Commit Graph
37342 Commits
Author SHA1 Message Date
Mark Andrews e67adfb479 Merge branch '3857-notify-source-port-test-is-not-reliable-v9_18' into 'v9_18'
[9.18] Resolve "Notify source port test is not reliable"

See merge request isc-projects/bind9!7510
2023-02-09 09:36:47 +00:00
Mark Andrews 7ca00e674f Make notify source port test reliable
Send the test message from ns3 to ns2 instead of ns2 to ns3 as ns2
is started first and therefore the test doesn't have to wait on the
resend of the the NOTIFY message to be successful.

(cherry picked from commit e7e1f59a3a)
2023-02-09 19:40:19 +11:00
Mark Andrews c843811609 Merge branch '3831-dnssec-cds-failed-to-cleanup-properly-on-some-non-error-paths-v9_18' into 'v9_18'
[9.18] Resolve "dnssec-cds failed to cleanup properly on some non error paths"

See merge request isc-projects/bind9!7507
2023-02-09 00:36:14 +00:00
Mark Andrews ef2c69bf71 Add CHANGES note for [GL #3831]
(cherry picked from commit ae26fcb8f5)
2023-02-09 09:00:52 +11:00
Mark Andrews 66a3802507 dnssec-checkds: cleanup memory on error paths
Move and give unique names to the dns_db_t, dns_dbnode_t and
dns_dbversion_t pointers, so they have global scope and therefore
are visible to cleanup.  Unique names are not strictly necessary,
as none of the functions involved call each other.

Change free_db to handle NULL pointers and also an optional
(dns_dbversion_t **).

In match_keyset_dsset and free_keytable, ki to be handled
differently to prevent a false positive NULL pointer dereference
warning from scan.

In formatset moved dns_master_styledestroy earlier and freed
buf before calling check_result to prevent memory leak.

In append_new_ds_set freed ds on the default path before
calling check_result to prevent memory leak.

(cherry picked from commit 13f9d29954)
2023-02-09 09:00:28 +11:00
Mark Andrews af051282bc dnssec-cds failed to cleanup on non error paths
dnssec-cds failed to cleanup on non error paths which meant that
the OpenSSL libraries could not cleanup properly.

(cherry picked from commit 81bde388e4)
2023-02-09 08:58:15 +11:00
Mark Andrews 4fd22a2228 Define DNS_RDATASET_INIT for static initialisation
(cherry picked from commit ddc4d1fca4)
2023-02-09 08:58:15 +11:00
Evan Hunt a3bcab9105 Merge branch '3113-clientinfo-refactor-v9_18' into 'v9_18'
[9.18] Merge branch '3113-clientinfo-refactor' into 'main'

See merge request isc-projects/bind9!7504
2023-02-08 08:49:29 +00:00
Evan Hunt 9f1c6d9744 refactor dns_clientinfo_init(); use separate function to set ECS
Instead of using an extra rarely-used paramater to dns_clientinfo_init()
to set ECS information for a client, this commit adds a function
dns_clientinfo_setecs() which can be called only when ECS is needed.

(cherry picked from commit ff3fdaa424)
2023-02-08 00:13:12 -08:00
Evan Hunt 32623be328 Merge branch '3846-nsupdate-test-fix-v9_18' into 'v9_18'
[9.18] Merge branch '3846-nsupdate-test-fix' into 'main'

See merge request isc-projects/bind9!7503
2023-02-08 07:47:15 +00:00
Evan Hunt 1d6721c5fa increase simultaneous updates for quota test
the nsupdate system test was intermittently failing due to the update
quota not being exceeded when it should have been.  this is most likely
a timing issue: the client is sending updates too slowly, or the server
is processing them too quickly, for the quota to fill. this commit
attempts to make that the failure less likely by increasing the number
of update transactions from 10 to 20.

(cherry picked from commit 06b1faf068)
2023-02-07 23:41:24 -08:00
Evan Hunt 52d9ce038b Merge branch '854-spurious-keytype-warning-v9_18' into 'v9_18'
[9.18] Merge branch '854-spurious-keytype-warning' into 'main'

See merge request isc-projects/bind9!7502
2023-02-08 07:34:56 +00:00
Evan Hunt bc3be6dc29 silence a spurious warning during key generation
when generating a key, if a DH key already existed for the same
name, a spurious warning message was generated saying "bad key
type". this is fixed.

(cherry picked from commit 82503bec99)
2023-02-07 23:30:24 -08:00
Mark Andrews 34009f3d78 Merge branch '3852-follow-up-from-9-18-merge-branch-3790-use-configured-udp-port-into-main-v9_18' into 'v9_18'
[9.18] Allow some time to the root trust anchor to appear

See merge request isc-projects/bind9!7498
2023-02-07 22:24:05 +00:00
Mark Andrews 11065c810a Allow some time to the root trust anchor to appear
Following deleting the root trust anchor and reconfiguring the
server it takes some time to for trust anchor to appear in 'rndc
managed-keys status' output.  Retry several times.

(cherry picked from commit 71dbd09796)
2023-02-08 00:42:15 +11:00
Michal Nowak ed2f4c3a7c Merge branch 'mnowak/set-up-version-and-release-notes-for-bind-9.18.13' into 'v9_18'
Set up release notes for BIND 9.18.13

See merge request isc-projects/bind9!7496
2023-02-07 10:26:25 +00:00
Michal Nowak f8d168ecf3 Set up release notes for BIND 9.18.13 2023-02-07 11:16:28 +01:00
Michal Nowak 226e35887f Update BIND version to 9.18.13-dev 2023-02-07 11:12:21 +01:00
Evan Hunt 84801fe25f Merge branch '3790-use-configured-udp-port-v9_18' into 'v9_18'
[9.18] Merge branch '3790-use-configured-udp-port' into 'main'

See merge request isc-projects/bind9!7491
2023-02-07 01:19:30 +00:00
Evan Hunt 282f44d329 CHANGES for [GL #3790]
(cherry picked from commit 4f50854e7a)
2023-02-06 17:02:02 -08:00
Evan Hunt 29ccc052dd add source port configuration tests
check in the log files of receiving servers that the originating
ports for notify and SOA query messages were set correctly from
configured notify-source and transfer-source options.

(cherry picked from commit 9cffd5c431)
2023-02-06 17:02:02 -08:00
Evan Hunt 5508e25376 use configured source ports for UDP requests
the optional 'port' option, when used with notify-source,
transfer-source, etc, is used to set up UDP dispatches with a
particular source port, but when the actual UDP connection was
established the port would be overridden with a random one. this
has been fixed.

(configuring source ports is deprecated in 9.20 and slated for
removal in 9.22, but should still work correctly until then.)

(cherry picked from commit 4d50c912ba)
2023-02-06 17:02:02 -08:00
Mark Andrews 797c665c25 Merge branch '3838-named-rrchecker-should-cleanup-when-it-detects-an-error-v9_18' into 'v9_18'
[9.18] named-rrchecker: have fatal cleanup

See merge request isc-projects/bind9!7492
2023-02-07 00:59:26 +00:00
Mark Andrews c705467d30 named-rrchecker: have fatal cleanup
It is trivial to fully cleanup memory on all the error paths in
named-rrchecker, many of which are triggered by bad user input.
This involves freeing lex and mctx if they exist when fatal is
called.

(cherry picked from commit dbe82813e6)
2023-02-07 11:15:21 +11:00
Evan Hunt ab6c0a7d7a Merge branch '3673-delay-trust-anchor-management-v9_18' into 'v9_18'
[9.18] delay trust anchor management until zones are loaded

See merge request isc-projects/bind9!7489
2023-02-06 22:30:34 +00:00
Evan Hunt ac150939d5 delay trust anchor management until zones are loaded
it was possible for a managed trust anchor needing to send a key
refresh query to be unable to do so because an authoritative zone
was not yet loaded. this has been corrected by delaying the
synchronization of managed-keys zones until after all zones are
loaded.

(cherry-picked from commit bafbbd2465)
2023-02-06 14:27:16 -08:00
Michał Kępień 60124f85bd Merge branch '3781-deprecate-source-port-v9_18' into 'v9_18'
[9.18] mark "port" as deprecated for source address options

See merge request isc-projects/bind9!7478
2023-02-02 11:58:57 +00:00
Evan HuntandMichał Kępień 4cb762a10d CHANGES and release note for [GL #3781]
(cherry picked from commit 22d1951aa6)
2023-02-02 12:21:08 +01:00
Matthijs MekkingandMichał Kępień 64f5e83ef4 Test deprecate source port configuration
Add 'port' token to deprecated.conf. Also add options
'use-v4-udp-ports', 'use-v6-udp-ports', 'avoid-v4-udp-ports',
and 'avoid-v6-udp-ports'.

All of these should trigger warnings (except when deprecation warnings
are being ignored).

(cherry picked from commit 531914e660)
2023-02-02 12:21:08 +01:00
Evan HuntandMichał Kępień 5fa4aa2fec mark "port" as deprecated for source address options
Deprecate the use of "port" when configuring query-source(-v6),
transfer-source(-v6), notify-source(-v6), parental-source(-v6),
etc. Also deprecate use-{v4,v6}-udp-ports and avoid-{v4,v6}udp-ports.

(cherry picked from commit 470ccbc8ed)
2023-02-02 12:21:08 +01:00
Michał Kępień 5a14d4b015 Merge branch '3827-fix-dnsrps-builds-v9_18' into 'v9_18'
[9.18] Fix DNSRPS builds

See merge request isc-projects/bind9!7474
2023-02-01 10:54:46 +00:00
Michał Kępień 19bac062ad Add CHANGES entry for GL #3827
(cherry picked from commit 493eadd1ae)
2023-02-01 11:26:31 +01:00
Michał Kępień 41743a3061 Handle iterator options in rpsdb_allrdatasets()
Commit 6f998bbe51 added a new parameter,
'options', to the prototype of the 'allrdatasets' function pointer in
struct dns_dbmethods.  Handle this new parameter accordingly in
rpsdb_allrdatasets().

(cherry picked from commit f3def4e4ed)
2023-02-01 11:26:31 +01:00
Michał Kępień ef97bf534d Add DNSRPS builds to pairwise testing
The --enable-dnsrps-dl switch for ./configure enables preparing a
DNSRPS-enabled build of BIND 9 that is not directly linked against a
DNSRPS provider library (dlopen() at runtime is used instead).  Employ
this switch to test DNSRPS-enabled builds in the pairwise testing job in
GitLab CI.

(cherry picked from commit e688ca5316)
2023-02-01 11:26:31 +01:00
Mark Andrews feb6f768de Merge branch '3828-fuzz-dns_message_checksig-c-fails-to-call-dst_lib_destroy-v9_18' into 'v9_18'
[9.18] Call dst_lib_destroy if we have called dst_lib_init

See merge request isc-projects/bind9!7460
2023-01-31 22:15:26 +00:00
Mark Andrews 4666c2b0b2 Add CHANGES for [GL #3828]
(cherry picked from commit 13e0dfbae2)
2023-02-01 01:37:04 +11:00
Mark Andrews 0e89e18c4f Call dst_lib_destroy if we have called dst_lib_init
This returns BIGNUMs to OpenSSL allowing libcrypto to fully clean up.

(cherry picked from commit 897e0cd6f4)
2023-02-01 01:37:04 +11:00
Mark Andrews f56de96934 Merge branch '3830-nsupdate-failed-to-handle-primary-server-address-lookup-gracefully-v9_18' into 'v9_18'
[9.18] Handle address lookup failure more gracefully

See merge request isc-projects/bind9!7458
2023-01-31 14:34:26 +00:00
Mark Andrews 819ee39129 Add CHANGES for [GL #3830]
(cherry picked from commit fda7858e74)
2023-02-01 00:36:42 +11:00
Mark Andrews e0090d4639 Handle address lookup failure more gracefully
If the address lookup of the primary server fails just abort
the current update request rather than calling exit.  This allows
nsupdate to cleanup gracefully.

(cherry picked from commit f1387514c6)
2023-02-01 00:36:42 +11:00
Mark Andrews 5e6093210a Merge branch '3829-named-v-leaks-memory-when-shutting-down-v9_18' into 'v9_18'
[9.18] Call dns_lib_destroy in bin/named/main.c:printversion

See merge request isc-projects/bind9!7454
2023-01-30 23:32:47 +00:00
Mark Andrews caaf6a7594 Add CHANGES for [GL #3829]
(cherry picked from commit 1d258e2fb8)
2023-01-31 10:06:02 +11:00
Mark Andrews 4263afa31d Call dns_lib_destroy in bin/named/main.c:printversion
There were unbalanced calls to dns_lib_init and dns_lib_destroy
leading to an OpenSSL memory leak.

(cherry picked from commit 8b3c018f54)
2023-01-31 10:06:02 +11:00
Ondřej Surý 198615faad Merge branch '3806-give-ADB-heap-memory-context-a-name-v9_18' into 'v9_18'
[9.18] Properly name ADB hashmap memory context

See merge request isc-projects/bind9!7448
2023-01-30 11:57:38 +00:00
Ondřej Surý a25e41da02 Properly name ADB hashmap and named log memory contexts
The ADB hashmaps are stored in extra memory contexts, so the hash
tables are excluded from the overmem accounting.  The new memory
context was unnamed, give it a proper name.

Same thing has happened with extra memory context used for named
global log context - give the extra memory context a proper name.

(cherry picked from commit 3cda9f9f14)
2023-01-30 12:38:13 +01:00
Matthijs Mekking dcaf8d99c3 Merge branch '3822-rndc-dnssec-checkds-force-ds-state-v9_18' into 'v9_18'
[9.18] Force set DS state after 'rndc dnssec -checkds'

See merge request isc-projects/bind9!7437
2023-01-30 10:48:21 +00:00
Matthijs Mekking 7b69792cf7 Add CHANGES for #3822
(cherry picked from commit 38ffe5acf3)
2023-01-30 09:27:38 +01:00
Matthijs Mekking 68f0fc6309 Force set DS state after 'rndc dnssec -checkds'
Set the DS state after issuing 'rndc dnssec -checkds'. If the DS
was published, it should go in RUMOURED state, regardless whether it
is already safe to do so according to the state machine.

Leaving it in HIDDEN (or if it was magically already in OMNIPRESENT or
UNRETENTIVE) would allow for easy shoot in the foot situations.

Similar, if the DS was withdrawn, the state should be set to
UNRETENTIVE. Leaving it in OMNIPRESENT (or RUMOURED/HIDDEN)
would also allow for easy shoot in the foot situations.

(cherry picked from commit ee42f66fbe)
2023-01-30 09:27:38 +01:00
Mark Andrews 699d185176 Merge branch '3824-teach-danger-about-amend-v9_18' into 'v9_18'
[9.18] Teach danger about amend

See merge request isc-projects/bind9!7439
2023-01-27 22:58:03 +00:00
Mark Andrews 8a6b78f810 Teach danger about amend
commit --fixup=amend:<hash> produces a subject starting with amend!
by default.  Have danger look for this to ensure that it is squashed
before merging.

(cherry picked from commit 9b12473292)
2023-01-28 09:18:20 +11:00