The dns_adb_beginudpfetch() is called only for UDP queries, but
the dns_adb_endudpfetch() is called for all queries, including
TCP. This messages the quota counting in adb.c.
(cherry picked from commit a5189eefa5)
glibc 2.30 deprecated the <sys/sysctl.h> header [1]. However, that
header is still used on other Unix-like systems, so only prevent it from
being used on Linux, in order to prevent compiler warnings from being
triggered.
[1] https://sourceware.org/ml/libc-alpha/2019-08/msg00029.html
(cherry picked from commit 65a8b53bd0)
When doing regular signing expiry time is jittered to make sure
that the re-signing times are not clumped together. This expands
this behaviour to expiry times of dynamically added records.
When incrementally re-signing a zone use the full jitter range if
the server appears to have been offline for greater than 5 minutes
otherwise use a small jitter range of 3600 seconds. This will stop
the signatures becoming more clustered if the server has been off
line for a significant period of time (> 5 minutes).
Manually edits: resolve conflicts, replace isc_random_uniform
with isc_random_jitter.
(cherry picked from commit 6b2fd40269)
This variable will report the maximum number of simultaneous tcp clients
that BIND has served while running.
It can be verified by running rndc status, then inspect "tcp high-water:
count", or by generating statistics file, rndc stats, then inspect the
line with "TCP connection high-water" text.
The tcp-highwater variable is atomically updated based on an existing
tcp-quota system handled in ns/client.c.
(cherry picked from commit 66fe8627de)
Add {isc,ns}_stats_{update_if_greater,get_counter}() functions that
are used to set and collect high-water type of statistics.
(cherry picked from commit a544e2e300)
For TCP high-water work, we need to keep the used integer types widths
in sync.
Note: int_fast32_t is used on WIN32 platform
(cherry picked from commit 0fc98ef2d5)
This fixes two scan-build false positives:
context.c:441:23: warning: The left operand of '!=' is a garbage value
|| sin.sin_port != htons(lwres_udp_port))
~~~~~~~~~~~~ ^
context.c:447:25: warning: The left operand of '!=' is a garbage value
|| sin6.sin6_port != htons(lwres_udp_port))
~~~~~~~~~~~~~~ ^
2 warnings generated.
The sin and sin6 structures are used as argument to recvfrom call and
they are properly filled by the call.
This fixes the following scan-build warning:
zt.c:325:12: warning: Value stored to 'zt' during its initialization is never read
dns_zt_t *zt = params->zt;
^~ ~~~~~~~~~~
1 warning generated.
This fixes a scan-build false-positive:
rbt_test.c:914:8: warning: Assigned value is garbage or undefined
node %= *names_count;
^ ~~~~~~~~~~~~
1 warning generated.
The remove_nodes() function is always called with correct arguments
(num_names is in <1;*names_count> range), so the modulo by zero cannot
happen, but nevertheless scan-build detects this and it's easy to fix.
(cherry picked from commit 4938f97c97)
This commit was cherry-picked from v9_14 and it fixes the following
scan-build warnings:
tsig.c:1030:20: warning: Assigned value is garbage or undefined
tsig.timesigned = querytsig.timesigned;
^ ~~~~~~~~~~~~~~~~~~~~
tsig.c:1092:26: warning: The right operand of '<' is a garbage value
if (response && bytes < querytsig.siglen)
^ ~~~~~~~~~~~~~~~~
2 warnings generated.
Related scan-build report:
dnstap_test.c:169:2: warning: Value stored to 'result' is never read
result = dns_test_makeview("test", &view);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
dnstap_test.c:193:2: warning: Value stored to 'result' is never read
result = dns_compress_init(&cctx, -1, dt_mctx);
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
2 warnings generated.
(cherry picked from commit e9acad638e)
EDNS mechanisms only apply to DNS over UDP. Thus, errors encountered
while sending DNS queries over TCP must not influence EDNS timeout
statistics.
(cherry picked from commit fce3c93ea2)
If a TCP connection fails while attempting to send a query to a server,
the fetch context will be restarted without marking the target server as
a bad one. If this happens for a server which:
- was already marked with the DNS_FETCHOPT_EDNS512 flag,
- responds to EDNS queries with the UDP payload size set to 512 bytes,
- does not send response packets larger than 512 bytes,
and the response for the query being sent is larger than 512 byes, then
named will pointlessly alternate between sending UDP queries with EDNS
UDP payload size set to 512 bytes (which are responded to with truncated
answers) and TCP connections until the fetch context retry limit is
reached. Prevent such query loops by marking the server as bad for a
given fetch context if the advertised EDNS UDP payload size for that
server gets reduced to 512 bytes and it is impossible to reach it using
TCP.
(cherry picked from commit 6cd115994e)
cppcheck 1.89 emits a false positive for lib/isc/sha1.c:
lib/isc/sha1.c:273:16: error: Uninitialized variable: block [uninitvar]
(void)memmove(block, buffer, 64);
^
lib/isc/sha1.c:272:10: note: Assignment 'block=&workspace', assigned value is <Uninit>
block = &workspace;
^
lib/isc/sha1.c:273:16: note: Uninitialized variable: block
(void)memmove(block, buffer, 64);
^
This message started appearing with cppcheck 1.89 [1], but it will be
gone in the next release [2], so just suppress it for the time being.
[1] af214e8212
[2] 2595b82634