The faulty "DLZ" configuration triggers a reconfiguration failure
in such a place where view reverting code is covered.
(cherry picked from commit 95f4bac002)
The tests have been executed with four jobs for a long time because the
TEST_PARALLEL_JOBS variable was set to 4 in the project's CI/CD
Variables Settings. The variable was recently dropped in favor of
.gitlab-ci.yaml one and now needs to be streamlined with the rest of
BIND 9 maintained branches.
(cherry picked from commit 03d7b45d81)
Make OpenBSD system tests more stable by disabling parallelism in CI.
Accordingly, they will run 3-4 times longer.
(cherry picked from commit d73eba57bd)
Setting TEST_PARALLEL_JOBS to 4 in FreeBSD system test jobs is a no-op
because it's already set to 4, one level above, on the global level.
(cherry picked from commit cf46addf51)
Add new SonarCloud GitHub Action and configuration; something (maybe
the way the builds were submitted) has apparently changed and the
project got deleted and the analysis wasn't working.
(cherry picked from commit 4bfbb4ddf7)
stop.pl tries to stop ns1 via rndc but fails to find rndc.conf because
the logfileconfig test code is unexpectedly executed from the
logfileconfig/ns1/ directory. Instead of stopping ns1 with rndc, it
waits for 30 seconds and then terminates ns1 with the TERM signal.
I:logfileconfig:testing default logfile using named -L file (9)
rndc: ../common/rndc.conf does not exist
Stopping ns1 with rndc was recently inadvertently introduced in
172826bfa8. Stop ns1 with the TERM signal
directly, as we did before.
[9.16][CVE-2022-3924] Add a reproducer for the serve-stale crash when recursive clients soft quota is reached
See merge request isc-projects/bind9!7577
Reproduce the assertion by configuring a 'named' resolver with
'recursive-clients 10;' configuration option and running 20
queries is parallel.
Also tweak the 'ans2/ans.pl' to simulate a 50ms network latency
when qname starts with "latency". This makes sure that queries
running in parallel don't get served immediately, thus allowing
the configured recursive clients quota limitation to be activated.
(cherry picked from commit 4b52b0b4a9)
The kasp pointers in dns_zone_t should consistently be changed by
dns_kasp_attach and dns_kasp_detach so the usage is balanced.
(cherry picked from commit b41882cc75)
bin/tests/system/get_algorithms.py:225:4: R1720: Unnecessary "else" after "raise", remove the "else" and de-indent the code inside it (no-else-raise)
(cherry picked from commit 8064ac6bec)
Historically, we avoided running system tests on Windows for merge
request-triggered pipelines because we have only one limited GitLab
Runner, which would be unable to reliably sustain the CI load of merge
requests for three maintained branches, and instead, we opted for
running Windows system tests in daily pipelines. CI load should no
longer be an issue since "v9_16" is the only (and last) maintained
branch with Windows support. We are only left with the downside of
failing to run system tests for merge requests on Windows: missing
Windows-specific quirks in the review process and finding out about them
only a day later in the daily pipeline (e.g., #3865 and #3874 from this
week).
Include MD5 feature detection in featuretest tool and use it in some
places. When RHEL distribution or Fedora ELN is in FIPS mode, then MD5
algorithm is unavailable completely and even hmac-md5 algorithm usage
will always fail. Work that around by checking MD5 works and if not,
skipping its usage.
Those changes were dragged as downstream patch bind-9.11-fips-tests.patch
in Fedora and RHEL.
(cherry picked from commit 6ad794a8cd)
The Windows doesn't have support for recvmmsg(), so we don't need to
check for maximal version on Windows (only for a minimal version).
Remove the MAXIMAL_VERSION when compiling on Windows.
This adds an island of trust that is reachable from the root
where the trust anchors are added to island.conf.
This add an island of trust that is not reachable from the root
where the trust anchors are added to private.conf.
(cherry picked from commit 41bdb5b9fe)
When there are multiple managed trust anchors we need to know the
name of the trust anchor that is failing. Extend the error message
to include the trust anchor name.
(cherry picked from commit fb7b7ac495)
it was possible for a managed trust anchor needing to send a key
refresh query to be unable to do so because an authoritative zone
was not yet loaded. this has been corrected by delaying the
synchronization of managed-keys zones until after all zones are
loaded.
(cherry picked from commit bafbbd2465)
Occasionally, the allotted 10 seconds for the "running" line to appear
in log after named is started proved insufficient in CI, especially
during increased load. Give named up to 60 seconds to start up to
mitigate this issue.
(cherry picked from commit b8bb4233e8)
the nsupdate system test was intermittently failing due to the update
quota not being exceeded when it should have been. this is most likely
a timing issue: the client is sending updates too slowly, or the server
is processing them too quickly, for the quota to fill. this commit
attempts to make that the failure less likely by increasing the number
of update transactions from 10 to 20.
(cherry picked from commit 06b1faf068)