Commit Graph

41886 Commits

Author SHA1 Message Date
Evan Hunt
653b200151 fix: nil: corrected code style errors
- add missing brackets around one-line statements
- add paretheses around return values

Merge branch 'each-style-corrections-bind-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9665
2024-10-18 19:32:22 +00:00
Evan Hunt
b5475c9cda corrected code style errors
- add missing brackets around one-line statements
- add paretheses around return values
2024-10-18 19:31:56 +00:00
Mark Andrews
f604c31ad2 [9.20] fix: usr: Restore values when dig prints command line
Options of the form `[+-]option=<value>` failed to display the value on the printed command line. This has been fixed.

Closes #4993

Backport of MR !9653

Merge branch 'backport-4993-dig-restore-command-line-values-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9666
2024-10-18 03:55:26 +00:00
Mark Andrews
0be99decb9 Correctly get final token
(cherry picked from commit df5b4ba894)
2024-10-18 02:10:33 +00:00
Mark Andrews
b9a4b97367 Restore seperator values
strtok_r is destructive.  Restore the seperators so that the command
line can be properly displayed.

(cherry picked from commit 609d96aa12)
2024-10-18 02:10:33 +00:00
Mark Andrews
747a19bc00 [9.20] fix: usr: 'Recursive-clients 0;' triggers an assertion
BIND 9.20.0 broke `recursive-clients 0;`.  This has now been fixed.

Closes #4987

Backport of MR !9621

Merge branch 'backport-4987-fix-recursive-clients-0-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9654
2024-10-17 22:47:36 +00:00
Mark Andrews
10a599d3e8 Add regression test for [GL #4987]
(cherry picked from commit 677abded6b)
2024-10-17 22:05:22 +00:00
Mark Andrews
887e874e93 Fix recursive-clients 0
Setting recursive-clients 0 triggered an assertion in isc_quota_soft.
This has now been fixed.

(cherry picked from commit 840eaa628d)
2024-10-17 22:05:22 +00:00
Nicki Křížek
14c5d7f551 [9.20] chg: doc: Review BIND ARM (9.20 updates)
Closes #4945

Merge branch '4945-bind-arm-review-from-9-18-28-to-9-20-0' into 'bind-9.20'

See merge request isc-projects/bind9!9508
2024-10-17 13:52:21 +00:00
Suzanne Goldlust
998c61c1cf Review and update ARM documentation
Minor edits and fixes for the documentation added from 9.18.28 through
9.20.0.
2024-10-17 13:57:57 +02:00
Michal Nowak
4f9afdfaf1 [9.20] chg: doc: Read the Docs should always source requirements.txt from "main"
HTTP URI of doc/arm/requirements.txt on the "main" branch is the source
of PyPI packages in CI base image. To make it consistent in all
maintained CI branches on RTD, use the HTTP URI as well.

This change is non-material on the "main" branch, but ensures the right
packages on stable branches where for RTD we currently leverage outdated
packages because we failed to update doc/arm/requirements.txt there.

Backport of MR !9630

Merge branch 'backport-mnowak/rtd-always-resource-requirements-txt-from-main-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9660
2024-10-17 11:19:21 +00:00
Michal Nowak
a43ed940cd Drop doc/arm/requirements.txt
doc/arm/requirements.txt is maintained only on the "main" branch.
2024-10-17 12:56:41 +02:00
Michal Nowak
325d80430b Read the Docs should always source requirements.txt from "main"
HTTP URI of doc/arm/requirements.txt on the "main" branch is the source
of PyPI packages in CI base image. To make it consistent in all
maintained CI branches on RTD, use the HTTP URI as well.

This change is non-material on the "main" branch, but ensures the right
packages on stable branches where for RTD we currently leverage outdated
packages because we failed to update doc/arm/requirements.txt there.

(cherry picked from commit 8fb6115492)
2024-10-17 10:50:21 +00:00
Michal Nowak
b642aab1a1 [9.20] chg: doc: Update Sphinx, docutils, and sphinx_rtd_theme packages
Backport of MR !9652

Merge branch 'backport-mnowak/doc-tools-october-2024-updates-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9658
2024-10-17 10:20:24 +00:00
Michal Nowak
bf7ccc5d8d Add RFCs referenced by footnotes
With Sphinx 8.1.0, footnotes can't stand on their own and have
referenced from somewhere:

    /builds/isc-projects/bind9/doc/arm/general.rst:439: WARNING: Footnote [#] is not referenced. [ref.footnote]
    /builds/isc-projects/bind9/doc/arm/general.rst:441: WARNING: Footnote [#] is not referenced. [ref.footnote]
    /builds/isc-projects/bind9/doc/arm/general.rst:445: WARNING: Footnote [#] is not referenced. [ref.footnote]
    /builds/isc-projects/bind9/doc/arm/general.rst:457: WARNING: Footnote [#] is not referenced. [ref.footnote]

(cherry picked from commit 54410e034f)
2024-10-17 10:11:14 +00:00
Michal Nowak
4ec2cbf156 Update Sphinx, docutils, and sphinx_rtd_theme packages
(cherry picked from commit 755dd44ec5)
2024-10-17 10:11:14 +00:00
Michal Nowak
31247b8e2f Merge tag 'v9.20.3' into bind-9.20 2024-10-16 17:53:15 +02:00
Mark Andrews
6d717e88c0 fix: dev: Remove unused <openssl/{hmac,engine}.h> headers from OpenSSL shims
The <openssl/{hmac,engine}.h> headers were unused and including the
<openssl/engine.h> header might cause build failure when OpenSSL
doesn't have Engines support enabled.

See https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine

Merge branch 'bind-9.20-openssl-engine' into 'bind-9.20'

See merge request isc-projects/bind9!9593
2024-10-16 05:15:25 +00:00
Petr Menšík
75a50925f7 Remove unused <openssl/{hmac,engine}.h> headers from OpenSSL shims
The <openssl/{hmac,engine}.h> headers were unused and including the
<openssl/engine.h> header might cause build failure when OpenSSL
doesn't have Engines support enabled.

See https://fedoraproject.org/wiki/Changes/OpensslDeprecateEngine
2024-10-16 04:39:43 +00:00
Michal Nowak
a89dd1572d [9.20] chg: test: Remove unused sbytes, stime, n, response, and rtime variables
Backport of MR !9617

Merge branch 'backport-mnowak/drop-unused-variables-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9643
2024-10-15 18:57:09 +00:00
Michal Nowak
f4eb2793d3 Add vulture
(cherry picked from commit c0246ecef6)
2024-10-15 18:49:29 +00:00
Michal Nowak
369bbd9dad Remove unused sbytes, stime, n, response, and rtime variables
(cherry picked from commit 4857da271d)
2024-10-15 18:49:29 +00:00
Michal Nowak
666d03a8a3 [9.20] chg: test: Rewrite tools system test to pytest
Backport of MR !9208

Merge branch 'backport-mnowak/pytest_rewrite_tools-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9641
2024-10-15 18:12:23 +00:00
Michal Nowak
b5118a7e70 Rewrite tools system test to pytest
(cherry picked from commit 3f8e59330d)
2024-10-15 17:28:37 +00:00
Michal Nowak
95c8c7875f [9.20] chg: doc: Update sphinx to 7.4.7
Backport of MR !9529.

Merge branch 'mnowak/update-sphinx' into 'bind-9.20'

See merge request isc-projects/bind9!9638
2024-10-15 12:36:40 +00:00
Nicki Křížek
9f75256c25 Update sphinx to 7.4.7
(cherry picked from commit 3d65fa2740)
2024-10-15 13:43:57 +02:00
Nicki Křížek
0793766d8a [9.20] chg: ci: Allow re-try of unit tests on FreeBSD 14
The unit test doh_test tends do fail quite often due to exceeding run
time limit in the unit:clang:freebsd14:amd64 job. Use a retry on gitlab
level to alleviate the issue until a better fix is available.

Related #4924

Backport of MR !9578

Merge branch 'backport-4924-retry-doh_test-freebsd14-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9637
2024-10-15 11:40:45 +00:00
Nicki Křížek
b9708fd42a Allow re-try of unit tests on FreeBSD 14
The unit test doh_test tends do fail quite often due to exceeding run
time limit in the unit:clang:freebsd14:amd64 job. Use a retry on gitlab
level to alleviate the issue until a better fix is available.

(cherry picked from commit 1636864ddb)
2024-10-15 11:40:34 +00:00
Michal Nowak
d2067ba142 rem: test: Drop util/release-tarball-comparison.sh
This script is only maintained on the "main" branch.

Merge branch 'mnowak/drop-util-release-tarball-comparison-sh-script' into 'bind-9.20'

See merge request isc-projects/bind9!9629
2024-10-15 11:35:20 +00:00
Michal Nowak
acb1626f11 Drop util/release-tarball-comparison.sh
This script is only maintained on the "main" branch.
2024-10-15 11:35:01 +00:00
Nicki Křížek
e9c4917903 [9.20] chg: test: Support dnspython 2.7.0
Closes #4988

Backport of MR !9634

Merge branch 'backport-4988-dnspython-2.7.0-support-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9635
2024-10-15 11:06:49 +00:00
Nicki Křížek
1dbeee61f8 Support dnspython 2.7.0
CookieOption with new .server/.client attributes (rather than .data) was
added to dnspython. Adjust the code to use the new attributes if
available and fall back to the old code for dnspython<2.7.0
compatibility.

(cherry picked from commit 0d90b13646)
2024-10-15 10:29:57 +00:00
Mark Andrews
76dc8accd3 [9.20] fix: usr: Fix NSEC3 closest encloser lookup for names with empty non-terminals
The performance improvement for finding the NSEC3 closest encloser when generating authoritative responses could cause servers to return incorrect NSEC3 records in some cases. This has been fixed.

Closes #4950

Backport of MR !9610

Merge branch 'backport-4950-bind-logs-expected-covering-nsec3-got-an-exact-match-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9631
2024-10-15 00:33:14 +00:00
Mark Andrews
fd2f1bdf02 Test that the correct NSEC3 closest encloser is returned
(cherry picked from commit b457f64d4a)
2024-10-14 23:55:09 +00:00
Mark Andrews
14bb1f8aa0 Use a binary search to find the NSEC3 closest encloser
maxlabels is the suffix length that corresponds to the latest
NXDOMAIN response.  minlabels is the suffix length that corresponds
to longest found existing name.

(cherry picked from commit 67f31c5046)
2024-10-14 23:55:08 +00:00
Nicki Křížek
39c67a05ae [9.20] chg: ci: Increase shotgun pipeline timeout
When running shotgun tests on tagged releases, the increased number of
jobs may cause the shotgun pipeline to take longer than 50 minutes to
finish.

Backport of MR !9599

Merge branch 'backport-nicki/increase-shotgun-pipeline-timeout-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9624
2024-10-14 11:33:13 +00:00
Nicki Křížek
de7b0663f4 Increase shotgun pipeline timeout
When running shotgun tests on tagged releases, the increased number of
jobs may cause the shotgun pipeline to take longer than 50 minutes to
finish.

(cherry picked from commit 3b227e1161)
2024-10-14 11:06:03 +00:00
Matthijs Mekking
11b0f41f80 [9.20] chg: usr: Harden key management when key files have become unavailabe
Prior to doing key management, BIND 9 will check if the key files on disk match the expected keys. If key files for previously observed keys have become unavailable, this will prevent the internal key manager from running.

Backport of MR !9337

Merge branch 'backport-4763-do-not-roll-if-key-files-are-missing-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9622
2024-10-14 09:42:43 +00:00
Matthijs Mekking
a71e037ac4 Add new behavior to the ARM
Add text to the ARM that describes what we do in case key files have
become unavailable.

(cherry picked from commit 351c066d91)
2024-10-14 10:04:04 +02:00
Matthijs Mekking
25f39228e0 Test removing DNSKEYs from other providers
In a multi-signer setup, removing DNSKEY records from the zone should
not be treated as a key that previously exists in the keyring, thus
blocking the keymgr. Add a test case to make sure.

(cherry picked from commit 5f552293d7)
2024-10-14 10:03:59 +02:00
Matthijs Mekking
7aaa36f09f Small keymgr improvement
When a key is to be purged, don't run the key state machinery for it.

(cherry picked from commit af54e3dadc)
2024-10-14 10:03:31 +02:00
Matthijs Mekking
80d5b3877a Add additional test case with purged key
Test that if a key to be purged is in the keyring, it does not
prevent the keymgr from running. Normally a key that is in the keyring
should be available again on the next run, but that is not true for
a key that can be purged.

In addition, fix some wait_for_log calls, by adding the missing
'|| ret=1' parts.

(cherry picked from commit a2317425bc)
2024-10-14 10:03:19 +02:00
Matthijs Mekking
24e8e4294a Fix some system test cases
Some test cases were working but for the wrong reasons. These started
to fail when I implemented the first approach for #4763, where the
existence of a DNSKEY together with an empty keyring is suspicious and
would prevent the keymgr from running.

These are:

1. kasp: The multisigner-model2.kasp zone has ZSKs from other providers
   in the zone, but not yet its own keys. Pregenerate signing keys and
   add them to the unsigned zone as well.

2. kasp: The dynamic-signed-inline-signing.kasp zone has a key generated
   and added in the raw version of the zone. But the key file is stored
   outside the key-directory for the given zone. Add '-K keys' to the
   dnssec-keygen command.

(cherry picked from commit d1e263ef13)
2024-10-14 10:03:12 +02:00
Matthijs Mekking
2494275a8e Verify new key files before running keymgr
Prior to running the keymgr, first make sure that existing keys
are present in the new keylist. If not, treat this as an operational
error where the keys are made offline (temporarily), possibly unwanted.

(cherry picked from commit 5fdad05a8a)
2024-10-14 10:03:00 +02:00
Matthijs Mekking
04ae34cff6 Add test for missing key files, don't roll
In this specific case the key files are temporary unavailable, for
example because of an operator error, or a mount failure). In such
cases, BIND should not try to roll over these keys.

(cherry picked from commit a3afbd9d6f)
2024-10-14 07:19:37 +00:00
Artem Boldariev
9aab8cb150 [9.20] fix: dig - always set the default port when doing a UDP query
This change ensures that the port is set before attempting a UDP query. Before that a situation could appear when previous query have completed over a different transport (that uses a dedicated port) and then a UDP query will be attempted over the port of the previous transport.

Backport of !9618.

Merge branch 'artem-debian-bug-1059582-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9619
2024-10-10 19:56:47 +00:00
Artem Boldariev
3585a004b9 dig: always set the default port when doing a UDP query
This commit ensures that the port is set before attempting a UDP
query. Before that a situation could appear when previous query have
completed over a different transport (that uses a dedicated port) and
then a UDP query will be attempted over the port of the previous
transport.

(cherry picked from commit e390ed4421)
2024-10-10 22:13:55 +03:00
Matthijs Mekking
f6696418ef [9.20] chg: doc: Add release note for #4460
This release note was missing due to a malformed Merge Request title.

The text is not copied verbatim, but changed to something more release
note-like.

Backport of MR !9598

Merge branch 'backport-4460-add-missing-release-note-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9615
2024-10-10 12:46:40 +00:00
Matthijs Mekking
69d121df3d Add release note for #4460
This release note was missing due to a malformed Merge Request title.

The text is not copied verbatim, but changed to something more release
note-like.

(cherry picked from commit 5860bafc60)
2024-10-10 11:43:06 +00:00
Matthijs Mekking
29c460a4e5 [9.20] fix: dev: Revert "Improve performance when looking for the closest encloser"
Revert "fix: chg: Improve performance when looking for the closest encloser when returning NSEC3 proofs"

This reverts merge request !9436

Closes #4950

Backport of MR !9611

Merge branch 'backport-revert-78d48f7a-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9613
2024-10-10 11:31:18 +00:00