When release notes are generated, the text is wrapped and line breaks
are inserted into each paragraph (sourced from the commit message's
body). Prevent line breaks after hyphens, as these are often used for
option names. This makes it possible to easily find the options
afterwards.
Backport of MR !9801
Merge branch 'backport-nicki/gitchangelog-dont-break-on-hyphens-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9803
When release notes are generated, the text is wrapped and line breaks
are inserted into each paragraph (sourced from the commit message's
body). Prevent line breaks after hyphens, as these are often used for
option names. This makes it possible to easily find the options
afterwards.
(cherry picked from commit 9b0d0c0173)
In rbtdb.c, there were two places where the code touched .references
directly instead of using the helper functions. Use the helper
functions instead.
Forward port from https://gitlab.isc.org/isc-private/bind9/-/merge_requests/753
Merge branch 'ondrej/use-attach-detach-in-rbtdb-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9796
The nslookup system test checks the count of resolved addresses in
the CNAME tests using a 'grep' match on the hostname, and ignoring
lines containing the 'canonical name' string. In order to protect
the check from intermittent failures like the 'address in use' warning
message, which then automatically resolves after a retry, edit the
'grep' matching string to also ignore the comments (as the mentioned
warning message is a comment which contains the hostname).
Closes#4948
Backport of MR !9523
Merge branch 'backport-4948-nslookup-test-fix-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9792
The nslookup system test checks the count of resolved addresses in
the CNAME tests using a 'grep' match on the hostname, and ignoring
lines containing the 'canonical name' string. In order to protect
the check from intermittent failures like the 'address in use' warning
message, which then automatically resolves after a retry, edit the
'grep' matching string to also ignore the comments (as the mentioned
warning message is a comment which contains the hostname).
(cherry picked from commit 345b0f9e5c)
The new log message is emitted when adding or updating an RRset
fails due to exceeding the max-records-per-type limit. The log includes
the owner name and type, corresponding zone name, and the limit value.
It will be emitted on loading a zone file, inbound zone transfer
(both AXFR and IXFR), handling a DDNS update, or updating a cache DB.
It's especially helpful in the case of zone transfer, since the
secondary side doesn't have direct access to the offending zone data.
It could also be used for max-types-per-name, but this change
doesn't implement it yet as it's much less likely to happen
in practice.
Backport of MR !9509
Merge branch 'backport-helpful-log-on-toomanyrecords-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9772
DNS_LOGMODULE_RBTDB was simply inappropriate, and this
log message is actually dependent on db implementation
details, so DNS_LOGMODULE_DB would be the best choice.
(cherry picked from commit b0309ee631)
The new log message is emitted when adding or updating an RRset
fails due to exceeding the max-records-per-type limit. The log includes
the owner name and type, corresponding zone name, and the limit value.
It will be emitted on loading a zone file, inbound zone transfer
(both AXFR and IXFR), handling a DDNS update, or updating a cache DB.
It's especially helpful in the case of zone transfer, since the
secondary side doesn't have direct access to the offending zone data.
It could also be used for max-types-per-name, but this change
doesn't implement it yet as it's much less likely to happen
in practice.
(cherry picked from commit 4156995431)
Ensure that the jinja2 templates have all the environment variables
which are available to the tests present.
This omission during the original 9.18 backport caused an issue where
port numbers (determined by the pytest framework) wouldn't be available
in jinja2 templates.
The DLZ modules are poorly maintained as we only ensure they can still
be compiled, the DLZ interface is blocking, so anything that blocks the
query to the database blocks the whole server and they should not be
used except in testing. The DLZ interface itself is going to be scheduled
for removal.
The DLZ modules now live in https://gitlab.isc.org/isc-projects/dlz-modules
repository.
Closes#4865
Backport of MR !9349
Merge branch 'backport-4865-remove-contributed-DLZ-modules-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9778
The DLZ modules are poorly maintained as we only ensure they can still
be compiled, the DLZ interface is blocking, so anything that blocks the
query to the database blocks the whole server and they should not be
used except in testing. The DLZ interface itself should be scheduled
for removal.
(cherry picked from commit a6cce753e2)
In two places, after linking the client to the manager's
"recursing-clients" list using the check_recursionquota()
function, the query.c module fails to unlink it on error
paths. Fix the bugs by unlinking the client from the list.
Backport of MR !9586
Merge branch 'backport-aram/unlink-recursing-clients-on-error-paths-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9605
In two places, after linking the client to the manager's
"recursing-clients" list using the check_recursionquota()
function, the query.c module fails to unlink it on error
paths. Fix the bugs by unlinking the client from the list.
Also make sure that unlinking happens before detaching the
client's handle, as it is the logically correct order, e.g.
in case if it's the last handle and ns__client_reset_cb()
can be called because of the detachment.
(cherry picked from commit 36c4808903)
Some tests may leave artifacts in the .libs directory. Ignore this
directory when detecting expected artifacts.
Closes#5055
Backport of MR !9766
Merge branch 'backport-5055-ignore-libs-artifacts-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9774
`dig` fails to parse a valid (as far as I can tell, and accepted by `kdig` and `Wireshark`) `SVCB` record with a `dohpath` URI template containing a `{&dns}`, like `dohpath=/some/path?key=value{&dns}"`. If the URI template contains a `{?dns}` instead `dig` is happy, but my understanding of rfc9461 and section 1.2. "Levels and Expression Types" of rfc6570 is that `{&dns}` is valid.
See for example section 1.2. "Levels and Expression Types" of rfc6570.
Note that Peter van Dijk suggested that `{dns}` and `{dns,someothervar}` might be valid forms as well, so my patch might be too restrictive, although it's anyone's guess how DoH clients would handle complex templates.
Closes https://gitlab.isc.org/isc-projects/bind9/-/issues/4922
Backport of MR !9455
Merge branch 'backport-svcb-dohpath-uri-template-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9770
The 'dns' variable in dohpath can be in various forms ({?dns},
{dns}, {&dns} etc.). To check for a valid dohpath it ends up
being simpler to just parse the URI template rather than looking
for all the various forms if substring.
(cherry picked from commit af54ef9f5d)
by logging SSL_CTX_use_certificate_chain_file and SSL_CTX_use_PrivateKey_file errors individually.
Closes#5008
Backport of MR !9683
Merge branch 'backport-5008-provide-more-visibility-into-ssl-errors-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9768
On some slow systems, the test might intermittently fail due to inherent
timing issues. In our CI, this most often happens in the
system:gcc:8fips:amd64 jobs.
Closes#3098
Backport of MR !9732
Merge branch 'backport-3098-allow-re-run-of-mkeys-test-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9765
On some slow systems, the test might intermittently fail due to inherent
timing issues. In our CI, this most often happens in the
system:gcc:8fips:amd64 jobs.
(cherry picked from commit a299650a6f)
The cross-version-config-tests job has never functioned in CI because
the testing framework changed after the testing was completed. To run
the new "named" binary using the old configurations, paths in the test
framework must be updated to point to the location of the new binaries.
Closes#4977
Backport of MR !9702
Merge branch 'backport-4977-fix-cross-version-config-tests-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9763
The cross-version-config-tests job has never functioned in CI because
the testing framework changed after the testing was completed. To run
the new "named" binary using the old configurations, paths in the test
framework must be updated to point to the location of the new binaries.
(cherry picked from commit 09d7e2430a)
Re-split format strings that had been poorly split by multiple
clang-format runs using different versions of clang-format.
Closes#5043
Backport of MR !9752
Merge branch 'backport-5043-re-split-format-strings-lib-ns-update-c-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9756
Re-split format strings that had been poorly split by multiple
clang-format runs using different versions of clang-format.
(cherry picked from commit a24d6e1654)
* Add new clang-format option to remove redundant semicolons
* Add new clang-format option to remove redundant parentheses
Backport of MR !9749
Merge branch 'backport-ondrej/code-style-2024-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9751
The new clang-format options (since clang-format 16) removes semicolons
after the closing braces of functions and constructors/destructors.
(cherry picked from commit c7420eccd9)
The new clang-format option (since 17) can remove redundant parentheses
in the return statement (with configuration value ReturnStatement).
(cherry picked from commit 3873b0c279)
Add an 'initial-ds' entry to bind.keys for the new root key, ID
38696, which is scheduled for publication in January 2025.
Closes#4896
Backport of MR !9422
Merge branch 'backport-4896-update-bind-keys-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9747
Add an 'initial-ds' entry to bind.keys for the new root key, ID
38696, scheduled for publication in January 2025.
(cherry picked from commit 609bf35075)
The fix for #4950 should have never been backported to 9.18. Revert the change.
This reverts MR !9632
History:
A performance improvement for NSEC3 closest encloser lookups (#4460) was introduced (in MR !9436) and backported to 9.20 (MR !9438) and to 9.18 in (MR !9439). It was released in 9.18.30 (and 9.20.2 and 9.21.1).
There was a bug in the code (#4950), so we reverted the change in !9611, !9613 and !9614 (not released).
Then a new attempt was merged in main (MR !9610) and backported to 9.20 (MR !9631) and 9.18 (MR !9632). The latter should not have been backported.
Furthermore, the initial MR used the wrong MR title so the change was never added to the release note. This is done in main with MR !9598 and backports to 9.20 (MR !9615) and 9.18 (MR !9616).
The new release notes for 9.21 and 9.20 should probably say that the bug is fixed. The new release notes for 9.18 should probably say that the change is reverted.
Merge branch 'revert-4950-bind-logs-expected-covering-nsec3-got-an-exact-match-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9689
Keeping the Known Issues as part of the rendered docs has the issue that
the list can't be updated on the official docs website until the next
release. This is unpractical is a high-priority issue is discovered
shortly after a release. Keep the Known Issues in wiki and simply link
to the list from the rendered docs. The wiki article can be updated at
any time as needed.
Merge branch 'nicki/move-known-issues-to-wiki-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9718
Keeping the Known Issues as part of the rendered docs has the issue that
the list can't be updated on the official docs website until the next
release. This is unpractical is a high-priority issue is discovered
shortly after a release. Keep the Known Issues in wiki and simply link
to the list from the rendered docs. The wiki article can be updated at
any time as needed.
Some omissions of !9426 discovered during the backports
Backport of MR !9739
Merge branch 'backport-nicki/extra-artifacts-fixups-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9742
When a test is re-run by the flaky plugin, the TestReport outcomes
collected in the pytest_runtest_makereport() hook should be overriden.
Each of the setup/call/teardown phases is reported again and since we
care about the overall outcome, their respective results should be
overriden so that only the outcome from the final test (re)run gets
reported.
Prior to this change, it lead to a situation where an extra_artifact
generated during the test might be ignored. This was caused because the
check was skipped, since the test was incorrectly considered as "failed"
in the case where the test would fail on the first run, but pass on a
subsequent flaky rerun.
(cherry picked from commit b66fb31dcb)
``clean.sh`` scripts have been replaced by lists of expected artifacts for each system test module. The list is defined using the custom ``pytest.mark.extra_artifacts`` mark, which can use both filenames and globs.
Closes#4261
Backport of MR !9426
Merge branch 'backport-4261-add-pytest-fixture-checking-test-artifacts-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!9735
