Commit Graph

27614 Commits

Author SHA1 Message Date
Evan Hunt
7de12aaa34 add a search for GeoIP2 libraries in configure
- "--with-geoip" is used to enable the legacy GeoIP library.
- "--with-geoip2" is used to enable the new GeoIP2 library
  (libmaxminddb), and is on by default if the library is found.
- using both "--with-geoip" and "--with-geoip2" at the same time
  is an error.
- an attempt is made to determine the default GeoIP2 database path at
  compile time if pkg-config is able to report the module prefix. if
  this fails, it will be necessary to set the path in named.conf with
  geoip-directory
- Makefiles have been updated, and a stub lib/dns/geoip2.c has been
  added for the eventual GeoIP2 search implementation.

(cherry picked from commit fea6b5bf10)
(cherry picked from commit 6a7e805796)
2019-07-02 12:28:14 -07:00
Ondřej Surý
d10137736d Merge branch 'ondrej/fix-freebsd-make-v9_11' into 'v9_11'
Add rules to make sure subdirs are always built before testdirs

See merge request isc-projects/bind9!2119
2019-07-02 13:53:17 -04:00
Ondřej Surý
3e24143012 Add rules to make sure subdirs are always built before testdirs
(cherry picked from commit 723433cbc6)
2019-07-02 19:41:14 +02:00
Michał Kępień
15c2e82cca Merge branch 'michal/add-and-use-keyfile_to_key_id-helper-function-v9_11' into 'v9_11'
[v9_11] Add and use keyfile_to_key_id() helper function

See merge request isc-projects/bind9!2109
2019-06-28 08:33:32 -04:00
Michał Kępień
621f8aa90a Add and use keyfile_to_key_id() helper function
When trying to extract the key ID from a key file name, some test code
incorrectly attempts to strip all leading zeros.  This breaks tests when
keys with ID 0 are generated.  Add a new helper shell function,
keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
test code whenever a key ID needs to be extracted from a key file name.

(cherry picked from commit 7d6eaad1bd)
2019-06-28 14:09:36 +02:00
Michał Kępień
ef125c0d73 Merge branch '1093-dnstap-read-clear-buffer-before-expanding-it-v9_11' into 'v9_11'
[v9_11] dnstap-read: clear buffer before expanding it

See merge request isc-projects/bind9!2107
2019-06-28 07:08:36 -04:00
Michał Kępień
207a009424 Add CHANGES entry
5260.	[bug]		dnstap-read was producing malformed output for large
			packets. [GL #1093]

(cherry picked from commit 7354207e1b)
2019-06-28 12:45:47 +02:00
Michał Kępień
511f3c3601 dnstap-read: clear buffer before expanding it
When printing a packet, dnstap-read checks whether its text form takes
up more than the 2048 bytes allocated for the output buffer by default.
If that is the case, the output buffer is automatically expanded, but
the truncated output is left in the buffer, resulting in malformed data
being printed.  Clear the output buffer before expanding it to prevent
this issue from occurring.

(cherry picked from commit 3549abe81d)
2019-06-28 12:45:44 +02:00
Mark Andrews
c71f23eb8b Merge branch '1030-statistics-channel-fixes-v9_11' into 'v9_11'
Statistics Channel Fixes

See merge request isc-projects/bind9!2097
2019-06-26 23:59:20 -04:00
Mark Andrews
62d47e569a add CHANGES
(cherry picked from commit f8b3aa97df)
2019-06-27 13:40:55 +10:00
Mark Andrews
53543c1ecc check xsl vs xml
(cherry picked from commit d5c795942f)
2019-06-27 13:40:52 +10:00
Evan Hunt
f2d67af545 add odd/even shading to the remaining tables
(cherry picked from commit ce3907e9fe)
2019-06-27 13:25:01 +10:00
Mark Andrews
02672e6aaf remove 'Configured Zones'; add even/odd to zone list
(cherry picked from commit eaba8dd799)
2019-06-27 13:25:01 +10:00
Timothe Litt
af4bffd747 Fix ISC-Bugs 45340: Statschannel XSL for zones, Traffic
In ISC-Bugs 45340, I wrote:

The Statistics channel offers links to Zones and Traffic.
Both produce valid data, but display as blank pages with
a web browser.

Zones never had XSL (I provided the original
implementation, but punted on the XSL).

Traffic has XSL, but it wasn't updated to reflect the
split between IPv4 and IPv6 data.

I've picked up enough XSL to fix my original omission,
and as penance for my sloth, fixed the Traffic bug as well.

(cherry picked from commit 96f0bbd4d5)
2019-06-27 13:25:01 +10:00
Evan Hunt
77bc37b616 Merge branch '1092-allow-priming-glue-v9_11' into 'v9_11'
allow glue in authoritative responses to root priming queries

See merge request isc-projects/bind9!2095
2019-06-26 13:12:38 -04:00
Evan Hunt
7cbb589795 CHANGES, release note
(cherry picked from commit 03a6a78b55)
2019-06-26 09:39:00 -07:00
Evan Hunt
f608f9335d x 2019-06-26 09:38:59 -07:00
Evan Hunt
2fd9e88405 add system test to confirm glue is returned in priming queries
(cherry picked from commit 9a1f0ea873)
2019-06-26 09:27:26 -07:00
Evan Hunt
ff4855d358 allow glue in authoritative responses to root priming queries
- when processing authoritative queries for ./NS, set 'gluedb' so
  that glue will be included in the response, regardless of how
  'minimal-responses' has been configured.

(cherry picked from commit e7684c7b64)
2019-06-26 09:27:22 -07:00
Evan Hunt
d944201cf7 Merge branch '1109-inline-reload-error-v9_11' into 'v9_11'
don't overwrite the dns_master_loadfile() result before calling zone_postload()

See merge request isc-projects/bind9!2093
2019-06-26 12:14:20 -04:00
Evan Hunt
80985b2bde CHANGES
(cherry picked from commit c29e344f07)
2019-06-26 08:56:14 -07:00
Evan Hunt
59dc713fc3 add a test that reloading errors are not ignored
(cherry picked from commit e48b3f1a00)
2019-06-26 08:56:14 -07:00
Evan Hunt
4dd46ba0f7 don't overwrite the dns_master_loadfile() result before calling zone_postload()
if "rndc reload" fails, the result code is supposed to be passed to
zone_postload, but for inline-signing zones, the result can be
overwritten first by a call to the ZONE_TRYLOCK macro. this can lead
to the partially-loaded unsigned zone being synced over to the signed
zone instead of being rejected.

(cherry picked from commit 0b792bd37b)
2019-06-26 08:51:24 -07:00
Michał Kępień
92a72a53db Merge branch 'michal/prevent-idna-test-failures-with-libidn2-2.2.0-v9_11' into 'v9_11'
[v9_11] Prevent "idna" test failures with libidn2 2.2.0+

See merge request isc-projects/bind9!2091
2019-06-26 09:00:55 -04:00
Michał Kępień
d48ba3ce12 Prevent "idna" test failures with libidn2 2.2.0+
libidn2 2.2.0+ parses Punycode more strictly than older versions and
thus "dig +idnin +noidnout xn--19g" fails with libidn2 2.2.0+ but
succeeds with older versions.

We could preserve the old behavior by using the IDN2_NO_ALABEL_ROUNDTRIP
flag available in libidn2 2.2.0+, but:

  - this change in behavior is considered a libidn2 bug fix [1],
  - we want to make sure dig behaves as expected, not libidn2,
  - implementing that would require additional configure.ac cruft.

Removing the problematic check appears to be the simplest solution as it
does not prevent the relevant block of checks in the "idna" system test
from achieving its purpose, i.e. ensuring dig properly handles invalid
U-labels.

[1] see upstream commit 241e8f486134793cb0f4a5b0e5817a97883401f5

(cherry picked from commit 60ce0ed411)
2019-06-26 14:41:10 +02:00
Ondřej Surý
d9164ab61c Merge branch '1067-underflow-recursing-clients-stats-v9_11' into 'v9_11'
Resolve "Underflow in Stats Channel RecursClients value?"

See merge request isc-projects/bind9!2037
2019-06-26 05:25:39 -04:00
Witold Kręcicki
e52a96bb0a CHANGES note 2019-06-26 11:11:06 +02:00
Witold Kręcicki
4b246002be Make sure that recursclient gauge is calculated correctly.
We increase recursclients when we attach to recursion quota,
decrease when we detach. In some cases, when we hit soft
quota, we might attach to quota without increasing recursclients
gauge. We then decrease the gauge when we detach from quota,
and it causes the statistics to underflow.
Fix makes sure that we increase recursclients always when we
succesfully attach to recursion quota.
2019-06-26 11:10:42 +02:00
Mark Andrews
cf1d4e614b Merge branch '1098-compile-failure-on-9-11-8' into 'v9_11'
Resolve "Compile failure on 9.11.8"

See merge request isc-projects/bind9!2065
2019-06-24 19:44:49 -04:00
Mark Andrews
5c23623094 add CHANGES 2019-06-25 09:44:07 +10:00
Mark Andrews
4110b9184d define ULLONG_MAX if not already defined 2019-06-25 09:42:49 +10:00
Mark Andrews
f3e23289e0 Merge branch 'marka-wait-for-zones-to-load-v9_11' into 'v9_11'
wait for zones to load

See merge request isc-projects/bind9!2071
2019-06-24 00:35:28 -04:00
Mark Andrews
8802a3a901 wait for zones to load
(cherry picked from commit b62e6418b5)
2019-06-24 14:19:05 +10:00
Ondřej Surý
774d0d37f4 Merge branch '1094-bump-clientinfomethods-version-v9_11' into 'v9_11'
[v9_11] Bump DNS_CLIENTINFOMETHODS VERSION and AGE

See merge request isc-projects/bind9!2059
2019-06-20 11:45:53 -04:00
Brian Conry
1ff50a2f70 Bump DNS_CLIENTINFOMETHODS_VERSION/_AGE to 2/1 in clientinfo.h
BIND 9.11.0 has bumped DNS_CLIENTINFOMETHODS_VERSION and _AGE to
version 2 and 1 in the dlz_minimal.h because a member was addet to the
dnsclientinfo struct.  It was found out that the new member is not
used anywhere and there are no accessor functions therefore the change
was reverted.

Later on, it was found out that the revert caused some problems to the
users of BIND 9, and thus this changes takes a different approach by
syncing the values other way around.

(cherry picked from commit 39344dfb3e)
2019-06-20 14:24:29 +02:00
Ondřej Surý
5924804dda Revert "Downgrade the dns_clientinfomethod structure to the version in lib/dns/clientinfo.c"
This reverts commit a6f09b2255.

(cherry picked from commit 04961a7e6b)
2019-06-20 14:24:29 +02:00
Evan Hunt
96362d67ed Merge branch 'security-v9_11' into 'v9_11'
merge security-v9_11

See merge request isc-projects/bind9!2062
2019-06-19 19:15:29 -04:00
Tinderbox User
3d3c290f51 Merge branch 'prep-release' into security-v9_11 2019-06-19 15:55:05 -07:00
Evan Hunt
5c287fb224 Merge branch '942-security-move-test-inside-lock-security-v9_11' into 'security-v9_11' 2019-06-19 15:55:05 -07:00
Tinderbox User
81c904f697 prep 9.11.8 2019-06-19 15:55:05 -07:00
Evan Hunt
424d7bfd62 CHANGES, release note
(cherry picked from commit 332af50eed96cbcb20173f297e543adaded0ed92)
2019-06-19 15:55:04 -07:00
Mark Andrews
3a9c7bb80d move item_out test inside lock in dns_dispatch_getnext()
(cherry picked from commit 60c42f849d520564ed42e5ed0ba46b4b69c07712)
2019-06-19 15:55:04 -07:00
Michał Kępień
b381efcfaf Merge branch '1088-always-fail-a-system-test-if-crashes-are-detected-v9_11' into 'v9_11'
[v9_11] Always fail a system test if crashes are detected

See merge request isc-projects/bind9!2048
2019-06-18 03:55:23 -04:00
Michał Kępień
29e31a6858 Always fail a system test if crashes are detected
In certain situations (e.g. a named instance crashing upon shutdown in a
system test which involves shutting down a server and restarting it
afterwards), a system test may succeed despite a named crash being
triggered.  This must never be the case.  Extend run.sh to mark a test
as failed if core dumps or log lines indicating assertion failures are
detected (the latter is only an extra measure aimed at test environments
in which core dumps are not generated; note that some types of crashes,
e.g. segmentation faults, will not be detected using this method alone).

(cherry picked from commit 7706f22924)
2019-06-18 09:26:40 +02:00
Michał Kępień
48ca641b42 Merge branch 'michal/tkey-system-test-fix-key-id-processing-v9_11' into 'v9_11'
[v9_11] "tkey" system test: fix key ID processing

See merge request isc-projects/bind9!2043
2019-06-17 08:43:21 -04:00
Michał Kępień
6c8546edc6 Fix key ID processing
If ns1/setup.sh generates a key with ID 0, the "KEYID" token in
ns1/named.conf.in will be replaced with an empty string, causing the
following broken statement to appear in ns1/named.conf:

    tkey-dhkey "server" ;

Such a statement triggers false positives for the "tkey" system test due
to ns1 being unable to start with a broken configuration file.  Fix by
tweaking the regular expression used for removing leading zeros from the
key ID, so that it removes at most 4 leading zeros.

(cherry picked from commit 0b7b1161c2)
2019-06-17 14:16:20 +02:00
Michał Kępień
08eb417bed Merge branch 'michal/address-compilation-warnings-for-O3-builds-v9_11' into 'v9_11'
[v9_11] Address compilation warnings for -O3 builds

See merge request isc-projects/bind9!2029
2019-06-11 04:49:03 -04:00
Michał Kępień
eeec8e8d83 Address GCC 9.1 -O3 compilation warnings
Compiling with -O3 triggers the following warnings with GCC 9.1:

    task.c: In function ‘isc__taskmgr_create’:
    task.c:1456:44: warning: ‘%04u’ directive output may be truncated writing between 4 and 10 bytes into a region of size 6 [-Wformat-truncation=]
     1456 |    snprintf(name, sizeof(name), "isc-worker%04u", i);
          |                                            ^~~~
    task.c:1456:33: note: directive argument in the range [0, 4294967294]
     1456 |    snprintf(name, sizeof(name), "isc-worker%04u", i);
          |                                 ^~~~~~~~~~~~~~~~
    task.c:1456:4: note: ‘snprintf’ output between 15 and 21 bytes into a destination of size 16
     1456 |    snprintf(name, sizeof(name), "isc-worker%04u", i);
          |    ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    rrl.c: In function ‘debit_rrl_entry’:
    rrl.c:602:35: error: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=]
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |                                   ^~
    rrl.c:602:30: note: directive argument in the range [0, 2147483647]
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |                              ^~~~~~~~
    rrl.c:602:3: note: ‘snprintf’ output between 6 and 15 bytes into a destination of size 13
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    rrl.c:602:35: error: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=]
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |                                   ^~
    rrl.c:602:30: note: directive argument in the range [0, 2147483647]
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |                              ^~~~~~~~
    rrl.c:602:3: note: ‘snprintf’ output between 6 and 15 bytes into a destination of size 13
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    rrl.c:602:35: error: ‘%d’ directive output may be truncated writing between 1 and 10 bytes into a region of size 9 [-Werror=format-truncation=]
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |                                   ^~
    rrl.c:602:30: note: directive argument in the range [0, 2147483647]
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |                              ^~~~~~~~
    rrl.c:602:3: note: ‘snprintf’ output between 6 and 15 bytes into a destination of size 13
      602 |   snprintf(buf, sizeof(buf), "age=%d", age);
          |   ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

    private_test.c: In function ‘private_nsec3_totext_test’:
    private_test.c:114:9: warning: array subscript 4 is outside array bounds of ‘uint32_t[1]’ {aka ‘unsigned int[1]’} [-Warray-bounds]
      114 |  while (*sp == '\0' && slen > 0) {
          |         ^~~
    private_test.c:107:11: note: while referencing ‘salt’
      107 |  uint32_t salt;
          |           ^~~~

Prevent these warnings from being triggered by increasing the size of
the relevant arrays (task.c, rrl.c) and reordering conditions
(private_test.c).

(cherry picked from commit ce796ac1f4)
2019-06-11 10:19:26 +02:00
Witold Kręcicki
171db1a22d Address GCC 8.3 -O3 compilation warning
Compiling with -O3 triggers the following warning with GCC 8.3:

    driver.c: In function ‘dlz_findzonedb’:
    driver.c:198:29: warning: ‘%u’ directive output may be truncated writing between 1 and 5 bytes into a region of size between 0 and 99 [-Wformat-truncation=]
      snprintf(buffer, size, "%s#%u", addr_buf, port);
                                 ^~
    driver.c:198:25: note: directive argument in the range [0, 65535]
      snprintf(buffer, size, "%s#%u", addr_buf, port);
                             ^~~~~~~
    driver.c:198:2: note: ‘snprintf’ output between 3 and 106 bytes into a destination of size 100
      snprintf(buffer, size, "%s#%u", addr_buf, port);
      ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Increase the size of the relevant array to prevent this warning from
being triggered.

(cherry picked from commit 44e6bb8b93)
2019-06-11 10:19:22 +02:00
Michał Kępień
eb358d639f Make some build jobs use -O3 optimizations
Change the compiler optimization level for Debian sid build jobs from
-O2 to -O3 in order to enable triggering compilation warnings which are
not raised when -O2 is used.

(cherry picked from commit 3569487875)
2019-06-11 10:19:17 +02:00