacting with the network and/or user input.
Disable and disallow linking BIND 9 binaries statically, thus enforcing
dlopen() support and allowing use of RELRO and ASLR by default.
projects / thirdparty / bind9.git / log
