With 'stale-answer-enable yes;' and 'stale-answer-client-timeout off;',
consider the following situation:
A CNAME record and its target record are in the cache, then the CNAME
record expires, but the target record is still valid.
When a new query for the CNAME record arrives, and the query fails,
the stale record is used, and then the query "restarts" to follow
the CNAME target. The problem is that the query's multiple stale
options (like DNS_DBFIND_STALEOK) are not reset, so 'query_lookup()'
treats the restarted query as a lookup following a failed lookup,
and returns a SERVFAIL answer when there is no stale data found in the
cache, even if there is valid non-stale data there available.
With this change, query_lookup() now considers non-stale data in the
cache in the first place, and returns it if it is available.
(cherry picked from commit 86a80e723f)
Prime the cache with the following records:
shortttl.cname.example. 1 IN CNAME longttl.target.example.
longttl.target.example. 600 IN A 10.53.0.2
Wait for the CNAME record to expire, disable the authoritative server,
and query 'shortttl.cname.example' again, expecting a stale answer.
(cherry picked from commit 21faf44ef7)
dlz_ldap_dynamic.c: In function ‘dlz_create’:
dlz_ldap_dynamic.c:971:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
971 | if (result != ISC_R_SUCCESS) {
| ^
dlz_ldap_dynamic.c:974:9: note: here
974 | case 11:
| ^~~~
dlz_ldap_dynamic.c:976:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
976 | if (result != ISC_R_SUCCESS) {
| ^
dlz_ldap_dynamic.c:979:9: note: here
979 | case 10:
| ^~~~
dlz_ldap_dynamic.c:980:20: warning: this statement may fall through [-Wimplicit-fallthrough=]
980 | if (strlen(argv[9]) > 0) {
| ^
dlz_ldap_dynamic.c:987:9: note: here
987 | case 9:
| ^~~~
(cherry picked from commit 99912ed2f7)
dlz_wildcard_dynamic.c: In function ‘dlz_lookup’:
dlz_wildcard_dynamic.c:227:14: warning: variable ‘origin’ set but not used [-Wunused-but-set-variable]
227 | bool origin = true;
| ^~~~~~
dlz_wildcard_dynamic.c: In function ‘dlz_lookup’:
dlz_wildcard_dynamic.c:252:28: warning: assignment discards ‘const’ qualifier from pointer target type [-Wdiscarded-qualifiers]
252 | cd->record = "@";
| ^
dlz_wildcard_dynamic.c: In function ‘dlz_authority’:
dlz_wildcard_dynamic.c:328:22: warning: unused variable ‘origin’ [-Wunused-variable]
328 | bool origin;
| ^~~~~~
dlz_wildcard_dynamic.c:312:25: warning: unused variable ‘name’ [-Wunused-variable]
312 | const char *p, *name = "@";
| ^~~~
dlz_wildcard_dynamic.c: In function ‘dlz_create’:
dlz_wildcard_dynamic.c:441:23: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
441 | for (i = 4; i < argc; i += 4) {
| ^
(cherry picked from commit 76c8c58d54)
dlz_sqlite3_dynamic.c: In function ‘dlz_sqlite3_fetch_row’:
dlz_sqlite3_dynamic.c:447:31: warning: comparison of integer expressions of different signedness: ‘int’ and ‘unsigned int’ [-Wsign-compare]
447 | if (rs->pnRow > 0U && rs->curRow < rs->pnRow) {
| ^
dlz_sqlite3_dynamic.c:447:50: warning: comparison of integer expressions of different signedness: ‘unsigned int’ and ‘int’ [-Wsign-compare]
447 | if (rs->pnRow > 0U && rs->curRow < rs->pnRow) {
| ^
(cherry picked from commit 60f68dc0d6)
dlz_perl_driver.c: In function ‘dlz_version’:
dlz_perl_driver.c:116:27: warning: unused parameter ‘flags’ [-Wunused-parameter]
116 | dlz_version(unsigned int *flags) {
| ~~~~~~~~~~~~~~^~~~~
In file included from /usr/lib64/perl5/CORE/perl.h:5685,
from dlz_perl_driver.c:33:
dlz_perl_driver.c: In function ‘dlz_allnodes’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:151:17: note: in expansion of macro ‘POPs’
151 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_allowzonexfr’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:251:17: note: in expansion of macro ‘POPs’
251 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_findzonedb’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:328:17: note: in expansion of macro ‘POPs’
328 | POPs;
| ^~~~
dlz_perl_driver.c: In function ‘dlz_lookup’:
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:407:17: note: in expansion of macro ‘POPs’
407 | POPs;
| ^~~~
dlz_perl_driver.c:472:1: error: no previous prototype for ‘missing_perl_method’ [-Werror=missing-prototypes]
472 | missing_perl_method(const char *perl_class_name, PerlInterpreter *my_perl)
| ^~~~~~~~~~~~~~~~~~~
dlz_perl_driver.c: In function ‘missing_perl_method’:
dlz_perl_driver.c:485:9: error: ISO C90 forbids array ‘full_name’ whose size cannot be evaluated [-Werror=vla]
485 | char full_name[BUF_LEN];
| ^~~~
dlz_perl_driver.c: In function ‘dlz_create’:
dlz_perl_driver.c:613:13: warning: suggest parentheses around assignment used as truth value [-Wparentheses]
613 | if (missing_method_name = missing_perl_method(perl_class_name, my_perl))
| ^~~~~~~~~~~~~~~~~~~
/usr/lib64/perl5/CORE/pp.h:162:26: warning: value computed is not used [-Wunused-value]
162 | #define POPs (*sp--)
| ~^~~~~~
dlz_perl_driver.c:657:17: note: in expansion of macro ‘POPs’
657 | POPs;
| ^~~~
dlz_perl_driver.c:502:15: warning: unused variable ‘init_args’ [-Wunused-variable]
502 | char *init_args[] = { NULL, NULL };
| ^~~~~~~~~
(cherry picked from commit be928dbba2)
Avoid using the environment variables for feature detection and use the
feature-test utility instead.
Remove the obsolete environment variables from conf.sh, since they're no
longer used anywhere.
(cherry picked from commit 9730ac4c56)
Previously, there were two different ways to detect feature support.
Either through an environment variable set by configure in conf.sh, or
using the feature-test utility.
It is more simple and consistent to have only one way of detecting the
feature support. Using the feature-test utility seems superior the the
environment variables set by configure.
(cherry picked from commit d24fb1122e)
The "final reference detached" message was meant to be DEBUG(1), but was
instead kept at INFO level. Move it to the DEBUG(1) logging level, so
it's not printed under normal operations.
(cherry picked from commit 1816244725)
The system test should never attempt to start or stop any other server
than those that belong to that system test. Therefore, it is not
necessary to specify the system test name in function calls.
Additionally, this makes it possible to run the test inside a
differently named directory, as its name is automatically detected with
the $SYSTESTDIR variable. This enables running the system tests inside a
temporary directory.
Direct use of stop.pl was replaced with a more systematic approach to
use stop_servers helper function.
(cherry picked from commit c100308b7d)
gcovr fails to process fuzz/old.gcda and fuzz/old.gcno files after !7045
MR with:
(WARNING) GCOV produced the following errors processing /builds/isc-projects/bind9/fuzz/old.gcda:
Cannot open source file ../../fuzz/old.c
Cannot open source file ../../lib/dns/include/dns/compress.h
Cannot open source file ../../lib/isc/include/isc/buffer.h
...
(gcovr could not infer a working directory that resolved it.)
Given that code coverage inspection is meant only for BIND 9 code and
not its tests and auxiliary tools, the "fuzz" directory should be
excluded from being included in the code coverage report.
(cherry picked from commit 3b5e9666c6)
Deprecate auto-dnssec, add specific log warning to migrate to
dnssec-policy.
Cherry-picking triggered a lot of conflicts, so the changes
were manually picked.
(manually picked from commit f9845dd1)
The retry 3 times when checking signatures did not make sense because
at this point the input file does not change.
Raise the number of retries when checking the apex DNSKEY response to
reduce the number of intermittent failures due to unexpected delays.
(cherry picked from commit 6ef0417274)
Add and use dig_with_opts, resolve_with_opts and rndccmd.
Use $(()) and $() instead of back ticks.
Add more double quotes around variable.
Add non back ported error corrections from v9_18 and main.
Create a zone that triggers DNAME owner name checks in a zone that
is only reachable using a dual stack server. The answer contains
a name that is higher in the tree than the query name.
e.g.
foo.v4only.net. CNAME v4only.net.
v4only.net. A 10.0.0.1
ns4 is serving the test zone (ipv4-only)
ns6 is the root server for this test (dual stacked)
ns7 is acting as the dual stack server (dual stacked)
ns9 is the server under test (ipv6-only)
(cherry picked from commit f946133ec9)
Look for $testdir/$server/named.ipv6-only and use
fd92:7065:b8e:ffff::$n instead of 10.53.0.$n to
communicate with the server.
(cherry picked from commit a35c34e10f)
When using dual-stack-servers the covering namespace to check whether
answers are in scope or not should be fctx->domain. To do this we need
to be able to distingish forwarding due to forwarders clauses and
dual-stack-servers. A new flag FCTX_ADDRINFO_DUALSTACK has been added
to signal this.
(cherry picked from commit dfbffd77f9)
Lookup and set the wildcard option according to the configuration
settings. The default is on as per bin/named/config.c.
(cherry picked from commit dfc5c1e018)