Commit Graph
3753 Commits
Author SHA1 Message Date
Michał Kępień 7b0e57095a Merge tag 'v9_16_37' into v9_16
BIND 9.16.37
2023-01-25 21:34:55 +01:00
Ondřej Surý e241a3f4db Don't use reference counting in isc_timer unit
The reference counting and isc_timer_attach()/isc_timer_detach()
semantic are actually misleading because it cannot be used under normal
conditions.  The usual conditions under which is timer used uses the
object where timer is used as argument to the "timer" itself.  This
means that when the caller is using `isc_timer_detach()` it needs the
timer to stop and the isc_timer_detach() does that only if this would be
the last reference.  Unfortunately, this also means that if the timer is
attached elsewhere and the timer is fired it will most likely be
use-after-free, because the object used in the timer no longer exists.

Remove the reference counting from the isc_timer unit, remove
isc_timer_attach() function and rename isc_timer_detach() to
isc_timer_destroy() to better reflect how the API needs to be used.

The only caveat is that the already executed event must be destroyed
before the isc_timer_destroy() is called because the timer is no longet
attached to .ev_destroy_arg.

(cherry picked from commit ae01ec2823)
2023-01-19 11:28:10 +01:00
Ondřej Surý 235ce6c888 Commit the change of view for view->managed_keys
When we change the view in the view->managed_keys, we never commit the
change, keeping the previous view possibly attached forever.

Call the dns_zone_setviewcommit() immediately after changing the view as
we are detaching the previous view anyway and there's no way to recover
from that.

(cherry picked from commit 7e8b53720d)
2023-01-17 22:48:37 +01:00
Evan HuntandMichał Kępień 7fe2204a2e add a configuration option for the update quota
add an "update-quota" option to configure the update quota.

(cherry picked from commit f57758a730)
2023-01-12 12:21:36 +01:00
Evan HuntandMichał Kępień 35711a29e5 add an update quota
limit the number of simultaneous DNS UPDATE events that can be
processed by adding a quota for update and update forwarding.
this quota currently, arbitrarily, defaults to 100.

also add a statistics counter to record when the update quota
has been exceeded.

(cherry picked from commit 7c47254a14)
2023-01-12 12:21:36 +01:00
Tony FinchandTony Finch 01788b8852 Don't crash when rndc delzone encounters a catz member
Try to remove the zone from the NZF config only if it was
dynamically added but not by a catalog zone.

(cherry picked from commit 9fa20d6f6c)
2023-01-04 18:04:53 +00:00
Tony FinchandTony Finch 2d5160a9b9 A couple of RPZ options were not reconfigured as expected
[bug]	Changes to the RPZ response-policy min-update-interval
	and add-soa options now take effect as expected when
	named is reconfigured. [GL #3740]

(cherry picked from commit d8a3d328db)
2022-12-16 09:54:47 +00:00
Tony FinchandTony Finch bdfb06eb5a List supported DNSSEC algorithms at log level NOTICE
NOTICE matches the other startup messages. WARNING weirdly
suggests the list is a problem.

(cherry picked from commit 72f8d03cad)
2022-12-14 11:04:35 +00:00
Michal Nowak 771fed4a14 Update sources to Clang 15 formatting 2022-11-29 10:30:34 +01:00
Mark Andrews 10083c2019 Have dns_zt_apply lock the zone table
There were a number of places where the zone table should have been
locked, but wasn't, when dns_zt_apply was called.

Added a isc_rwlocktype_t type parameter to dns_zt_apply and adjusted
all calls to using it.  Removed locks in callers.

(cherry picked from commit f053d5b414)
2022-11-11 16:13:55 +00:00
Mark AndrewsandMichal Nowak bf3a8c7de9 Add missing closing ')' to update-policy documentation
The opening '(' before local was not being matched by a closing
')' after the closing '};'.

(cherry picked from commit 044c3b2bb8)
2022-11-07 13:08:20 +01:00
Matthijs Mekking e4808e1f5f If a zone is not reusable, trigger full sign
If after a reconfig a zone is not reusable because inline-signing
was turned on/off, trigger a full resign. This is necessary because
otherwise the zone maintenance may decide to only apply the changes
in the journal, leaving the zone in an inconsistent DNSSEC state.

(cherry picked from commit 4d143f2cc4)
2022-11-03 14:44:41 +01:00
Aram Sargsyan c65c6ecee5 Getting the "prefetch" setting from the configuration cannot fail
The "prefetch" setting is in "defaultconf" so it cannot fail, use
INSIST to confirm that.

The 'trigger' and 'eligible' variables are now prefixed with
'prefetch_' and their declaration moved to an upper level, because
there is no more additional code block after this change.

(cherry picked from commit 0227565cf1)
2022-10-21 10:30:56 +00:00
Artem Boldariev 46664bfe5d Fix named failing to start on Solaris systems with hundreds of CPUs
This commit fixes a startup issue on Solaris systems with
many (reportedly > 510) CPUs by bumping RLIMIT_NOFILE. This appears to
be a regression from 9.11.

(cherry picked from commit fff01fe7eb)
2022-10-20 15:21:53 +03:00
Petr ŠpačekandMark Andrews 2c09403ab4 Document list of crypto algorithms in named -V output
(cherry picked from commit c648e280e4)
2022-09-30 09:57:32 +10:00
Mark Andrews e8439121ad Deduplicate string formating
(cherry picked from commit d34ecdb366)
2022-09-30 09:57:32 +10:00
Mark Andrews 21d4befe09 silence scan-build false positive
(cherry picked from commit 3156d36495)
2022-09-30 09:57:32 +10:00
Mark Andrews 3265fc496e Report algorithms supported by named at startup
(cherry picked from commit cb1515e71f)
2022-09-30 09:57:32 +10:00
Mark Andrews 989811b6d9 Have 'named -V' report supported algorithms
These cover DNSSEC, DS, HMAC and TKEY algorithms.

(cherry picked from commit b308f866c0)
2022-09-30 09:57:32 +10:00
Michał Kępień fe0b04d8d3 Fix the description of named's -n option
Since the advent of netmgr, named no longer creates a single thread per
CPU, but rather a set of two threads per CPU.  Update the man page for
named accordingly to prevent confusion.
2022-09-21 19:47:13 +02:00
Tony Finch dff843199f Ensure that named_server_t is properly initialized
There was a ubsan error reporting an invalid value for interface_auto
(a boolean value cannot be 190) because it was not initialized. To
avoid this problem happening again, ensure the whole of the server
structure is initialized to zero before setting the (relatively few)
non-zero elements.
2022-09-12 11:21:37 +01:00
Aram Sargsyan 8b328f0049 Do not use libxml2 deprecated functions
The usage of xmlInitThreads() and xmlCleanupThreads() functions in
libxml2 is now marked as deprecated, and these functions will be made
private in the future.

Use xmlInitParser() and xmlCleanupParser() instead of them.

(cherry picked from commit a5d412d924)
2022-09-06 09:22:35 +00:00
Matthijs Mekking bc9c65f465 Remove implicit inline-signing code
Remove the code that sets implicit inline-signing on zones using
dnssec-policy.

(cherry picked from commit a6b09c9c69186e81a9be54e8b7bb413b1ac4d650)
2022-09-06 10:27:33 +02:00
Matthijs MekkingandEvan Hunt 111b215987 Reject zones with TTL higher than dnssec-policy max-zone-ttl
Reject loading of zones with TTL higher than the max-zone-ttl
from the dnssec-policy.

With this change, any zone with a dnssec-policy in use will ignore
the max-zone-ttl option in zone/view/options.
2022-07-22 13:40:12 -07:00
Ondřej Surý c1b8f5f30c Increase the BUFSIZ-long buffers
The BUFSIZ value varies between platforms, it could be 8K on Linux and
512 bytes on mingw.  Make sure the buffers are always big enough for the
output data to prevent truncation of the output by appropriately
enlarging or sizing the buffers.

(cherry picked from commit b19d932262)
2022-07-15 21:21:03 +02:00
Michał Kępień b68851773c Make "named -h" output match option-handling code
The usage instructions printed by "named -h" are missing the "external"
and "internal" flags that can be passed to the -M command-line option.
Add the missing flags to "named -h" output.
2022-07-15 10:45:34 +02:00
Michał Kępień 31012c1c0d Update documentation for named's -M option
Add "internal" to the list of legal values for the -M command-line
option (commit 1f7d2d53f0 added that
flag).

Make the style of the relevant paragraph more in line with the next one
and split its contents up into an unordered list of options for improved
readability.

(cherry picked from commit f0c31ceb3b)
2022-07-15 10:45:34 +02:00
Michał Kępień 4d1986ebcb Handle ISC_MEM_DEFAULTFILL consistently
Contrary to what the documentation states, memory filling is only
enabled by --enable-developer (or by setting -DISC_MEM_DEFAULTFILL=1) if
the internal memory allocator is used.  However, the internal memory
allocator is disabled by default, so just using the --enable-developer
build-time option does not enable memory filling (passing "-M fill" on
the named command line is necessary to actually enable it).  As memory
filling is a useful tool for troubleshooting certain types of bugs, it
should also be enabled by --enable-developer when the system allocator
is used.

Furthermore, memory-related preprocessor macros are handled in two
distinct locations: lib/isc/include/isc/mem.h and bin/named/main.c.
This makes the logic hard to follow.

Move all code handling the ISC_MEM_DEFAULTFILL preprocessor macro to
lib/isc/include/isc/mem.h, ensuring memory filling is enabled by the
--enable-developer build-time switch, no matter which memory allocator
is used.
2022-07-15 10:45:34 +02:00
Matthijs Mekking 0d5e0867df Inherit dnssec-policy in check for inline-signing
When dnssec-policy is used, and the zone is not dynamic, BIND will
assume that the zone is inline-signed. But the function responsible
for this did not inherit the dnssec-policy option from the view or
options level, and thus never enabled inline-signing, while the zone
should have been.

This is fixed by this commit.

(cherry picked from commit 576b21b168)
2022-07-12 12:48:21 +02:00
Matthijs Mekking 3d2126cc82 Add comment on DNSSEC signing zone configuration
I was slightly confused here, so IMO it can use a comment.

(cherry picked from commit c80531758c)
2022-06-20 16:50:51 +02:00
Michal Nowak a584a8f88f Update clang to version 14
(cherry picked from commit 1c45a9885a)
2022-06-16 18:11:03 +02:00
Ondřej Surý 32a3970b13 Replace netievent lock-free queue with simple locked queue
The current implementation of isc_queue uses Michael-Scott lock-free
queue that in turn uses hazard pointers.  It was discovered that the way
we use the isc_queue, such complicated mechanism isn't really needed,
because most of the time, we either execute the work directly when on
nmthread (in case of UDP) or schedule the work from the matching
nmthreads.

Replace the current implementation of the isc_queue with a simple locked
ISC_LIST.  There's a slight improvement - since copying the whole list
is very lightweight - we move the queue into a new list before we start
the processing and locking just for moving the queue and not for every
single item on the list.

NOTE: There's a room for future improvements - since we don't guarantee
the order in which the netievents are processed, we could have two lists
- one unlocked that would be used when scheduling the work from the
matching thread and one locked that would be used from non-matching
thread.

(cherry picked from commit 6bd025942c)
2022-05-25 16:01:58 +02:00
Ondřej Surý 7a8e6d67a5 Add missing void in named_config_getdefault() definition
The named_config_getdefault() was missing void in the function
definition.  This broke clang-15 that didn't match the declaration that
had the void in the argument with the definition that hadn't.
2022-05-04 13:03:51 +02:00
Petr MenšíkandPetr Špaček c1127e3550 Export built-in default configuration for named binary
It might be useful to display built-in configuration with all its
values. It should make it easier to test what default values has changed
in a new release.

Related: #1326
(cherry picked from commit cf722d18b3)
2022-04-29 12:26:46 +02:00
Petr MenšíkandMark Andrews cde36497ba Don't test new-zones-directory argument validity
Parser ensures new-zones-directory has qstring parameter before it can
reach this place. dir == NULL then should never happen on any
configuration. Replace silent check with insist.

(cherry picked from commit 0a7d04367a)
2022-04-29 11:46:33 +10:00
Ondřej Surý a7f893e836 Rename the configuration option to load balance sockets to reuseport
After some back and forth, it was decidede to match the configuration
option with unbound ("so-reuseport"), PowerDNS ("reuseport") and/or
nginx ("reuseport").

(cherry picked from commit 7e71c4d0cc)
2022-04-06 17:51:12 +02:00
Ondřej Surý 9159837315 Enable the load-balance-sockets configuration
Previously, HAVE_SO_REUSEPORT_LB has been defined only in the private
netmgr-int.h header file, making the configuration of load balanced
sockets inoperable.

Move the missing HAVE_SO_REUSEPORT_LB define the isc/netmgr.h and add
missing isc_nm_getloadbalancesockets() implementation.

(cherry picked from commit 142c63dda8)
2022-04-05 02:17:47 +02:00
Ondřej Surý 8993ebc01a Add option to configure load balance sockets
Previously, the option to enable kernel load balancing of the sockets
was always enabled when supported by the operating system (SO_REUSEPORT
on Linux and SO_REUSEPORT_LB on FreeBSD).

It was reported that in scenarios where the networking threads are also
responsible for processing long-running tasks (like RPZ processing, CATZ
processing or large zone transfers), this could lead to intermitten
brownouts for some clients, because the thread assigned by the operating
system might be busy.  In such scenarious, the overall performance would
be better served by threads competing over the sockets because the idle
threads can pick up the incoming traffic.

Add new configuration option (`load-balance-sockets`) to allow enabling
or disabling the load balancing of the sockets.

(cherry picked from commit 85c6e797aa)
2022-04-05 01:21:50 +02:00
Ondřej SurýandOndřej Surý b624be2544 Remove use of the inline keyword used as suggestion to compiler
Historically, the inline keyword was a strong suggestion to the compiler
that it should inline the function marked inline.  As compilers became
better at optimising, this functionality has receded, and using inline
as a suggestion to inline a function is obsolete.  The compiler will
happily ignore it and inline something else entirely if it finds that's
a better optimisation.

Therefore, remove all the occurences of the inline keyword with static
functions inside single compilation unit and leave the decision whether
to inline a function or not entirely on the compiler

NOTE: We keep the usage the inline keyword when the purpose is to change
the linkage behaviour.

(cherry picked from commit 20f0936cf2)
2022-03-25 09:37:18 +01:00
Ondřej SurýandOndřej Surý 75f9dd8e82 Simplify way we tag unreachable code with only ISC_UNREACHABLE()
Previously, the unreachable code paths would have to be tagged with:

    INSIST(0);
    ISC_UNREACHABLE();

There was also older parts of the code that used comment annotation:

    /* NOTREACHED */

Unify the handling of unreachable code paths to just use:

    UNREACHABLE();

The UNREACHABLE() macro now asserts when reached and also uses
__builtin_unreachable(); when such builtin is available in the compiler.

(cherry picked from commit 584f0d7a7e)
2022-03-25 09:33:51 +01:00
Ondřej SurýandOndřej Surý 673e53f81d Add FALLTHROUGH macro for __attribute__((fallthrough))
Gcc 7+ and Clang 10+ have implemented __attribute__((fallthrough)) which
is explicit version of the /* FALLTHROUGH */ comment we are currently
using.

Add and apply FALLTHROUGH macro that uses the attribute if available,
but does nothing on older compilers.

In one case (lib/dns/zone.c), using the macro revealed that we were
using the /* FALLTHROUGH */ comment in wrong place, remove that comment.

(cherry picked from commit fe7ce629f4)
2022-03-25 09:30:16 +01:00
Ondřej Surý 848e6ee7b6 Make dns_catz_get_iterator() return void
Previously, the function(s) in the commit subject could fail for various
reasons - mostly allocation failures, or other functions returning
different return code than ISC_R_SUCCESS.  Now, the aforementioned
function(s) cannot ever fail and they would always return ISC_R_SUCCESS.

Change the function(s) to return void and remove the extra checks in
the code that uses them.

(cherry picked from commit d128656d2e)
2022-03-08 20:20:54 +01:00
Aram Sargsyan 4ada743291 Don't use RTLD_DEEPBIND with sanitizers
dlopen(3) RTLD_DEEPBIND flag is incompatible with sanitizer runtime
(see https://github.com/google/sanitizers/issues/611 for details).
2022-01-26 08:19:02 +00:00
Aram Sargsyan f555f1d2eb Improve the view configuration error handling and reverting logic
If a view configuration error occurs during a named reconfiguration
procedure, BIND can end up having twin views (old and new), with some
zones and internal structures attached to the old one, and others
attached to the new one, which essentially creates chaos.

Implement some additional view reverting mechanisms to avoid the
situation described above:

 1. Revert rpz configuration.

 2. Revert catz configuration.

 3. Revert zones to view attachments.

(cherry picked from commit 3697560f04)
2022-01-26 08:19:02 +00:00
Ondřej Surý 2bf7921c7e Update the copyright information in all files in the repository
This commit converts the license handling to adhere to the REUSE
specification.  It specifically:

1. Adds used licnses to LICENSES/ directory

2. Add "isc" template for adding the copyright boilerplate

3. Changes all source files to include copyright and SPDX license
   header, this includes all the C sources, documentation, zone files,
   configuration files.  There are notes in the doc/dev/copyrights file
   on how to add correct headers to the new files.

4. Handle the rest that can't be modified via .reuse/dep5 file.  The
   binary (or otherwise unmodifiable) files could have license places
   next to them in <foo>.license file, but this would lead to cluttered
   repository and most of the files handled in the .reuse/dep5 file are
   system test files.

(cherry picked from commit 58bd26b6cf)
2022-01-11 12:22:09 +01:00
Evan HuntandOndřej Surý 21b0093440 Prevent a shutdown race in catz_create_chg_task()
If a catz event is scheduled while the task manager was being
shut down, task-exclusive mode is unavailable. This needs to be
handled as an error rather than triggering an assertion.

(cherry picked from commit 973ac1d891)
2022-01-05 13:37:46 +01:00
Ondřej Surý 1f7d2d53f0 Disable the internal memory allocator by default
For small sized allocations, the internal allocator gets the memory in
bigger blobs that gets splits into right-sized chunks.  This increases
speed of small allocations and reduced the fragmentation, but such
memory is never released back to the operating system.

Disable the internal allocator by default, and add new `-M internal`
command line option to `named`.
2021-12-15 13:29:19 +01:00
Aram Sargsyan 4b362a82eb Fix catalog zone reconfiguration crash
The following scenario triggers a "named" crash:

1. Configure a catalog zone.
2. Start "named".
3. Comment out the "catalog-zone" clause.
4. Run `rndc reconfig`.
5. Uncomment the "catalog-zone" clause.
6. Run `rndc reconfig` again.

Implement the required cleanup of the in-memory catalog zone during
the first `rndc reconfig`, so that the second `rndc reconfig` could
find it in an expected state.

(cherry picked from commit 43ac2cd229)
2021-12-01 09:56:59 +00:00
Mark Andrews 1a94a31484 Embed NAMED_SYSCONFDIR contents in the bind.keys comment
(cherry picked from commit 1d7b1f74c9)
2021-11-17 08:46:07 +11:00
Mark Andrews 4ad84547c5 Update comments around built in trust anchors
The comments now say "# BEGIN TRUST ANCHORS" and "# END TRUST ANCHORS".

(cherry picked from commit 43a7f3f532)
2021-11-17 08:46:07 +11:00