Write initial pytest kasp library. This contains everything that is
required for testing Offline KSK functionality with pytest.
This includes:
- addtime: adding a value to a timing metadata
- get_timing_metdata: retrieve timing metadata from keyfile
- get_metadata/get_keystate: retrieve metadata from statefile
- get_keytag: retrieve keytag from base keyfile string
- get_keyrole: get key role from statefile
- dnskey_equals: compare DNSKEY record from file against a string
- cds_equals: compare CDS derived from file against a string
- zone_is_signed: wait until a zone is completely signed
- dnssec_verify: verify a DNSSEC signed zone with dnssec-verify
- check_dnssecstatus: check rndc dnssec -status output
- check_signatures: check that signatures for a given RRset are correct
- check_dnskeys: check that the published DNSKEY RRset is correct
- check_cds: check that the published CDS RRset is correct
- check_apex: check SOA, DNSKEY, CDNSKEY, and CDS RRset
- check_subdomain: check an RRset below the apex
(cherry picked from commit a3829990fd)
When DSCP support was removed, parsing of hostnames in rndc.conf was accidentally broken, resulting in an assertion failure. This has been fixed.
Closes#4991
Backport of MR !9669
Merge branch 'backport-4991-rndc-fix-parsing-hostnames-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9676
When DSCP was removed the parsing of hostnames was accidentally
broken resulting in an assertion failure. Call cfg_parse_tuple
rather than using custom code in parse_sockaddrnameport.
(cherry picked from commit 6c095f89f5)
See isc-projects/bind9#4996
Backport of MR !9662
Merge branch 'backport-mnowak/mark-upforwd-xfail-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9672
With Sphinx 8.1.0, footnotes can't stand on their own and have to be
referenced from somewhere, otherwise build fails, e.g.:
doc/dnssec-guide/signing.rst:1470: WARNING: Footnote [#] is not referenced. [ref.footnote]
Backport of MR !9663
Merge branch 'backport-mnowak/fix-dnssec-guide-footnote-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9670
With Sphinx 8.1.0, footnotes can't stand on their own and have to be
referenced from somewhere, otherwise build fails, e.g.:
doc/dnssec-guide/signing.rst:1470: WARNING: Footnote [#] is not referenced. [ref.footnote]
(cherry picked from commit bdf8859e2d)
Options of the form `[+-]option=<value>` failed to display the value on the printed command line. This has been fixed.
Closes#4993
Backport of MR !9653
Merge branch 'backport-4993-dig-restore-command-line-values-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9666
BIND 9.20.0 broke `recursive-clients 0;`. This has now been fixed.
Closes#4987
Backport of MR !9621
Merge branch 'backport-4987-fix-recursive-clients-0-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9654
HTTP URI of doc/arm/requirements.txt on the "main" branch is the source
of PyPI packages in CI base image. To make it consistent in all
maintained CI branches on RTD, use the HTTP URI as well.
This change is non-material on the "main" branch, but ensures the right
packages on stable branches where for RTD we currently leverage outdated
packages because we failed to update doc/arm/requirements.txt there.
Backport of MR !9630
Merge branch 'backport-mnowak/rtd-always-resource-requirements-txt-from-main-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9660
HTTP URI of doc/arm/requirements.txt on the "main" branch is the source
of PyPI packages in CI base image. To make it consistent in all
maintained CI branches on RTD, use the HTTP URI as well.
This change is non-material on the "main" branch, but ensures the right
packages on stable branches where for RTD we currently leverage outdated
packages because we failed to update doc/arm/requirements.txt there.
(cherry picked from commit 8fb6115492)
With Sphinx 8.1.0, footnotes can't stand on their own and have
referenced from somewhere:
/builds/isc-projects/bind9/doc/arm/general.rst:439: WARNING: Footnote [#] is not referenced. [ref.footnote]
/builds/isc-projects/bind9/doc/arm/general.rst:441: WARNING: Footnote [#] is not referenced. [ref.footnote]
/builds/isc-projects/bind9/doc/arm/general.rst:445: WARNING: Footnote [#] is not referenced. [ref.footnote]
/builds/isc-projects/bind9/doc/arm/general.rst:457: WARNING: Footnote [#] is not referenced. [ref.footnote]
(cherry picked from commit 54410e034f)
The unit test doh_test tends do fail quite often due to exceeding run
time limit in the unit:clang:freebsd14:amd64 job. Use a retry on gitlab
level to alleviate the issue until a better fix is available.
Related #4924
Backport of MR !9578
Merge branch 'backport-4924-retry-doh_test-freebsd14-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9637
The unit test doh_test tends do fail quite often due to exceeding run
time limit in the unit:clang:freebsd14:amd64 job. Use a retry on gitlab
level to alleviate the issue until a better fix is available.
(cherry picked from commit 1636864ddb)
This script is only maintained on the "main" branch.
Merge branch 'mnowak/drop-util-release-tarball-comparison-sh-script' into 'bind-9.20'
See merge request isc-projects/bind9!9629
CookieOption with new .server/.client attributes (rather than .data) was
added to dnspython. Adjust the code to use the new attributes if
available and fall back to the old code for dnspython<2.7.0
compatibility.
(cherry picked from commit 0d90b13646)
The performance improvement for finding the NSEC3 closest encloser when generating authoritative responses could cause servers to return incorrect NSEC3 records in some cases. This has been fixed.
Closes#4950
Backport of MR !9610
Merge branch 'backport-4950-bind-logs-expected-covering-nsec3-got-an-exact-match-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9631
maxlabels is the suffix length that corresponds to the latest
NXDOMAIN response. minlabels is the suffix length that corresponds
to longest found existing name.
(cherry picked from commit 67f31c5046)
When running shotgun tests on tagged releases, the increased number of
jobs may cause the shotgun pipeline to take longer than 50 minutes to
finish.
Backport of MR !9599
Merge branch 'backport-nicki/increase-shotgun-pipeline-timeout-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9624
When running shotgun tests on tagged releases, the increased number of
jobs may cause the shotgun pipeline to take longer than 50 minutes to
finish.
(cherry picked from commit 3b227e1161)
Prior to doing key management, BIND 9 will check if the key files on disk match the expected keys. If key files for previously observed keys have become unavailable, this will prevent the internal key manager from running.
Backport of MR !9337
Merge branch 'backport-4763-do-not-roll-if-key-files-are-missing-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9622