Commit Graph

34402 Commits

Author SHA1 Message Date
Michał Kępień
68fadd52c1 Merge tag 'v9_16_30' into v9_16
BIND 9.16.30
2022-06-15 16:02:06 +02:00
Petr Špaček
f4db2c69fa Merge branch 'pspacek/doc-cleanup-dnssec-prereq-v9_16' into 'v9_16'
Update intro texts in the DNSSEC Guide [v9_16]

See merge request isc-projects/bind9!6435
2022-06-14 16:22:46 +00:00
Petr Špaček
b14b29b969 Update FAQ in the DNSSEC Guide
Mention DoT/DoH, update stats, remove mentions of early stages of
deployment.

(cherry picked from commit fd3a2c7854)
2022-06-14 18:18:54 +02:00
Petr Špaček
308c7f7c5c Update Authoritative Server Hardware requirements in DNSSEC Guide
Based on measurements done on BIND v9_19_2 using bank. TLD and a
synthetitc fullly signed zone, using RSASHA256 and ECDSAP256SHA256
algorithms with NSEC and NSEC3 without opt-out.

(cherry picked from commit 635885afe6)
2022-06-14 18:18:36 +02:00
Petr Špaček
0efc93ce1a Update DNSSEC validation deployment stats in DNSSEC Guide
(cherry picked from commit 832c172985)
2022-06-14 18:18:36 +02:00
Petr Špaček
b64c8459f7 Rewrite Recursive Server Hardware requirements in DNSSEC Guide
This section was completely out of date. Current measurements on dataset
Telco EU 2022-02 and BIND 9.19.1 indicate absolutely different results
than described in the old version of the text.

(cherry picked from commit 6cf8066b9c)
2022-06-14 18:18:36 +02:00
Petr Špaček
4319b776f8 Remove outdated software requirements from DNSSEC Guide
Guide in this repo is tied to latest version anyway, so let's not even
mention ancient versions of BIND.

This also solves the OpenSSL question because it is now mandatory for
build, which subsequently removes the entropy problem - so let's not
mention it either.

(cherry picked from commit 6e79877759)
2022-06-14 18:18:35 +02:00
Michal Nowak
4e840e7d59 Merge branch '3138-capture-scripts-to-coverity-scan-v9_16' into 'v9_16'
[v9_16] Capture scripts for Coverity Scan analysis

See merge request isc-projects/bind9!6431
2022-06-14 12:38:07 +00:00
Michal Nowak
a95ced4d51 Capture scripts for Coverity Scan analysis
With the recent Coverity Scan 2021.12 version, Python 3 scripts are
being analyzed in addition to C files. The --fs-capture-search option
scripts for Coverity Scan analysis should be added to leverage this
feature.

(cherry picked from commit b4a2674d98)
2022-06-14 14:25:04 +02:00
Michal Nowak
f1ae1eb6f3 Download Coverity Scan analysis tool to /tmp
Downloading and unpacking Coverity Scan analysis tool tarball
(cov-analysis-linux64.tgz) to $CI_PROJECT_DIR interferes with the
execution of the analysis tool when the --fs-capture-search option is
used because the tool starts to analyze some of its Javascript files.
(There's the --fs-capture-search-exclude-regex <path> option, but I
failed to find a way to make it work.)

(cherry picked from commit 1333bdf67e)
2022-06-14 14:25:04 +02:00
Michal Nowak
b2b329af32 Drop coverity cache feature
The coverity CI job cache feature is used to ensure that the 1 GB
cov-analysis-linux64.tgz file is being cached on GitLab CI runner, where
it was downloaded in the past. This feature does not seem to work
anymore; given that the proper solution to creating distributed cache is
complicated, better to drop the feature altogether.

(cherry picked from commit c966304e90)
2022-06-14 14:25:04 +02:00
Ondřej Surý
dbda0b4ac2 Merge branch '3400-gracefully-handle-the-errors-from-uv_start_read-v9_16' into 'v9_16'
Gracefully handle uv_read_start() failures [v9.16]

See merge request isc-projects/bind9!6427
2022-06-14 10:45:13 +00:00
Ondřej Surý
5cd2acb374 Add CHANGES and release note for [GL #3400]
(cherry picked from commit 646df5cbbc)
2022-06-14 11:55:03 +02:00
Ondřej Surý
6cfab7e4f7 Gracefully handle uv_read_start() failures
Under specific rare timing circumstances the uv_read_start() could
fail with UV_EINVAL when the connection is reset between the connect (or
accept) and the uv_read_start() call on the nmworker loop.  Handle such
situation gracefully by propagating the errors from uv_read_start() into
upper layers, so the socket can be internally closed().

(cherry picked from commit b432d5d3bc)
2022-06-14 11:55:03 +02:00
Mark Andrews
0e90fa4234 Merge branch 'typo-in-log-on-update-forward-opcode-mismatch-v9_16' into 'v9_16'
corrected the opcode param to opcode_totext

See merge request isc-projects/bind9!6422
2022-06-14 02:57:46 +00:00
Mark Andrews
1e155f4fc4 Add CHANGES note for [GL !6420]
(cherry picked from commit bd508194be)
2022-06-14 12:08:02 +10:00
JINMEI Tatuya
673211492c make the fix more complete
(cherry picked from commit a58647df6a)
2022-06-14 12:07:39 +10:00
JINMEI Tatuya
66cfaf0fb0 corrected the opcode param to opcode_totext
(cherry picked from commit 2b81a69659)
2022-06-14 12:07:39 +10:00
Petr Špaček
5c327f209b Merge branch 'pspacek/keyfromlabel-doc-alg-clarif-v9_16' into 'v9_16'
Clarify dnssec-keyfromlabel -a in man page [v9_16]

See merge request isc-projects/bind9!6415
2022-06-10 06:06:28 +00:00
Petr Špaček
f01f316268 Clarify dnssec-keyfromlabel -a in man page
(cherry picked from commit 5f53003dae)
2022-06-10 08:02:33 +02:00
Tom Krizek
27f383182b Merge branch 'tkrizek/python-codestyle-v9_16' into 'v9_16'
Enforce Python codestyle with black [v9_16]

See merge request isc-projects/bind9!6406
2022-06-08 12:03:50 +00:00
Tom Krizek
883b6c8c1e Remove flake8 linter for Python from CI
Python codestyle is now handled by black and other issues are checked by
pylint. Flake8 checking has been made redundant and is thus removed as
obsolete.

(cherry picked from commit dae340a4a5)
2022-06-08 13:44:23 +02:00
Tom Krizek
b3c7bd1c04 Auto-format Python files with black
This patch is strictly the result of:
$ black $(git ls-files '*.py' '*.py.in')

There have been no manual changes.
2022-06-08 13:34:19 +02:00
Tom Krizek
cf92d05908 Enforce Python codestyle with black
Black is an opinionated tool for auto-formatting Python code so we no
longer have to worry about the codestyle.

For the codestyle decisions and discussion, refer to the upstream
documentation [1].

[1] https://black.readthedocs.io/en/stable/the_black_code_style/current_style.html
2022-06-08 13:29:01 +02:00
Tom Krizek
8668c8c061 Remove trailing whitespace
My editor doesn't like that!

(cherry picked from commit 5d64d05be9)
2022-06-08 13:24:30 +02:00
Arаm Sаrgsyаn
983bd242b6 Merge branch '3380-catz-dont-cancel-processing-when-encountering-an-unexpected-rrtype-v9_16' into 'v9_16'
Resolve "member zones are deleted if RRsig appears in the catalog zone"

See merge request isc-projects/bind9!6355
2022-06-07 11:05:42 +00:00
Aram Sargsyan
87b3ced5fe Do not cancel processing record datasets in catalog zone after an error
When there are multiple record datasets in a database node of a catalog
zone, and BIND encounters a soft error during processing of a dataset,
it breaks from the loop and doesn't process the other datasets in the
node.

There are cases when this is not desired. For example, the catalog zones
draft version 5 states that there must be a TXT RRset named
`version.$CATZ` with exactly one RR, but it doesn't set a limitation
on possible non-TXT RRsets named `version.$CATZ` existing alongside
with the TXT one. In case when one exists, we will get a processing
error and will not continue the loop to process the TXT RRset coming
next.

Remove the "break" statement to continue processing all record datasets.

(cherry picked from commit 0b2d5490cd)
2022-06-07 09:59:32 +00:00
Matthijs Mekking
a0e05074fd Merge branch '3362-kasp-system-test-timing-issue-v9_16' into 'v9_16'
[v9_16] Fix another kasp test timing issue

See merge request isc-projects/bind9!6401
2022-06-07 09:11:07 +00:00
Matthijs Mekking
1dc36e2961 Retry quiet to deal with kasp test timing issue
In the cases where we test SOA serial updates and TTL updates, we check
if for "all zones loaded" to ensure the new zone content is loaded. But
this is the unsigned zone, the signed zone still needs to be produced.

There is thus a timing issue where the dig request comes in before
the signing process has finished.

Add a retry quiet to mitigate against it.

(cherry picked from commit 827bba05a0)
2022-06-07 09:38:06 +02:00
Petr Špaček
8f0682ecad Merge branch 'pspacek/danger-log-level-v9_16' into 'v9_16'
Flag new user-visible log messages for manual review [v9_16]

See merge request isc-projects/bind9!6393
2022-06-03 10:13:17 +00:00
Petr Špaček
ef8e3c72c6 Flag new user-visible log messages for review
Messages with log levels INFO or higher are flagged for manual review.
Purpose of this check is to prevent debug logs to being released with
too-high log level.

(cherry picked from commit b0f59cb5cb)
2022-06-03 12:12:37 +02:00
Michał Kępień
5636eca562 Merge branch 'michal/set-up-version-and-release-notes-for-bind-9.16.31' into 'v9_16'
Set up version and release notes for BIND 9.16.31

See merge request isc-projects/bind9!6391
2022-06-03 09:27:05 +00:00
Michał Kępień
913c0b833c Set up release notes for BIND 9.16.31 2022-06-03 11:05:47 +02:00
Michał Kępień
531323877c Update BIND version to 9.16.31-dev 2022-06-03 11:05:47 +02:00
Tinderbox User
61fdb40fb2 Merge branch 'prep-release' into v9_16_30-release v9.16.30 2022-06-02 19:34:02 +00:00
Tinderbox User
0842c032fd prep 9.16.30 2022-06-02 19:30:41 +00:00
Michał Kępień
609dde6e69 Merge branch 'michal/prepare-documentation-for-bind-9.16.30' into 'v9_16_30-release'
Prepare documentation for BIND 9.16.30

See merge request isc-private/bind9!408
2022-06-02 19:17:47 +00:00
Michał Kępień
e012953aea Add release note for GL #3327 2022-06-02 20:57:12 +02:00
Michał Kępień
35aaf41516 Reorder release notes 2022-06-02 20:57:12 +02:00
Michał Kępień
ee8b00bdf2 Tweak and reword release notes 2022-06-02 20:57:12 +02:00
Michał Kępień
501ac73a7c Prepare release notes for BIND 9.16.30 2022-06-02 20:57:12 +02:00
Petr Špaček
6fcc7bfe80 Merge branch 'pspacek/rtd-style-changes-v9_16' into 'v9_16'
ReadTheDocs style changes [v9_16]

See merge request isc-projects/bind9!6387
2022-06-02 15:30:26 +00:00
Petr Špaček
cc1599e454 ARM style change: render literals in black color
After enormous amount of bikesheding about colors we decided to override
ReadTheDocs default style for literals (``literal`` in the RST markup).

Justification:
- The default RTD "light red literal on white background" is hard to
  read.  https://webaim.org/resources/contrastchecker/ reports that text
  colored as rgb(231, 76, 60) on white background has insufficient
  contrast.
- The ARM has enormous amount of literals all over the place and thus
  one sentence can contain several black/red/black color changes. This
  is distracting. As a consequence, the ARM looks like a Geronimo
  Stilton book.

What we experimented with as replacements for red:
- Green - way too distracting
- Blue - too similar to "usual clickable link"
- Violet - too Geronimo Stilton style
- Brown - better but still distracting

After all the bikesheding we settled on black, i.e. the same as all
"normal" text. I.e. the color is now the same and literals are denoted
by monospaced font and a box around the literal. This has best contrast
and is way less distracting than it used to be.

This lead to a new problem: Internal references to "term definitions"
defined using directives like .. option:: were rendered almost the same
as literals:
- References: monospaced + box + bold + clickable
- Literals: monospaced + box To distinguish these two we added black
  dotted underline to clickable references.

I hereby declare the bikeshed painted.

(cherry picked from commit 833af31e7b)
2022-06-02 17:24:41 +02:00
Petr Špaček
dafacea24c Allow wrapping for ARM table content
RTD style default never wraps <th> and <td> elements and that just does
not work for real sentences or any other long lines.

We can reconsider styling some tables separately, but at the moment we
do not have use for tables with long but unwrappable lines so it's
easier to allow wrapping globally.

(cherry picked from commit a5dd98ac1b)
2022-06-02 17:24:39 +02:00
Arаm Sаrgsyаn
9fa26af659 Merge branch 'aram/catz-processing-skip-warnings-for-some-rrset-types-v9_16' into 'v9_16'
[v9_16] Don't process DNSSEC-related and ZONEMD records in catz

See merge request isc-projects/bind9!6384
2022-06-02 11:11:42 +00:00
Aram Sargsyan
a0121f4908 Add CHANGES and release note for [GL #3380]
(cherry picked from commit b8073cbe72)
2022-06-02 10:34:05 +00:00
Aram Sargsyan
1dc7288708 Don't process DNSSEC-related and ZONEMD records in catz
When processing a catalog zone update, skip processing records with
DNSSEC-related and ZONEMD types, because we are not interested in them
in the context of a catalog zone, and processing them will fail and
produce an unnecessary warning message.

(cherry picked from commit 73d6643137)
2022-06-02 10:33:03 +00:00
Mark Andrews
d34cc48045 Merge branch '3388-missing-indent-call-v9_16' into 'v9_16'
Add missing INDENT call for UPDATE messages [v9_16]

See merge request isc-projects/bind9!6381
2022-06-01 22:52:53 +00:00
Mark Andrews
b318db2b7f Add missing INDENT call for UPDATE messages
Reported by Peter <pmc@citylink.dinoex.sub.org> on bind-users.

(cherry picked from commit 03132c93ca)
2022-06-02 08:29:28 +10:00
Arаm Sаrgsyаn
73a3a1ad36 Merge branch 'aram/update-top-level-gitignore-add-ide-files-v9_16' into 'v9_16'
[v9_16] Update top-level .gitignore to ignore files generated by some IDEs

See merge request isc-projects/bind9!6376
2022-06-01 11:26:43 +00:00