DS records only belong at delegation points and if present
at the zone apex are invariably the result of administrative
errors. Additionally they can't be queried for with modern
resolvers as the parent servers will be queried.
(cherry picked from commit 35a58d30c9)
With netmgr we're creating separate socket for each IPv6 interface,
just as with IPv4 - update documentation accordingly.
(cherry picked from commit 6a2100034b)
To indicate the SoftHSM version used in each CI job while avoiding the
need to add another token to job names, replace "pkcs11" with
"softhsm2.4" and "fedora31:amd64" with "softhsm2.6".
(cherry picked from commit c7169c4ab0)
Various SoftHSM versions differ in algorithm support. Since Fedora
tends to have the latest SoftHSM version available in its stock package
repositories, enable PKCS#11 support in Fedora jobs to test multiple
SoftHSM versions in GitLab CI.
(cherry picked from commit 3ecb202ba3)
It might be possible some pending task would run when kserver is already
cleaned up. Postpone gsstsig structures cleanup after task and timer
managers are destroyed. No pending threads are possible after it.
Make action in maybeshutdown only if doshutdown was not already called.
Might be called from getinput event.
(cherry picked from commit 2685e69be8)
The release notes were previously built as a separate document
(including the PDF version). It was agreed that this doesn't make much
sense, so the release notes are now included only as an appendix to the
BIND 9 ARM.
(cherry picked from commit 8eb2323ec3)
When we made BIND 9 libraries private to BIND 9, we forgot to remove the
libdns section on "export" libraries from the ARM.
(cherry picked from commit 3637c466c9)
This includes reorganization of the lists of RFCs supported by BIND 9.
I included all the RFCs and notes from the list identified by Vicky in
any DNS-related RFCs written by current ISC engineers, on the assumption
that BIND would comply with them.
(cherry picked from commit 8ca7f22671)
As a leftover from old TCP accept code isc_uv_import passed TCP_SERVER
flag when importing a socket on Windows.
Since now we're importing/exporting accepted connections it needs to
pass TCP_CONNECTION flag.
(cherry picked from commit 801f7af6e9)
Instead of using bind() and passing the listening socket to the children
threads using uv_export/uv_import use one thread that does the accepting,
and then passes the connected socket using uv_export/uv_import to a random
worker. The previous solution had thundering herd problems (all workers
waking up on one connection and trying to accept()), this one avoids this
and is simpler.
The tcp clients quota is simplified with isc_quota_attach_cb - a callback
is issued when the quota is available.
(cherry picked from commit 60629e5b0b)
The Danger script inspects differences between the current version of a
given merge request's target branch and the merge request branch. If
the latter falls behind the former, the Danger script will wrongly warn
about missing GitLab/RT identifiers because it incorrectly treats the
"+++" diff marker as an indication of the merge request adding new lines
to a file. Tweak the relevant conditional expression to prevent such
invalid warnings from being raised.
(cherry picked from commit e062812c38)
As GitLab Runner Docker executor caches Git repositories between jobs,
prevent the Danger script from attempting to update local refs to ensure
"git fetch" returns with an exit code of 0. Use the FETCH_HEAD ref for
determining the differences between the merge request branch and its
target branch.
(cherry picked from commit d558c4cb78)
Commits adding CHANGES entries and/or release notes do not need a commit
log message. Do not warn about a missing commit log message for such
commits to make the warning more meaningful.
(cherry picked from commit c13944ca46)
In case of a test failure we weren't tearing down sockets and tasks
properly, causing the test to hang instead of failing nicely.
(cherry picked from commit 4a8d9250cf)
The SO_INCOMING_CPU is available since Linux 3.19 for getting the value,
but only since Linux 4.4 for setting the value (see below for a full
description). BIND 9 should not fail when setting the option on the
socket fails, as this is only an optimization and not hard requirement
to run BIND 9.
SO_INCOMING_CPU (gettable since Linux 3.19, settable since Linux 4.4)
Sets or gets the CPU affinity of a socket. Expects an integer flag.
int cpu = 1;
setsockopt(fd, SOL_SOCKET, SO_INCOMING_CPU, &cpu, sizeof(cpu));
Because all of the packets for a single stream (i.e., all
packets for the same 4-tuple) arrive on the single RX queue that
is associated with a particular CPU, the typical use case is to
employ one listening process per RX queue, with the incoming
flow being handled by a listener on the same CPU that is
handling the RX queue. This provides optimal NUMA behavior and
keeps CPU caches hot.
(cherry picked from commit 4ec357da0a)
Originally, the default value for max-stale-ttl was 1 week, which could
and in some scenarios lead to cache exhaustion on a busy resolvers.
Picking the default value will always be juggling between value that's
useful (e.g. keeping the already cached records after they have already
expired and the upstream name servers are down) and not bloating the
cache too much (e.g. keeping everything for a very long time). The new
default reflects what we think is a reasonable to time to react on both
sides (upstream authoritative and downstream recursive).
(cherry picked from commit 13fd3ecfab)
