Commit Graph
808 Commits
Author SHA1 Message Date
Ondřej Surý 81d661ffc0 Revert "Attach dnssecsignstats, rcvquerystats, and requeststats"
This reverts commit fb50a71159.

(cherry picked from commit 7a99d1baf8)
2024-12-08 12:03:12 +01:00
Matthijs MekkingandMark Andrews 492f79560d Implement global limit for outgoing queries
This global limit is not reset on query restarts and is a hard limit
for any client request.

(cherry picked from commit 16b3bd1cc7)
2024-12-06 06:20:33 +00:00
Mark Andrews bcf3f8b44d Attach dnssecsignstats, rcvquerystats, and requeststats
In dns_zone_getdnssecsignstats, dns_zone_getrcvquerystats and
dns_zone_getrequeststats attach to the statistics structure.

(cherry picked from commit fb50a71159)
2024-12-06 16:45:52 +11:00
Colin Vidal c586d9a658 Add EDE 22 No reachable authority code
Add support for Extended DNS Errors (EDE) error 22: No reachable
authority. This occurs when after a timeout delay when the resolver is
trying to query an authority server.

(cherry picked from commit d13e94b930)

Commit amended in order to fix usage of isc_log_write (adding dns_lctx
parameter)
2024-12-05 10:30:28 +01:00
Mark Andrews f5bcc2a1b8 Keep a local copy of the update rules to prevent UAF
Previously, the update policy rules check was moved earlier in the
sequence, and the keep rule match pointers were kept to maintain the
ability to verify maximum records by type.

However, these pointers can become invalid if server reloading
or reconfiguration occurs before update completion. To prevent
this issue, extract the maximum records by type value immediately
during processing and only keep the copy of the values instead of the
full ssurule.

(cherry picked from commit 44a54a29d8)
2024-12-05 04:14:28 +00:00
Ondřej Surý 6c3f1f09b2 Improve the badcache cleaning by adding LRU and using RCU
Instead of cleaning the dns_badcache opportunistically, add per-loop
LRU, so each thread-loop can clean the expired entries.  This also
allows removal of the atomic operations as the badcache entries are now
immutable, instead of updating the badcache entry in place, the old
entry is now deleted from the hashtable and the LRU list, and the new
entry is inserted in the LRU.

(cherry picked from commit 2cb5a6210f)
2024-11-27 17:07:03 +00:00
Mark Andrews 1135bf9284 Re-split format strings
Re-split format strings that had been poorly split by multiple
clang-format runs using different versions of clang-format.

(cherry picked from commit a24d6e1654)
2024-11-21 04:22:11 +00:00
Ondřej Surý c22176c0f9 Remove redundant semicolons after the closing braces of functions
(cherry picked from commit 1a19ce39db)
2024-11-19 14:26:56 +01:00
Ondřej Surý 58a15d38c2 Remove redundant parentheses from the return statement
(cherry picked from commit 0258850f20)
2024-11-19 14:26:52 +01:00
Evan Hunt b5475c9cda corrected code style errors
- add missing brackets around one-line statements
- add paretheses around return values
2024-10-18 19:31:56 +00:00
Mark Andrews 14bb1f8aa0 Use a binary search to find the NSEC3 closest encloser
maxlabels is the suffix length that corresponds to the latest
NXDOMAIN response.  minlabels is the suffix length that corresponds
to longest found existing name.

(cherry picked from commit 67f31c5046)
2024-10-14 23:55:08 +00:00
Matthijs Mekking d768dd1f5d Revert "fix: chg: Improve performance when looking for the closest encloser when returning NSEC3 proofs"
This reverts merge request !9436

(cherry picked from commit 0396bf98ee)
2024-10-10 09:29:52 +00:00
Aram Sargsyan 3b76aa01ba Refactor the way check_recursionquota() is used
Rename check_recursionquota() to acquire_recursionquota(), and
implement a new function called release_recursionquota() to
reverse the action. It helps with decreasing code duplication.

(cherry picked from commit 7bd44a4182)
2024-10-09 11:40:19 +00:00
Aram Sargsyan dbd308436f Fix error path bugs in the "recursing-clients" list management
In two places, after linking the client to the manager's
"recursing-clients" list using the check_recursionquota()
function, the query.c module fails to unlink it on error
paths. Fix the bugs by unlinking the client from the list.

Also make sure that unlinking happens before detaching the
client's handle, as it is the logically correct order, e.g.
in case if it's the last handle and ns__client_reset_cb()
can be called because of the detachment.

(cherry picked from commit 36c4808903)
2024-10-09 11:40:19 +00:00
Aram Sargsyan 3a5e683075 Clean up 'nodetach' in ns_client
The 'nodetach' member is a leftover from the times when non-zero
'stale-answer-client-timeout' values were supported, and currently
is always 'false'. Clean up the member and its usage.

(cherry picked from commit b8c068835e)
2024-10-09 09:16:21 +00:00
Petr MenšíkandMark Andrews 59770f281c Move common flags logging to shared functions
Query and response log shares the same flags. Move flags logging out of
log_query to share it with log_response. Use buffer instead of snprintf
to fill flags a bit faster.

Signed-off-by: Petr Menšík <pemensik@redhat.com>
(cherry picked from commit e6b19af2dd)
2024-09-30 00:10:47 +00:00
Petr MenšíkandMark Andrews d9d50f6274 Make responselog flags similar to querylog
Remove answer flag from log, log instead count of records for each
message section. Include EDNS version and few flags of response. Add
also status of result.

Still does not include body of responses rrset.

(cherry picked from commit 6f879aba65)
2024-09-30 00:10:47 +00:00
Mark Andrews 3968813724 Log the rcode returned to for a query
Log to the querylog the rcode of a previous query using
the identifier 'response:' to diffenciate queries from
responses.

(cherry picked from commit 5fad79c92f)
2024-09-30 00:10:47 +00:00
Mark Andrews b30bff7dee Return partial match when requested
Return partial match from dns_db_find/dns_db_find when requested
to short circuit the closest encloser discover process.  Most of the
time this will be the actual closest encloser but may not be when
there yet to be committed / cleaned up versions of the zone with
names below the actual closest encloser.

(cherry picked from commit d42ea08f16)
2024-08-29 21:40:16 +00:00
Aram Sargsyan 2353771253 Process also the ISC_R_CANCELED result code in rpz_rewrite()
Log  canceled queries (e.g. when shutting down a hung fetch)
in DEBUG3 level instead of DEBUG1 which is used for the
"unrecognized" result codes.

(cherry picked from commit 8bb9568467)
2024-08-19 13:56:27 +00:00
Evan Hunt 74d94707cd make "max_restarts" a configurable value
MAX_RESTARTS is no longer hard-coded; ns_server_setmaxrestarts()
and dns_client_setmaxrestarts() can now be used to modify the
max-restarts value at runtime. in both cases, the default is 11.

(cherry picked from commit c5588babaf)
2024-08-07 21:12:34 +00:00
Evan Hunt be3b660e54 reduce MAX_RESTARTS to 11
the number of steps that can be followed in a CNAME chain
before terminating the lookup has been reduced from 16 to 11.
(this is a hard-coded value, but will be made configurable later.)

(cherry picked from commit 05d78671bb)
2024-08-07 21:12:34 +00:00
Ondřej Surý 36265057f9 Don't open route socket if we don't need it
When automatic-interface-scan is disabled, the route socket was still
being opened.  Add new API to connect / disconnect from the route socket
only as needed.

Additionally, move the block that disables periodic interface rescans to
a place where it actually have access to the configuration values.
Previously, the values were being checked before the configuration was
loaded.

(cherry picked from commit b26079fdaf)
2024-08-05 10:17:08 +00:00
Aram Sargsyan adddcde263 Replace #define DNS_GETDB_ with struct of bools
This makes it easier to pretty-print the attributes in a debugger.

(cherry picked from commit cb5238cc62)
2024-07-31 16:28:29 +00:00
Aram Sargsyan 2b3ce5e514 Return SERVFAIL for a too long CNAME chain
Due to the maximum query restart limitation a long CNAME chain
it is cut after 16 queries but named still returns NOERROR.

Return SERVFAIL instead and the partial answer.

(cherry picked from commit b621f1d88e)
2024-07-31 11:55:35 +00:00
Ondřej Surý bf9fd2a6ff Reset the TCP connection on a failed send
When sending fails, the ns__client_request() would not reset the
connection and continue as nothing is happening.  This comes from the
model that we don't care about failed UDP sends because datagrams are
unreliable anyway, but it greatly affects TCP connections with
keep-alive.

The worst case scenario is as follows:

1. the 3-way TCP handshake gets completed
2. the libuv calls the "uv_connection_cb" callback
3. the TCP connection gets queue because of the tcp-clients quota
4. the TCP client sends as many DNS messages as the buffers allow
5. the TCP connection gets dropped by the client due to the timeout
6. the TCP connection gets accepted by the server
7. the data already sent by the client gets read
8. all sending fails immediately because the TCP connection is dead
9. we consume all the data in the buffer in a very tight loop

As it doesn't make sense to trying to process more data on the TCP
connection when the sending is failing, drop the connection immediately
on the first sending error.
2024-07-03 09:07:20 +02:00
Ondřej Surý 1c0564d715 Remove ns_query_init() cannot fail, remove the error paths
As ns_query_init() cannot fail now, remove the error paths, especially
in ns__client_setup() where we now don't have to care what to do with
the connection if setting up the client could fail.  It couldn't fail
even before, but now it's formal.
2024-07-03 09:05:51 +02:00
Mark AndrewsandNicki Křížek e52c2a654b Clear qctx->zversion
Clear qctx->zversion when clearing qctx->zrdataset et al in
lib/ns/query.c:qctx_freedata.  The uncleared pointer could lead to
an assertion failure if zone data needed to be re-saved which could
happen with stale data support enabled.
2024-06-10 17:45:38 +02:00
Aram SargsyanandNicki Křížek 54ddd848fe Avoid running get_matching_view() asynchronously on an error path
Also create a new ns_client_async_reset() static function to decrease
code duplication.
2024-06-10 17:35:40 +02:00
Aram SargsyanandNicki Křížek ad489c44df Remove sig0checks-quota-maxwait-ms support
Waiting for a quota to appear complicates things and wastes
rosources on timer management. Just answer with REFUSE if
there is no quota.
2024-06-10 17:33:11 +02:00
Aram SargsyanandNicki Křížek f0cde05e06 Implement asynchronous view matching for SIG(0)-signed queries
View matching on an incoming query checks the query's signature,
which can be a CPU-heavy task for a SIG(0)-signed message. Implement
an asynchronous mode of the view matching function which uses the
offloaded signature checking facilities, and use it for the incoming
queries.
2024-06-10 17:33:10 +02:00
Aram SargsyanandNicki Křížek c7f79a0353 Add a quota for SIG(0) signature checks
In order to protect from a malicious DNS client that sends many
queries with a SIG(0)-signed message, add a quota of simultaneously
running SIG(0) checks.

This protection can only help when named is using more than one worker
threads. For example, if named is running with the '-n 4' option, and
'sig0checks-quota 2;' is used, then named will make sure to not use
more than 2 workers for the SIG(0) signature checks in parallel, thus
leaving the other workers to serve the remaining clients which do not
use SIG(0)-signed messages.

That limitation is going to change when SIG(0) signature checks are
offloaded to "slow" threads in a future commit.

The 'sig0checks-quota-exempt' ACL option can be used to exempt certain
clients from the quota requirements using their IP or network addresses.

The 'sig0checks-quota-maxwait-ms' option is used to define a maximum
amount of time for named to wait for a quota to appear. If during that
time no new quota becomes available, named will answer to the client
with DNS_R_REFUSED.
2024-06-10 17:33:08 +02:00
Matthijs MekkingandNicki Křížek 82635e56d8 Log error when update fails
The new "too many records" error can make an update fail without the
error being logged. This commit fixes that.
2024-06-10 16:55:12 +02:00
Ondřej SurýandNicki Křížek e28266bfbc Remove the extra memory context with own arena for sending
The changes in this MR prevent the memory used for sending the outgoing
TCP requests to spike so much.  That strictly remove the extra need for
own memory context, and thus since we generally prefer simplicity,
remove the extra memory context with own jemalloc arenas just for the
outgoing send buffers.
2024-06-10 16:48:54 +02:00
Ondřej SurýandNicki Křížek 452a2e6348 Replace the tcp_buffers memory pool with static per-loop buffer
As a single thread can process only one TCP send at the time, we don't
really need a memory pool for the TCP buffers, but it's enough to have
a single per-loop (client manager) static buffer that's being used to
assemble the DNS message and then it gets copied into own sending
buffer.

In the future, this should get optimized by exposing the uv_try API
from the network manager, and first try to send the message directly
and allocate the sending buffer only if we need to send the data
asynchronously.
2024-06-10 16:48:53 +02:00
Aram SargsyanandNicki Křížek 982eab7de0 ns_client: reuse TCP send buffers
Constantly allocating, reallocating and deallocating 64K TCP send
buffers by 'ns_client' instances takes too much CPU time.

There is an existing mechanism to reuse the ns_clent_t structure
associated with the handle using 'isc_nmhandle_getdata/_setdata'
(see ns_client_request()), but it doesn't work with TCP, because
every time ns_client_request() is called it gets a new handle even
for the same TCP connection, see the comments in
streamdns_on_complete_dnsmessage().

To solve the problem, we introduce an array of available (unused)
TCP buffers stored in ns_clientmgr_t structure so that a 'client'
working via TCP can have a chance to reuse one (if there is one)
instead of allocating a new one every time.
2024-06-10 16:48:53 +02:00
Aydın Mercan e037520b92 Keep track of the recursive clients highwater
The high-water allows administrators to better tune the recursive
clients limit without having to to poll the statistics channel in high
rates to get this number.
2024-05-10 12:08:52 +03:00
Aydın Mercan 09e4fb2ffa Return the old counter value in isc_stats_increment
Returning the value allows for better high-water tracking without
running into edge cases like the following:

0. The counter is at value X
1. Increment the value (X+1)
2. The value is decreased multiple times in another threads (X+1-Y)
3. Get the value (X+1-Y)
4. Update-if-greater misses the X+1 value which should have been the
   high-water
2024-05-10 12:08:52 +03:00
Matthijs Mekking 5d7e613e81 RPZ response's SOA record is incorrectly set to 1
An RPZ response's SOA record TTL is set to 1 instead of the SOA TTL,
a boolean value is passed on to query_addsoa, which is supposed to be
a TTL value. I don't see what value is appropriate to be used for
overriding, so we will pass UINT32_MAX.
2024-05-06 11:38:36 +02:00
Aydın Mercan f30008a71c Provide an early escape hatch for ns_client_transport_type
Because some tests don't have a legtimate handle, provide a temporary
return early that should be fixed and removed before squashing. This
short circuiting is still correct until DoQ/DoH3 support is introduced.
2024-04-26 16:12:29 +03:00
Aydın Mercan b5478654a2 Add fallback to ns_client_get_type despite unreachable
GCC might fail to compile because it expects a return after UNREACHABLE.
It should ideally just work anyway since UNREACHABLE is either a
noreturn or UB (__builtin_unreachable / C23 unreachable).

Either way, it should be optimized almost always so the fallback is
free or basically free anyway when it isn't optimized out.
2024-04-26 16:12:29 +03:00
Aydın Mercan 4a3f7fe1ef Emit and read correct DoT and DoH dnstap entries
Other protocols still pretend to be TCP/UDP.
This only causes a difference when using dnstap-read on a file with DoQ
or DNSCrypt entries
2024-04-26 16:12:29 +03:00
Mark Andrews 40816e4e35 Don't use static stub when returning best NS
If we find a static stub zone in query_addbestns look for a parent
zone which isn't a static stub.
2024-03-14 11:39:27 +11:00
Artem Boldariev f8812d4184 Do not lock workers when using -T transferslowly/transferstuck
This commit ensures that worker threads are not sleeping (by using
select()) when '-T transferslowly/transferstuck' test options are
used. This commit converts synchronous implementation of the code into
an asynchronous one based on timers.
2024-02-22 00:09:04 +02:00
Aram Sargsyan 9e38d0e3af Clean up fetch_answered
After the changes in [GL #4447] the 'fetch_answered' variable is
always false now. Delete the unnecessary code.
2024-02-20 10:46:40 +00:00
Aram Sargsyan bd7463914f Disallow stale-answer-client-timeout non-zero values
Remove all the code and tests which support non-zero
stale-answer-client-timeout values, and adjust the
documentation.
2024-02-16 08:41:52 +00:00
Michał Kępień 8610799317 Merge tag 'v9.19.21'
BIND 9.19.21
2024-02-14 13:24:56 +01:00
Aram Sargsyan 0d7c7777da Improve the definition of the DNS_GETDB_* flags
Use the (1 << N) form for defining the flags, in order to avoid
errors like the one fixed in the previous commit.

Also convert the definitions to an enum, as done in some of our
recent refactoring work.
2024-02-02 14:15:31 +00:00
Aram Sargsyan be7d8fafe2 Fix the DNS_GETDB_STALEFIRST flag
The DNS_GETDB_STALEFIRST flag is defined as 0x0C, which is the
combination of the DNS_GETDB_PARTIAL (0x04) and the
DNS_GETDB_IGNOREACL (0x08) flags (0x04 | 0x08 == 0x0C) , which is
an obvious error.

All the flags should be power of two, so they don't interfere with
each other. Fix the DNS_GETDB_STALEFIRST flag by setting it to 0x10.
2024-02-02 13:50:57 +00:00
Artem Boldariev 8ae661048d Fix flawed logic when detecting same listener type
The older version of the code was reporting that listeners are going
to be of the same type after reconfiguration when switching from DoT
to HTTPS listener, making BIND abort its executions.

That was happening due to the flaw in logic due to which the code
could consider a current listener and a configuration for the new one
to be of the same type (DoT) even when the new listener entry is
explicitly marked as HTTP.

The checks for PROXY in between the configuration were masking that
behaviour, but when porting it to 9.18 (when there is no PROXY
support), the behaviour was exposed.

Now the code mirrors the logic in 'interface_setup()' closely (as it
was meant to).
2024-01-12 17:59:53 +02:00