ComputerSurge/bind9
3
0
Fork 0
Code Pull Requests 1 Activity
32,864 Commits 589 Branches 805 Tags
a0d359bbfa3227b8bf3536c5df87161ae8991831
Commit Graph

32864 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Michal Nowak
a0d359bbfa Add unused headers check to CI 2020-11-11 10:08:12 +01:00
Michal Nowak
9088052225 Drop unused headers 2020-11-11 10:08:12 +01:00
Michal Nowak
221d5049b1 Merge branch 'mnowak/drop-OPENSSL_LIB' into 'main' 
Drop @OPENSSL_LIB@ in bigkey

See merge request isc-projects/bind9!4383
 2020-11-11 08:52:01 +00:00
Michal Nowak
24d5052e74 Drop @OPENSSL_LIB@ in bigkey 
@OPENSSL_LIB@ was brought back with the
2f9f6f1fac revert.
 2020-11-11 09:49:40 +01:00
Mark Andrews
b88a0d7cf5 Merge branch '2211-tsan-error-previous_closest_nsec-dns_rbt_findnode-vs-subtractrdataset' into 'main' 
Resolve "tsan error previous_closest_nsec(dns_rbt_findnode) vs subtractrdataset"

Closes #2211

See merge request isc-projects/bind9!4259
 2020-11-10 21:16:05 +00:00
Mark Andrews
244f84a84b Address TSAN error between dns_rbt_findnode() and subtractrdataset(). 
Having dns_rbt_findnode() in previous_closest_nsec() check of
node->data is a optimisation that triggers a TSAN error with
subtractrdataset().  find_closest_nsec() still needs to check if
the NSEC record are active or not and look for a earlier NSEC records
if it isn't.  Set DNS_RBTFIND_EMPTYDATA so node->data isn't referenced
without the node lock being held.

    WARNING: ThreadSanitizer: data race
    Read of size 8 at 0x000000000001 by thread T1 (mutexes: read M1, read M2):
    #0 dns_rbt_findnode lib/dns/rbt.c:1708
    #1 previous_closest_nsec lib/dns/rbtdb.c:3760
    #2 find_closest_nsec lib/dns/rbtdb.c:3942
    #3 zone_find lib/dns/rbtdb.c:4091
    #4 dns_db_findext lib/dns/db.c:536
    #5 query_lookup lib/ns/query.c:5582
    #6 ns__query_start lib/ns/query.c:5505
    #7 query_setup lib/ns/query.c:5229
    #8 ns_query_start lib/ns/query.c:11380
    #9 ns__client_request lib/ns/client.c:2166
    #10 processbuffer netmgr/tcpdns.c:230
    #11 dnslisten_readcb netmgr/tcpdns.c:309
    #12 read_cb netmgr/tcp.c:832
    #13 <null> <null>
    #14 <null> <null>

    Previous write of size 8 at 0x000000000001 by thread T2 (mutexes: write M3):
    #0 subtractrdataset lib/dns/rbtdb.c:7133
    #1 dns_db_subtractrdataset lib/dns/db.c:742
    #2 diff_apply lib/dns/diff.c:368
    #3 dns_diff_apply lib/dns/diff.c:459
    #4 do_one_tuple lib/dns/update.c:247
    #5 update_one_rr lib/dns/update.c:275
    #6 delete_if_action lib/dns/update.c:689
    #7 foreach_rr lib/dns/update.c:471
    #8 delete_if lib/dns/update.c:716
    #9 dns_update_signaturesinc lib/dns/update.c:1948
    #10 receive_secure_serial lib/dns/zone.c:15637
    #11 dispatch lib/isc/task.c:1152
    #12 run lib/isc/task.c:1344
    #13 <null> <null>

    Location is heap block of size 130 at 0x000000000028 allocated by thread T3:
    #0 malloc <null>
    #1 default_memalloc lib/isc/mem.c:713
    #2 mem_get lib/isc/mem.c:622
    #3 mem_allocateunlocked lib/isc/mem.c:1268
    #4 isc___mem_allocate lib/isc/mem.c:1288
    #5 isc__mem_allocate lib/isc/mem.c:2453
    #6 isc___mem_get lib/isc/mem.c:1037
    #7 isc__mem_get lib/isc/mem.c:2432
    #8 create_node lib/dns/rbt.c:2239
    #9 dns_rbt_addnode lib/dns/rbt.c:1202
    #10 dns_rbtdb_create lib/dns/rbtdb.c:8668
    #11 dns_db_create lib/dns/db.c:118
    #12 receive_secure_db lib/dns/zone.c:16154
    #13 dispatch lib/isc/task.c:1152
    #14 run lib/isc/task.c:1344
    #15 <null> <null>

    Mutex M1 (0x000000000040) created at:
    #0 pthread_rwlock_init <null>
    #1 isc_rwlock_init lib/isc/rwlock.c:39
    #2 dns_rbtdb_create lib/dns/rbtdb.c:8527
    #3 dns_db_create lib/dns/db.c:118
    #4 receive_secure_db lib/dns/zone.c:16154
    #5 dispatch lib/isc/task.c:1152
    #6 run lib/isc/task.c:1344
    #7 <null> <null>

    Mutex M2 (0x000000000044) created at:
    #0 pthread_rwlock_init <null>
    #1 isc_rwlock_init lib/isc/rwlock.c:39
    #2 dns_rbtdb_create lib/dns/rbtdb.c:8600
    #3 dns_db_create lib/dns/db.c:118
    #4 receive_secure_db lib/dns/zone.c:16154
    #5 dispatch lib/isc/task.c:1152
    #6 run lib/isc/task.c:1344
    #7 <null> <null>

    Mutex M3 (0x000000000046) created at:
    #0 pthread_rwlock_init <null>
    #1 isc_rwlock_init lib/isc/rwlock.c:39
    #2 dns_rbtdb_create lib/dns/rbtdb.c:8600
    #3 dns_db_create lib/dns/db.c:118
    #4 receive_secure_db lib/dns/zone.c:16154
    #5 dispatch lib/isc/task.c:1152
    #6 run lib/isc/task.c:1344
    #7 <null> <null>

    Thread T1 (running) created by main thread at:
    #0 pthread_create <null>
    #1 isc_thread_create pthreads/thread.c:73
    #2 isc_nm_start netmgr/netmgr.c:232
    #3 create_managers bin/named/main.c:909
    #4 setup bin/named/main.c:1223
    #5 main bin/named/main.c:1523

    Thread T2 (running) created by main thread at:
    #0 pthread_create <null>
    #1 isc_thread_create pthreads/thread.c:73
    #2 isc_taskmgr_create lib/isc/task.c:1434
    #3 create_managers bin/named/main.c:915
    #4 setup bin/named/main.c:1223
    #5 main bin/named/main.c:1523

    Thread T3 (running) created by main thread at:
    #0 pthread_create <null>
    #1 isc_thread_create pthreads/thread.c:73
    #2 isc_taskmgr_create lib/isc/task.c:1434
    #3 create_managers bin/named/main.c:915
    #4 setup bin/named/main.c:1223
    #5 main bin/named/main.c:1523

    SUMMARY: ThreadSanitizer: data race lib/dns/rbt.c:1708 in dns_rbt_findnode
 2020-11-10 20:17:48 +00:00
Michal Nowak
79d5a67e24 Merge branch 'mnowak/revert-4350' into 'main' 
Revert "Drop bigkey"

See merge request isc-projects/bind9!4369
 2020-11-10 16:51:47 +00:00
Michal Nowak
2f9f6f1fac Revert "Drop bigkey" 
This reverts commit ef6703351a.

It is believed that the bigkey test is still useful.
 2020-11-10 17:34:05 +01:00
Matthijs Mekking
d8caccb9a5 Merge branch 'matthijs-query-header-cleanup' into 'main' 
Cleanup query.h duplicate definitions

See merge request isc-projects/bind9!4381
 2020-11-10 15:01:42 +00:00
Matthijs Mekking
b7856d2675 Cleanup duplicate definitions in query.h 2020-11-10 14:42:47 +00:00
Ondřej Surý
152f49b6c3 Merge branch '1840-netmgr-tls-layer' into 'main' 
Server-side TLS support in netmgr

Closes #1840

See merge request isc-projects/bind9!3532
 2020-11-10 14:12:53 +00:00
Witold Kręcicki
bc19dc84ba CHANGES note 2020-11-10 14:20:31 +01:00
Ondřej Surý
fa424225af netmgr: Add additional safeguards to netmgr/tls.c 
This commit adds couple of additional safeguards against running
sends/reads on inactive sockets.  The changes was modeled after the
changes we made to netmgr/tcpdns.c
 2020-11-10 14:17:20 +01:00
Witold Kręcicki
d2a2804069 DoT test 
Preliminary test for DNSoverTLS - add the dot-port template to system
tests, test a simple query to an authoritative.
 2020-11-10 14:17:18 +01:00
Witold Kręcicki
e94afa5bc0 Add 'ephemeral' keyword to 'tls' option in listen-on directive. 
listen-on tls ephemeral will cause named to create an ephemeral
TLS self-signed certificate and key, stored only in memory.
 2020-11-10 14:17:14 +01:00
Witold Kręcicki
2cfc8a45a4 Shutdown interface if we can't listen on it to avoid shutdown hang 2020-11-10 14:17:09 +01:00
Witold Kręcicki
f68fe9ff14 Fix a startup/shutdown crash in ns_clientmgr_create 2020-11-10 14:17:05 +01:00
Witold Kręcicki
3c00fb71db isc_nm_tls_create_server_ctx can create ephemeral certs 
In-memory ephemeral certs creation for easy DoT/DoH deployment.
 2020-11-10 14:17:04 +01:00
Witold Kręcicki
38b78f59a0 Add DoT support to bind 
Parse the configuration of tls objects into SSL_CTX* objects.  Listen on
DoT if 'tls' option is setup in listen-on directive.  Use DoT/DoH ports
for DoT/DoH.
 2020-11-10 14:16:55 +01:00
Evan Hunt
8ed005f924 add parser support for TLS configuration options 
This commit adds stub parser support and tests for:
- "tls" statement, specifying key and cert.
- an optional "tls" keyvalue in listen-on statements for DoT
  configuration.

Documentation for these options has also been added to the ARM, but
needs further work.
 2020-11-10 14:16:49 +01:00
Evan Hunt
8886569e9d report peer address in TLS mode, and specify protocol 
- peer address was not being reported correctly by "dig +tls"
- the protocol used is now reported in the dig output: UDP, TCP, or TLS.
 2020-11-10 14:16:41 +01:00
Witold Kręcicki
03b2c948b6 add "dig +tls" 
- add "+[no]tls" option to dig to enable TLS mode
- override the default port number in dig from 53 to 853 when using TLS
 2020-11-10 14:16:35 +01:00
Witold Kręcicki
b2ee0e9dc3 netmgr: server-side TLS support 
Add server-side TLS support to netmgr - that includes moving some of the
isc_nm_ functions from tcp.c to a wrapper in netmgr.c calling a proper
tcp or tls function, and a new isc_nm_listentls() function.

Add DoT support to tcpdns - isc_nm_listentlsdns().
 2020-11-10 14:16:27 +01:00
Mark Andrews
fb8f1e49ab Merge branch '2252-ns_client_sendraw-is-missing-dnstap-support' into 'main' 
Resolve "ns_client_sendraw() is missing DNSTAP support."

Closes #2252

See merge request isc-projects/bind9!4368
 2020-11-10 06:41:08 +00:00
Mark Andrews
157e3a98f2 Add CHANGES not for [GL #2252] 2020-11-10 06:15:46 +00:00
Mark Andrews
2b7128fede Check that DNSTAP captures forwarded UPDATE responses 2020-11-10 06:15:46 +00:00
Mark Andrews
b09727a765 Implement DNSTAP support in ns_client_sendraw() 
ns_client_sendraw() is currently only used to relay UPDATE
responses back to the client.  dns_dt_send() is called with
this assumption.
 2020-11-10 06:15:46 +00:00
Mark Andrews
a66b638d41 Merge branch '2259-zone_namerd_tostr-called-w-o-lock-being-held' into 'main' 
Resolve "zone_namerd_tostr called w/o lock being held"

Closes #2259

See merge request isc-projects/bind9!4376
 2020-11-10 06:14:21 +00:00
Mark Andrews
84f43903da Lock zone before calling zone_namerd_tostr() 
WARNING: ThreadSanitizer: data race
    Read of size 8 at 0x000000000001 by thread T1:
    #0 inline_raw lib/dns/zone.c:1375
    #1 zone_namerd_tostr lib/dns/zone.c:15316
    #2 dns_zone_name lib/dns/zone.c:15391
    #3 xfrin_log lib/dns/xfrin.c:1605
    #4 xfrin_destroy lib/dns/xfrin.c:1477
    #5 dns_xfrin_detach lib/dns/xfrin.c:739
    #6 xfrin_connect_done lib/dns/xfrin.c:970
    #7 tcpdnsconnect_cb netmgr/tcpdns.c:786
    #8 tcp_connect_cb netmgr/tcp.c:292
    #9 <null> <null>
    #10 <null> <null>

    Previous write of size 8 at 0x000000000001 by thread T2 (mutexes: write M1):
    #0 zone_shutdown lib/dns/zone.c:14462
    #1 dispatch lib/isc/task.c:1152
    #2 run lib/isc/task.c:1344
    #3 <null> <null>

    Location is heap block of size 2769 at 0x000000000013 allocated by thread T3:
    #0 malloc <null>
    #1 default_memalloc lib/isc/mem.c:713
    #2 mem_get lib/isc/mem.c:622
    #3 mem_allocateunlocked lib/isc/mem.c:1268
    #4 isc___mem_allocate lib/isc/mem.c:1288
    #5 isc__mem_allocate lib/isc/mem.c:2453
    #6 isc___mem_get lib/isc/mem.c:1037
    #7 isc__mem_get lib/isc/mem.c:2432
    #8 dns_zone_create lib/dns/zone.c:984
    #9 configure_zone bin/named/server.c:6502
    #10 do_addzone bin/named/server.c:13391
    #11 named_server_changezone bin/named/server.c:13788
    #12 named_control_docommand bin/named/control.c:207
    #13 control_command bin/named/controlconf.c:392
    #14 dispatch lib/isc/task.c:1152
    #15 run lib/isc/task.c:1344
    #16 <null> <null>
 2020-11-10 15:56:13 +11:00
Mark Andrews
bd3cc31f2b Merge branch '2230-legacy-system-test-fails-intermittently' into 'main' 
Resolve "legacy system test fails intermittently"

Closes #2207

See merge request isc-projects/bind9!4295
 2020-11-09 22:18:29 +00:00
Mark Andrews
06db7a153f Retry edns512 multiple times to trigger fallback to edns at 512 
We want named to have slow resolving (multiple retries) when
there is a very small working MTU
 2020-11-09 21:45:44 +00:00
Mark Andrews
b5145f46dc Fixup legacy test to account for not falling back to EDNS 512 lookups. 
The SOA lookup for edns512 could succeed if the negative response
for ns.edns512/AAAA completed before all the edns512/SOA query
attempts are made.  The ns.edns512/AAAA lookup returns tc=1 and
the SOA record is cached after processing the NODATA response.
Lookup a TXT record at edns512 and look it up instead of the
SOA record.

Removed 'checking that TCP failures do not influence EDNS statistics
in the ADB' as it is no longer appropriate.
 2020-11-09 21:45:44 +00:00
Evan Hunt
45f1df5412 Merge branch '2258-xfrin-shutdown-race' into 'main' 
address some possible shutdown races in xfrin

Closes #2258

See merge request isc-projects/bind9!4374
 2020-11-09 21:45:14 +00:00
Evan Hunt
e011521ef1 address some possible shutdown races in xfrin 
there were two failures during observed in testing, both occurring
when 'rndc halt' was run rather than 'rndc stop' - the latter dumps
zone contents to disk and presumably introduced enough delay to
prevent the races:

- a failure when the zone was shut down and called dns_xfrin_detach()
  before the xfrin had finished connecting; the connect timeout
  terminated without detaching its handle
- a failure when the tcpdns socket timer fired after the outerhandle
  had already been cleared.

this commit incidentally addresses a failure observed in mutexatomic
due to a variable having been initialized incorrectly.
 2020-11-09 12:33:37 -08:00
Ondřej Surý
ce58a149ce Merge branch '1840-netmgr-tls-layer-link-with-libssl' into 'main' 
Add support to link with libssl

See merge request isc-projects/bind9!4373
 2020-11-09 15:38:22 +00:00
Ondřej Surý
127ba7e930 Add libssl libraries to Windows build 
This commit extends the perl Configure script to also check for libssl
in addition to libcrypto and change the vcxproj source files to link
with both libcrypto and libssl.
 2020-11-09 16:00:28 +01:00
Witold Kręcicki
9a2065e2f4 autoconf: link with libssl 
This is prerequisite to adding DoT and DoH support to BIND 9.
 2020-11-09 15:59:01 +01:00
Ondřej Surý
c62f3af395 Merge branch '2016-xfrin-netmgr' into 'main' 
use netmgr for xfrin

Closes #2016

See merge request isc-projects/bind9!4246
 2020-11-09 14:45:17 +00:00
Evan Hunt
42d94614e4 CHANGES and release notes 2020-11-09 14:50:48 +01:00
Ondřej Surý
934d6c6f92 Refactor the xfrin reference counting 
Previously, the xfrin object relied on four different reference counters
(`refs`, `connects`, `sends`, `recvs`) and destroyed the xfrin object
only if all of them were zero.  This commit reduces the reference
counting only to the `references` (renamed from `refs`) counter.  We
keep the existing `connects`, `sends` and `recvs` as safe guards, but
they are not formally needed.
 2020-11-09 14:50:48 +01:00
Evan Hunt
1170a52f48 remove isc_task from xfrin 
since the network manager is now handling timeouts, xfrin doesn't
need an isc_task object.

it may be necessary to revert this later if we find that it's
important for zone_xfrdone() to be executed in the zone task context.
currently things seem to be working well without that, though.
 2020-11-09 13:45:43 +01:00
Evan Hunt
a8d28881d1 remove isc_timer from xfrin 
the network manager can now handle timeouts, so it isn't
necessary for xfrin to use isc_timer for the purpose any
longer.
 2020-11-09 13:45:43 +01:00
Evan Hunt
49d53a4aa9 use netmgr for xfrin 
Use isc_nm_tcpdnsconnect() in xfrin.c for zone transfers.
 2020-11-09 13:45:43 +01:00
Michal Nowak
917e365159 Merge branch 'mnowak/test-with-DDEBUG' into 'main' 
Enable debug build on Tumbleweed in CI

See merge request isc-projects/bind9!4367
 2020-11-09 12:36:24 +00:00
Michal Nowak
59a09b5db8 Enable debug build on Tumbleweed in CI 2020-11-09 13:34:51 +01:00
Evan Hunt
f6d967db54 Merge branch '2140-dig-netmgr' into 'main' 
Resolve "convert dig and friends to use the netmgr"

Closes #2140

See merge request isc-projects/bind9!4115
 2020-11-08 22:06:04 +00:00
Evan Hunt
3ff0ee568d CHANGES and release note 2020-11-08 13:36:12 -08:00
Ondřej Surý
8af7f81d6c netmgr: Don't crash if socket() returns an error in udpconnect 
socket() call can return an error - e.g. EMFILE, so we need to handle
this nicely and not crash.

Additionally wrap the socket() call inside a platform independent helper
function as the Socket data type on Windows is unsigned integer:

> This means, for example, that checking for errors when the socket and
> accept functions return should not be done by comparing the return
> value with –1, or seeing if the value is negative (both common and
> legal approaches in UNIX). Instead, an application should use the
> manifest constant INVALID_SOCKET as defined in the Winsock2.h header
> file.
 2020-11-08 13:36:12 -08:00
Ondřej Surý
b558eca633 dig: Refactor recv_done, so there's less exit paths 
The recv_done() callback had many exit paths with different conditions,
and every path had it's own set of destructors.  The refactored code now
has unified exit path with descriptive goto labels matching the intent:

 - cancel_lookup
 - next_lookup
 - detach_query
 - keep_query

The only exception to the rule is check_for_more_data() path, where the
part of the query gets reused, so the query->readhandle and query gets
detached on it's own, and by going to the keep_query, we are just
skipping calling the destructors again.
 2020-11-08 13:36:12 -08:00
Ondřej Surý
050258bda4 netmgr: Always load the result from async socket 
Because we use result earlier for setting the loadbalancing on the
socket, we could be left with a ISC_R_NOTIMPLEMENTED value stored in the
variable and when the UDP connection would succeed, we would
errorneously return this value instead of ISC_R_SUCCESS.
 2020-11-07 21:12:08 +01:00