While implementing the new unit testing framework cmocka, it was found that the
BIND 9 code doesn't compile when assertions are disabled or replaced with any
function (such as mock_assert() from cmocka unit testing framework) that's not
directly recognized as assertion by the compiler.
This made the compiler to complain about blocks of code that was recognized as
unreachable before, but now it isn't.
The changes in this commit include:
* assigns default values to couple of local variables,
* moves some return statements around INSIST assertions,
* adds __builtin_unreachable(); annotations after some INSIST assertions,
* fixes one broken assertion (= instead of ==)
(cherry picked from commit fbd2e47f51)
Ensure that serve-stale works as expected when returning stale answers
is enabled, the authoritative server does not respond, and there is no
cached answer available.
(cherry picked from commit 27cfe83a38)
Make sure that stale answers returned when the serve-stale feature is
enabled have a TTL matching the value of the stale-answer-ttl setting.
(cherry picked from commit 893ab37ce7)
The XSL stylesheet used by the web interface does not currently include
any element which would cause a list of zones configured in each view to
be displayed, making the "Zones" section of the web interface empty
unless some zone has been configured with "zone-statistics full;" and
queried. Since this can be confusing, modify the XSL stylesheet so that
a list of zones configured in each view is displayed in the web
interface.
(cherry picked from commit aeda3f389e)
Contrary to what the documentation states, the "server-addresses"
static-stub zone option does not accept custom port numbers. Fix the
configuration type used by the "server-addresses" option to ensure
documentation matches source code. Remove a check_zoneconf() test which
is unnecessary with this fix in place.
(cherry picked from commit b324576858)
Commit 2bc4c92ed4 causes the resolver to
respond to a client query with FORMERR when all upstream queries sent to
the servers authoritative for QNAME elicit FORMERR responses. This
happens because resolver code returns DNS_R_FORMERR in such a case and
dns_result_torcode() acts as a pass-through for all arguments which are
already a valid RCODE.
The correct RCODE to set in the response returned to the client in the
case described above is SERVFAIL. Make sure this happens by overriding
the RCODE in query_gotanswer(), on the grounds that any format errors in
the client query itself should be caught long before execution reaches
that point. This change should not reduce query error logging accuracy
as the resolver code itself reports the exact reason for returning a
DNS_R_FORMERR result using log_formerr().
(cherry picked from commit b5c9a8caad)
* Add configure option --enable-fips-mode that detects and enables FIPS mode
* Add a function to enable FIPS mode and call it on crypto init
* Log an OpenSSL error when FIPS_mode_set() fails and exit
* Report FIPS mode status in a separate log message from named
(cherry picked from commit c4cee27f9b)
- set up server correctly when running the second test pass
- reset stats counters before the second pass
- clean up test output
(cherry picked from commit 6d05ec7dc1)
- the text returned by "rndc nta" when adding NTAs to multiple views
was incorrectly terminated after the first line, so users only saw
on NTA added unless they checked the logs.
(cherry picked from commit 83dc5a704a)
The "exitcode" variable is set to 9 if a TCP connection fails, but is
not reset to 0 if a subsequent TCP connection succeeds. This causes dig
to return a non-zero exit code if it succeeds in getting a TCP response
after a retry. Fix by resetting "exitcode" to 0 if connect_done()
receives an event with the "result" field set to ISC_R_SUCCESS.
(cherry picked from commit deb3b85cb2)
For inline-signed zones, the value of "ixfr-from-differences" is
hardcoded to:
- "yes" for the raw version of the zone,
- "no" for the signed version of the zone.
In other words, any user-provided "ixfr-from-differences" setting is
effectively ignored for an inline-signed zone. Ensure the user is aware
of that by adding a note to the ARM and logging a message when an
"ixfr-from-differences" option is found at the zone level.
(cherry picked from commit 087157d14f)
$RANDFILE, i.e. bin/tests/system/random.data, should only be written to
if a system test requires support for cryptography and that file does
not already exist. Otherwise, when multiple system tests are run in
parallel, that file might get truncated due to bin/tools/genrandom.c
using fopen() with mode "w" when writing the destination file. With
unfortunate timing, this may cause system tests employing BIND tools
which need entropy (e.g. dnssec-keygen) to fail.
Make sure bin/tests/system/metadata/tests.sh no longer calls
bin/tools/genrandom since $RANDFILE is guaranteed to already be created
by the time bin/tools/genrandom is currently called because
bin/tests/system/metadata/prereq.sh uses bin/tests/system/testcrypto.sh.
Make sure bin/tests/system/sfcache/prereq.sh only writes to $RANDFILE if
it does not already exist.