Commit Graph

34313 Commits

Author SHA1 Message Date
Evan Hunt
adeddfa8ff dont run isc__trampoline_initialize() in dlopen library
when built without libtool, the sample driver in the dyndb
system test runs library intializers that have already been
run, causing the value for isc__trampoline_min to be reset.
wrap the trampoline initialize and shutdown routines under
isc_once_do() to ensure that they are only run once.
2022-05-15 00:25:32 -07:00
Evan Hunt
7a1ae6255a Merge branch '3327-fetches-per-server-quota-v9_16' into 'v9_16'
fix the fetches-per-server quota calculation

See merge request isc-projects/bind9!6308
2022-05-14 08:28:12 +00:00
Evan Hunt
cd0e13f876 Add CHANGES note for [GL #3327]
(cherry picked from commit 3f478a3bed)
2022-05-14 00:58:29 -07:00
Evan Hunt
6edbe8452c Add lower bound checks to fetchlimit test
Check that the recursing client count is above a reasonable
minimum, as well as below a maximum, so that we can detect
bugs that cause recursion to fail too early or too often.

(cherry picked from commit 8834c44683)
2022-05-14 00:58:29 -07:00
Evan Hunt
82c197d93b Cleanup: always count ns_statscounter_recursclients
The ns_statscounter_recursclients counter was previously only
incremented or decremented if client->recursionquota was non-NULL.
This was harmless, because that value should always be non-NULL if
recursion is enabled, but it made the code slightly confusing.

(cherry picked from commit 0201eab655)
2022-05-14 00:58:26 -07:00
Evan Hunt
9582d05683 Disable EDNS for the fetchlimit test server
The fetchlimit test depends on a resolver continuing to try UDP
and timing out while the client waits for resolution to succeed.
but since commit bb990030 (flag day 2020), a fetch will always
switch to TCP after two timeouts, unless EDNS was disabled for
the query.

This commit adds "edns no;" to server statements in the fetchlimit
resolver, to restore the behavior expected by the test.

(cherry picked from commit 81deb24deb)
2022-05-14 00:52:22 -07:00
Evan Hunt
8516efa4fd Fix the fetches-per-server quota calculation
Since commit bad5a523c2, when the fetches-per-server quota
was increased or decreased, instead of the value being set to
the newly calculated quota, it was set to the *minimum* of
the new quota or 1 - which effectively meant it was always set to 1.
it should instead have been the maximum, to prevent the value from
ever dropping to zero.

(cherry picked from commit 694bc50273)
2022-05-14 00:52:22 -07:00
Evan Hunt
77418a1117 Merge branch '3351-checkconf-overflow-v9_16' into 'v9_16'
prevent a possible buffer overflow in configuration check

See merge request isc-projects/bind9!6305
2022-05-14 04:21:08 +00:00
Evan Hunt
b6670787d2 prevent a possible buffer overflow in configuration check
corrected code that could have allowed a buffer overfow while
parsing named.conf.

(cherry picked from commit 921043b541)
2022-05-13 20:30:41 -07:00
Ondřej Surý
45fbcb2f94 Merge branch 'ondrej-fix-trampoline-locking-v9_16' into 'v9_16'
Lock the trampoline when attaching [v9.16]

See merge request isc-projects/bind9!6299
2022-05-13 12:06:23 +00:00
Ondřej Surý
be7f672fcc Lock the trampoline when attaching
When attaching to the trampoline, the isc__trampoline_max was access
unlocked.  This would not manifest under normal circumstances because we
initialize 65 trampolines by default and that's enough for most
commodity hardware, but there are ARM machines with 128+ cores where
this would be reported by ThreadSanitizer.

Add locking around the code in isc__trampoline_attach().  This also
requires the lock to leak on exit (along with memory that we already)
because a new thread might be attaching to the trampoline while we are
running the library destructor at the same time.

(cherry picked from commit 933162ae14)
2022-05-13 13:42:23 +02:00
Matthijs Mekking
b2ae8ba5f8 Merge branch '3335-confusing-parental-source-documentation-v9_16' into 'v9_16'
[v9_16] Remove confusing parental-source line

See merge request isc-projects/bind9!6287
2022-05-11 15:02:32 +00:00
Matthijs Mekking
24913fc696 Remove confusing parental-source line
Remove the line "This address must appear in the secondary server’s
parental-agents zone clause". This line is a copy paste error from
notify-source.

Rewrap.

(cherry picked from commit 313f606692)
2022-05-11 15:01:35 +00:00
Michał Kępień
31abf01e04 Merge branch 'michal/drop-post-merge-pipelines-v9_16' into 'v9_16'
[v9_16] Drop post-merge pipelines

See merge request isc-projects/bind9!6294
2022-05-11 13:08:00 +00:00
Michał Kępień
fc028b873d Drop post-merge pipelines
Commit 24961f6068 introduced the concept
of post-merge pipelines.  These were used to build documentation after
each merge to any of the maintained branches, to allow up-to-date
documentation to be subsequently published on the bind.isc.org
microsite.  As the latter no longer downloads documentation from GitLab,
instead linking to Read the Docs for all currently maintained branches,
post-merge pipelines have become redundant since running the
"autoreconf" and "docs" jobs after each merge is not necessary any more.
Drop the "release_branch_triggering_rules" YAML anchor and revert to
default triggering rules for the "autoconf" and "docs" jobs, effectively
preventing pipelines from being created after each merge to any of the
maintained branches.

(cherry picked from commit 7b8c9e04fc)
2022-05-11 15:06:09 +02:00
Michał Kępień
925b15024d Merge branch '565-do-not-trigger-gitlab-pages-pipelines-any-more-v9_16' into 'v9_16'
Do not trigger GitLab Pages pipelines any more

See merge request isc-projects/bind9!6291
2022-05-11 12:22:44 +00:00
Michał Kępień
8ddb6cb12c Do not trigger GitLab Pages pipelines any more
The bind.isc.org microsite no longer downloads documentation from
GitLab, instead linking to Read the Docs for all currently maintained
branches.  This makes it redundant to trigger GitLab Pages pipelines
after each merge to any of the maintained branches.  Revert changes
introduced by commit 31bde118db: remove
the "push:docs" job along with the "push" stage it is associated with
and revert artifact expiry time for the "docs" job to the default value.

(cherry picked from commit a7fccaee82)
2022-05-11 14:14:11 +02:00
Petr Špaček
fb220e3652 Merge branch 'pspacek/arm-remove-solaris251-v9_16' into 'v9_16'
Remove ARM notes about Solaris 2.5.1 [v9_16]

See merge request isc-projects/bind9!6289
2022-05-11 10:54:24 +00:00
Petr Špaček
0366ff94ee Remove ARM notes about Solaris 2.5.1
It was released in May 1996 and hopefully is not used to run BIND
anymore.

(cherry picked from commit 4388656f60)
2022-05-11 12:54:01 +02:00
Michal Nowak
ed266b41cb Merge branch 'mnowak/set-up-version-and-release-notes-for-bind-9.16.30' into 'v9_16'
Set up version and release notes for BIND 9.16.30

See merge request isc-projects/bind9!6283
2022-05-11 09:13:53 +00:00
Michal Nowak
9b7487b2f2 Set up release notes for BIND 9.16.30 2022-05-11 11:04:21 +02:00
Michal Nowak
68fe5ac27f Update BIND version to 9.16.30-dev 2022-05-11 11:03:35 +02:00
Mark Andrews
3f4478f59a Merge branch '3232-rpz-rpz-nsip-rules-seem-not-to-understand-stub-and-static-stub-zones-and-don-t-handle-v9_16' into 'v9_16'
Add test cases using static and static-stub zones

See merge request isc-projects/bind9!6263
2022-05-04 14:16:44 +00:00
Mark Andrews
d408b7055c Add CHANGES entry for [GL #3232]
(cherry picked from commit 63f420c89a)
2022-05-04 23:53:57 +10:00
Mark Andrews
36612dadff Allow DNS_RPZ_POLICY_ERROR to be converted to a string
(cherry picked from commit f498d2db0d)
2022-05-04 23:53:21 +10:00
Mark Andrews
8f23d56fba Check the cache as well when glue NS are returned processing RPZ
(cherry picked from commit 8fb72012e3)
2022-05-04 23:53:21 +10:00
Mark Andrews
8c2ede6edc Process learned records as well as glue
(cherry picked from commit 07c828531c)
2022-05-04 23:53:21 +10:00
Mark Andrews
13129872eb Process the delegating NS RRset when checking rpz rules
(cherry picked from commit cf97c61f48)
2022-05-04 23:53:21 +10:00
Mark Andrews
967e5e09cd Add test cases using static and static-stub zones
RPZ NSIP and NSDNAME checks were failing with "unrecognized NS
rpz_rrset_find() failed: glue" when static or static-stub zones
where used to resolve the query name.

Add tests using stub and static-stub zones that are expected to
be filtered and not-filtered against NSIP and NSDNAME rules.

stub and static-stub queries are expected to be filtered

stub-nomatch and static-stub-nomatch queries are expected to be passed

(cherry picked from commit 30cb70c826)
2022-05-04 23:53:21 +10:00
Ondřej Surý
5d4e19ae05 Merge branch 'ondrej-add-missing-void-in-named_config_default-v9_16' into 'v9_16'
Add missing void in named_config_getdefault() definition [v9.16]

See merge request isc-projects/bind9!6261
2022-05-04 11:05:53 +00:00
Ondřej Surý
7a8e6d67a5 Add missing void in named_config_getdefault() definition
The named_config_getdefault() was missing void in the function
definition.  This broke clang-15 that didn't match the declaration that
had the void in the argument with the definition that hadn't.
2022-05-04 13:03:51 +02:00
Mark Andrews
c76a6349eb Merge branch '3266-rndc-system-test-fails-due-to-rate-limit-of-built-in-_bind-view-v9_16' into 'v9_16'
Improve forensics for the querylog section of rndc system test

See merge request isc-projects/bind9!6246
2022-05-02 19:54:44 +00:00
Mark Andrews
8ae4fda54a Improve forensics for the querylog section of rndc system test
The dig commands appear to be failing unexpectedly on some platforms
when rate limiting kicks in and the response is dropped.  Correct
behaviour should be for dig to retry the query.  Set +qr and capture
stdout and stderr of each of the dig commands involved.

(cherry picked from commit 614cf5a030)
2022-05-03 00:19:37 +10:00
Mark Andrews
3ad550f17a Merge branch '3307-socket-c-5111-setsockopt-20-ipv6_v6only-failed-invalid-argument-on-openbsd' into 'v9_16'
Resolve "socket.c:5111: setsockopt(20, IPV6_V6ONLY) failed: Invalid argument on OpenBSD"

See merge request isc-projects/bind9!6208
2022-05-02 04:27:49 +00:00
Mark Andrews
2a9ab8a732 Don't try to set IPV6_V6ONLY on OpenBSD
OpenBSD IPv6 sockets are always IPv6-only, so the socket option is read-only (not modifiable)
2022-05-02 14:09:31 +10:00
Matthijs Mekking
fe23b6e020 Merge branch 'matthijs-kasp-system-test-failure-v9_16' into 'v9_16'
[v9_16] Fix kasp system test failures

See merge request isc-projects/bind9!6237
2022-04-29 12:26:05 +00:00
Matthijs Mekking
22f3c453f0 Fix a kasp system test bug
In '_check_apex_dnskey' we check for each key (KEY1 to KEY4) if they
are present in the DNSKEY RRset if they should be.

However, we only grep the dig output for the first seven fields (owner,
ttl, class, type, flags, protocol, algorithm). This can be the same
for different keys.

For example, KEY1 may be KSK predecessor and KEY2 a KSK successor,
both DNSKEY records for these keys are the same up to the public key
field. This can cause test failures if KEY1 needs to be present, but
KEY2 not, because when grepping for KEY2 we will falsely detect the
key to be present (because the grep matches KEY1).

Fix the function by grepping looking for the first seven fields in the
corresponding key file and retrieve the public key part. Grep for this
in the dig output.

(cherry picked from commit 3e1d09ac66)
2022-04-29 13:59:49 +02:00
Matthijs Mekking
3625cf1f63 Minor fixes in kasp system test
Fix two typos and two grep calls.

(cherry picked from commit 2b34b326fc)
2022-04-29 13:59:41 +02:00
Petr Špaček
a62a672ce0 Merge branch 'feature/main/default-config-print-v9_16' into 'v9_16'
Export built-in default configuration for named binary [v9_16]

See merge request isc-projects/bind9!6235
2022-04-29 10:40:57 +00:00
Petr Menšík
c1127e3550 Export built-in default configuration for named binary
It might be useful to display built-in configuration with all its
values. It should make it easier to test what default values has changed
in a new release.

Related: #1326
(cherry picked from commit cf722d18b3)
2022-04-29 12:26:46 +02:00
Arаm Sаrgsyаn
fa9db55d59 Merge branch '3278-dig-+nssearch-hang-v9_16' into 'v9_16'
Resolve "dig +nssearch sometimes hangs in BIND v9.16, with an assertion failure after "ctrl+c"

See merge request isc-projects/bind9!6125
2022-04-29 10:00:34 +00:00
Aram Sargsyan
ab4ec2278e Add CHANGES note for [GL #3278] 2022-04-29 09:10:44 +00:00
Aram Sargsyan
1f2d2611ee Fix dig +nssearch race between recv_done() and send_done()
The `send_done()` callback needs to access query's `link.next` pointer
when running in `+nssearch` mode, even if the query is already canceled
or serviced, which can happen when `recv_done()` happens to be called
earlier than `send_done()`.

Keep the next query's pointer before unlinking the query from the
lookup's queries list in `clear_query()` so that `send_done()` can
use it even if the query is cleared.
2022-04-29 09:09:39 +00:00
Aram Sargsyan
e3b058bbcd Print more lookup and query pointers in dighost.c debug messages
Printing the pointers makes it clear, for example, for which query
exactly a recv_done() or send_done() callback was called, which
helps investigating and debugging issues easier.
2022-04-29 09:09:39 +00:00
Arаm Sаrgsyаn
6aac98bfa0 Merge branch '3313-dlz_ldap_driver.c-fix-fallthrough-v9_16' into 'v9_16'
Add missing FALLTHROUGH macros in a switch statement

See merge request isc-projects/bind9!6222
2022-04-29 07:48:23 +00:00
Aram Sargsyan
930cfe7d0f Add missing FALLTHROUGH macros in a switch statement
dzl_ldap_driver.c was missing some FALLTHROUGH macros in a switch
statement resulting in compiler warnings and a failed build when
configured with `--with-dlz-ldap` option.
2022-04-29 07:13:53 +00:00
Mark Andrews
44b8eea09e Merge branch 'bug/main/new-zones-dir-null-v9_16' into 'v9_16'
Don't test new-zones-directory argument validity

See merge request isc-projects/bind9!6231
2022-04-29 02:08:11 +00:00
Petr Menšík
c1b3862c4a Additional safety check for negative array index
inet_ntop result should always protect against empty string accepted
without an error. Make additional check to satisfy coverity scans.

(cherry picked from commit 656a0f076f)
2022-04-29 11:46:33 +10:00
Petr Menšík
1e88c0196c Initialize printed buffer
- var_decl: Declaring variable "tbuf" without initializer
- assign: Assigning: "target.base" = "tbuf", which points to
  uninitialized data
- assign: Assigning: "r.base" = "target.base", which points to
  uninitialized data

I expect it would correctly initialize length always. Add simple
initialization to silent coverity.

(cherry picked from commit 59132bd3ec)
2022-04-29 11:46:33 +10:00
Petr Menšík
1bc7552203 Ensure diff variable is not read uninitialized
Coverity detected issues:
- var_decl: Declaring variable "diff" without initializer.
- uninit_use_in_call: Using uninitialized value "diff.tuples.head" when
  calling "dns_diff_clear".

(cherry picked from commit 67e773c93c)
2022-04-29 11:46:33 +10:00