Commit Graph

41704 Commits

Author SHA1 Message Date
Matthijs Mekking
fa20a1df39 Fix bug in dns_keymgr_offline
If the ZSK has lifetime unlimited, the timing metadata "Inactive" and
"Delete" cannot be found and is treated as an error. Fix by allowing
these metadata to not exist.

(cherry picked from commit 5af53a329f)
2024-09-09 19:27:28 +02:00
Nicki Křížek
90bec9e287 chg: doc: Set up version for BIND 9.20.3
Merge branch 'nicki/set-up-version-for-bind-9.20.3' into 'bind-9.20'

See merge request isc-projects/bind9!9463
2024-09-09 17:23:58 +00:00
Nicki Křížek
314ba3898d Update BIND version to 9.20.3-dev 2024-09-09 19:21:41 +02:00
Nicki Křížek
02d4755cc3 [9.20] fix: usr: Fix rare assertion failure when shutting down incoming transfer
A very rare assertion failure can be triggered when the incoming transfer is either forcefully shut down or it is finished during printing the details about the statistics channel.  This has been fixed.

Closes #4860

Backport of MR !9336

Merge branch 'backport-4860-destroy-xfrin-timers-on-the-loop-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9377
2024-09-03 16:26:59 +00:00
Ondřej Surý
6db9f177b5 Destroy the dns_xfrin isc_timers on the correct loop
There are few places where we attach/detach from the dns_xfrin object
while running on a different thread than the zone's assigned thread -
xfrin_xmlrender() in the statschannel and dns_zone_stopxfr() to name the
two places where it happens now.  In the rare case, when the incoming
transfer completes (or shuts down) in the brief period between the other
thread attaches and detaches from the dns_xfrin, the isc_timer_destroy()
calls would be called by the last thread calling the xfrin_detach().
In the worst case, it would be this other thread causing assertion
failure.  Move the isc_timer_destroy() call to xfrin_end() function
which is always called on the right thread and to match this move
isc_timer_create() to xfrin_start() - although this other change makes
no difference.

(cherry picked from commit 3bca3cb5cf)
2024-09-03 15:51:35 +00:00
Nicki Křížek
ce3209b1dc [9.20] chg: usr: Follow the number of CPU set by taskset/cpuset
Administrators may wish to constrain the set of cores that BIND 9 runs on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on other O/S).

If the admin has used taskset, the `named` will now follow to automatically use the given number of CPUs rather than the system wide count.

Closes #4884

Backport of MR !9398

Merge branch 'backport-4884-use-cpuset-to-get-number-of-cpus-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9442
2024-09-03 13:52:42 +00:00
Ondřej Surý
5255843f9b Follow the number of CPU set by taskset/cpuset
Administrators may wish to constrain the set of cores that BIND 9 runs
on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on
other O/S), for example to achieve higher (or more stable) performance
by more closely associating threads with individual NIC rx queues. If
the admin has used taskset, it follows that BIND ought to
automatically use the given number of CPUs rather than the system wide
count.

Co-Authored-By: Ray Bellis <ray@isc.org>
(cherry picked from commit 5a2df8caf5)
2024-09-03 13:52:10 +00:00
Nicki Křížek
36e220646c [9.20] chg: test: Reduce the size of hashmap_nodes.h file
Instead of keeping the whole array of test_node_t objects, just keep the
hashvalues and generated the rest of the test_node_t on the fly.  The
test still works this way and the file size has been reduced from 2M to
90k.

Closes #4851

Backport of MR !9318

Merge branch 'backport-4851-generate-problematic-isc_hashmap-test-data-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9321
2024-09-03 13:24:21 +00:00
Ondřej Surý
95faca929e Reduce the size of hashmap_nodes.h file
Instead of keeping the whole array of test_node_t objects, just keep the
hashvalues and generated the rest of the test_node_t on the fly.  The
test still works this way and the file size has been reduced from 2M to
90k.

(cherry picked from commit 2310c322c0)
2024-09-03 14:46:58 +02:00
Mark Andrews
4f01e8d33c [9.20] fix: Address potential TSAN issue with find->status
find->status is a private field of dns_adbfind_t so it now has an accessor function and has been made atomic.

Closes #4802

Backport of MR !9137

Merge branch 'backport-4802-address-potential-tsan-issue-with-find-status-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9433
2024-09-02 05:27:56 +00:00
Mark Andrews
1be660a1a2 Use atomics to access find->status
(cherry picked from commit a45e39d114)
2024-09-02 03:25:35 +00:00
Mark Andrews
ce6c0c26a0 Use an accessor fuction to access find->status
find->status is marked as private and access is controlled
by find->lock.

(cherry picked from commit c900300f21)
2024-09-02 03:25:35 +00:00
Mark Andrews
a348077718 [9.20] fix: chg: Improve performance when looking for the closest encloser when returning NSEC3 proofs
Use the fact that the database returns the longest matching part of the requested name to find the required NSEC3 record. If there are multiple versions present in the database we may have to search further.

Closes #4460

Backport of MR !9436

Merge branch 'backport-4460-auth-nsec3-many-labels-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9438
2024-08-29 22:37:35 +00:00
Mark Andrews
b30bff7dee Return partial match when requested
Return partial match from dns_db_find/dns_db_find when requested
to short circuit the closest encloser discover process.  Most of the
time this will be the actual closest encloser but may not be when
there yet to be committed / cleaned up versions of the zone with
names below the actual closest encloser.

(cherry picked from commit d42ea08f16)
2024-08-29 21:40:16 +00:00
Ondřej Surý
0b7eb9d7a9 [9.20] fix: usr: Delay release of root privileges until after configuring controls
Delay relinquishing root privileges until the control channel has been configured, for the benefit of systems that require root to use privileged port numbers.  This mostly affects systems without fine-grained privilege systems (i.e., other than Linux).

Closes #4793

Backport of MR !9123

Merge branch 'backport-4793-bind-9-19-24-not-listening-to-rndc-port-953-on-localhost-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9444
2024-08-29 18:47:44 +00:00
Evan Hunt
93729a294a Delay release of root privileges until after configuring controls
On systems where root access is needed to configure privileged
ports, we don't want to fully relinquish root privileges until
after the control channel (which typically runs on port 953) has
been established.

named_os_changeuser() now takes a boolean argument 'permanent'.
This allows us to switch the effective userid temporarily with
named_os_changeuser(false) and restore it with named_os_restoreuser(),
before permanently dropping privileges with named_os_changeuser(true).

(cherry picked from commit d57fa148af)
2024-08-29 18:11:58 +00:00
Michal Nowak
c5abdfc8f6 [9.20] chg: test: Bump max-recursion-queries to 100 in resolver system test
With max-recursion-queries set to 50 the resolver system test was
unstable in the "checking query resolution for a domain with a valid
glueless delegation chain" check as ns1 replied with SERVFAIL.

Closes #4897

Backport of MR !9435

Merge branch 'backport-4897-resolver-ns1-max-recursion-queries-100-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9440
2024-08-29 15:18:26 +00:00
Michal Nowak
f3b54c6688 Bump max-recursion-queries to 100 in resolver system test
With max-recursion-queries set to 50 the resolver system test was
unstable in the "checking query resolution for a domain with a valid
glueless delegation chain" check as ns1 replied with SERVFAIL.

(cherry picked from commit 8e0244d300)
2024-08-29 14:41:48 +00:00
Mark Andrews
498b762177 [9.20] fix: Accessing fctx->state without holding lock
Move lock earlier in the call sequence to address access without lock report.

```
1559        /*
1560         * Caller must be holding the fctx lock.
1561         */
      	
CID 468796: (#1 of 1): Data race condition (MISSING_LOCK)
1. missing_lock: Accessing fctx->state without holding lock fetchctx.lock. Elsewhere, fetchctx.state is written to with fetchctx.lock held 2 out of 2 times.
1562        REQUIRE(fctx->state == fetchstate_done);
1563
1564        FCTXTRACE("sendevents");
1565
1566        LOCK(&fctx->lock);
1567
```

Closes #4902

Backport of MR !9427

Merge branch 'backport-4902-accessing-fctx-state-without-holding-lock-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9437
2024-08-29 13:22:18 +00:00
Mark Andrews
a39b4552a9 Move lock earlier in the call sequence
fctx->state should be read with the lock held.

    1559        /*
    1560         * Caller must be holding the fctx lock.
    1561         */

    CID 468796: (#1 of 1): Data race condition (MISSING_LOCK)
    1. missing_lock: Accessing fctx->state without holding lock fetchctx.lock.
       Elsewhere, fetchctx.state is written to with fetchctx.lock held 2 out of 2 times.
    1562        REQUIRE(fctx->state == fetchstate_done);
    1563
    1564        FCTXTRACE("sendevents");
    1565
    1566        LOCK(&fctx->lock);
    1567

(cherry picked from commit 43f0b0e8eb)
2024-08-29 12:46:43 +00:00
Michal Nowak
e81e4d0b99 [9.20] chg: ci: Generate TSAN stress test
Backport of MR !9334

Merge branch 'backport-mnowak/generate-tsan-stress-jobs-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9431
2024-08-28 16:20:26 +00:00
Michal Nowak
e7d24ddcff Generate TSAN stress test
(cherry picked from commit 338d4c8dd3)
2024-08-28 09:40:21 +00:00
Michal Nowak
9d811a1d7e [9.20] chg: ci: Cleanup stress test artifacts
Backport of MR !9424

Merge branch 'backport-mnowak/avoid-some-artifacts-in-stress-tests-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9428
2024-08-28 08:55:26 +00:00
Michal Nowak
09021e4b92 Some stress test artifacts should not be saved in CI artifact
(cherry picked from commit 6f86885304)
2024-08-28 08:01:23 +00:00
Ondřej Surý
1b7fa52d8f [9.20] fix: dev: Stop using malloc_usable_size and malloc_size
The `malloc_usable_size()` can return size larger than originally allocated and when these sizes disagree the fortifier enabled by `_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution abruptly.  Stop using these convenience functions as they are primary used for introspection-only.

Closes #4880

Backport of MR !9400

Merge branch 'backport-4880-dont-use-malloc_usable_size-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9418
2024-08-26 18:27:19 +00:00
Ondřej Surý
619d21b57c Stop using malloc_usable_size and malloc_size
Although the nanual page of malloc_usable_size says:

    Although the excess bytes can be over‐written by the application
    without ill effects, this is not good programming practice: the
    number of excess bytes in an allocation depends on the underlying
    implementation.

it looks like the premise is broken with _FORTIFY_SOURCE=3 on newer
systems and it might return a value that causes program to stop with
"buffer overflow" detected from the _FORTIFY_SOURCE.  As we do have own
implementation that tracks the allocation size that we can use to track
the allocation size, we can stop relying on this introspection function.

Also the newer manual page for malloc_usable_size changed the NOTES to:

    The value returned by malloc_usable_size() may be greater than the
    requested size of the allocation because of various internal
    implementation details, none of which the programmer should rely on.
    This function is intended to only be used for diagnostics and
    statistics; writing to the excess memory without first calling
    realloc(3) to resize the allocation is not supported.  The returned
    value is only valid at the time of the call.

Remove usage of both malloc_usable_size() and malloc_size() to be on the
safe size and only use the internal size tracking mechanism when
jemalloc is not available.

(cherry picked from commit d61712d14e)
2024-08-26 18:27:01 +00:00
Arаm Sаrgsyаn
5e78cade52 [9.20] chg: usr: Exempt prefetches from the fetches-per-zone and fetches-per-server quotas
Fetches generated automatically as a result of 'prefetch' are now
exempt from the 'fetches-per-zone' and 'fetches-per-server' quotas.
This should help in maintaining the cache from which query responses
can be given.

Closes #4219

Backport of MR !9095

Merge branch 'backport-4219-exempt-good-queries-from-fetch-limits-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9420
2024-08-26 16:29:16 +00:00
Aram Sargsyan
e464005903 Document that prefeteches are exempt from select quotas
Add notes to the 'fetches-per-zone' and 'fetches-per-server' clauses
documentation to document that prefetches are exempted.

(cherry picked from commit ad329ddcaa)
2024-08-26 15:54:02 +00:00
Aram Sargsyan
c90aa16929 Exempt prefetches from the fetches-per-server quota
Give prefetches a free pass through the quota so that the cache
entries for popular zones could be updated successfully even if the
quota for is already reached.

(cherry picked from commit c7e8b7cf63)
2024-08-26 15:54:02 +00:00
Aram Sargsyan
d96fca478a Exempt prefetches from the fetches-per-zone quota
Give prefetches a free pass through the quota so that the cache entry
for a popular zone could be updated successfully even if the quota for
it is already reached.

(cherry picked from commit cada2de31f)
2024-08-26 15:54:01 +00:00
Michal Nowak
fad5d1ada5 [9.20] chg: ci: Drop removed system tests from cross-version-config-tests
The cross-version-config-tests job fails when a system test is removed
from the upcoming release. To avoid this, remove the system test also
from the $BIND_BASELINE_VERSION.

See the failure mode at https://gitlab.isc.org/isc-projects/bind9/-/jobs/4668947.

Backport of MR !9413

Merge branch 'backport-mnowak/remove-dialup-from-cross-version-config-tests-job-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9415
2024-08-26 15:20:07 +00:00
Michal Nowak
b3902a3871 Drop removed system tests from $BIND_BASELINE_VERSION
The cross-version-config-tests job fails when a system test is removed
from the upcoming release. To avoid this, remove the system test also
from the $BIND_BASELINE_VERSION.

(cherry picked from commit 60f5f2a9d9)
2024-08-26 14:32:46 +00:00
Petr Špaček
57a9e3da00 [9.20] fix: dev: Preserve statement tag order in documentation
This supports bit-for-bit reproducibility of built documentation.

Closes #4886

Backport of MR !9399

Merge branch 'backport-issue-4886/order-preserving-documentation-tags-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9408
2024-08-23 14:43:09 +00:00
Petr Špaček
12c240dd56 Disallow duplicate statement tags in docs
I can't think of a use-case for them, so let's simplify code and treat
them as an invalid input.

(cherry picked from commit 5b832126b3)
2024-08-23 14:02:16 +00:00
James Addison
7880e1e73a Preserve de-duplicated tag order in documentation
The 'set' datatype in Python does not provide iteration-order
guarantees related to insertion-order.  That means that its
usage in the 'split_csv' helper function during documentation
build can produce nondeterministic results.

That is non-desirable for two reasons: it means that the
documentation output may appear to vary unnecessarily between
builds, and secondly there could be loss-of-information in cases
where tag order in the source documentation is significant.

This patch implements order-preserving de-duplication of tags,
allowing authors to specify tags using intentional priority
ordering, while also removing tags that appear more than once.

(cherry picked from commit 5a79b36f56)
2024-08-23 14:02:16 +00:00
Petr Špaček
3e6c2d6ed7 [9.20] new: ci: Automate parts of MR workflow
Backport of MR !9244

Merge branch 'backport-pspacek/post-merge-ci-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9401
2024-08-23 08:17:56 +00:00
Petr Špaček
4f04079727 Remove milestone check from dangerfile
Milestone is automatically set by 'merged-metadata' CI job to 'Not
released yet' so it does not matter what the original value was.

(cherry picked from commit 73b950dc29)
2024-08-23 07:58:29 +00:00
Petr Špaček
84e7550631 Remove 'Release notes' label check from dangerfile
This label is now handled automatically by 'merged-metadata' CI job.

(cherry picked from commit 146743d5a3)
2024-08-23 07:58:29 +00:00
Petr Špaček
23cd27689b Remove 'No CHANGES' check from dangerfile
This label is now handled automatically by 'merged-metadata' CI job.

(cherry picked from commit edf0e6415a)
2024-08-23 07:58:29 +00:00
Petr Špaček
19fd63b15b Automatically adjust MR metadata after merge
1. Set milestone to 'Not released yet' after merge
   We will set milestone to actual version number when we actually tag a
   particular version. This will get rid of mass MR reassignment when we
   do last minute changes to a release plan etc.

2. Adjust No CHANGES and Release Notes MR labels to match gitchangelog
   workflow.

(cherry picked from commit d1c64d588b)
2024-08-23 07:58:28 +00:00
Petr Špaček
77ff5dc762 Mark backports CI job as non-interruptible
Previously CI job for the autobackport bot inherited "interruptible:
true" global configuration. This caused premature termination of the job
when another merge was finished before the autobackport job ran to
completion.

(cherry picked from commit 3165261ecd)
2024-08-23 07:58:28 +00:00
Mark Andrews
d089963263 [9.20] new: usr: Support restricted key tag range when generating new keys
It is useful when multiple signers are being used
to sign a zone to able to specify a restricted
range of range of key tags that will be used by an
operator to sign the zone.  This adds controls to
named (dnssec-policy), dnssec-signzone, dnssec-keyfromlabel and
dnssec-ksr (dnssec-policy) to specify such ranges.

Closes #4830

Backport of MR !9258

Merge branch 'backport-4830-support-restricted-key-tag-range-when-generating-new-keys-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!9396
2024-08-22 23:03:16 +00:00
Mark Andrews
20632b9f44 Add bad dnssec-policy range variants test examples
(cherry picked from commit bb653d37e0)
2024-08-23 08:05:16 +10:00
Mark Andrews
fab6d0e021 Add a multi-signer where the key tag range changes
(cherry picked from commit 62469afe71)
2024-08-23 08:05:16 +10:00
Mark Andrews
3ec77a2f92 Use key tag ranges when generating multisigner keys
(cherry picked from commit 266530d473)
2024-08-23 08:05:16 +10:00
Mark Andrews
6e51d5b04b Check that dnssec-keygen honours key tag ranges
(cherry picked from commit d165466125)
2024-08-23 08:05:16 +10:00
Mark Andrews
2c8fd5337c Document dnssec-policy keys range directive
Co-authored-by: Suzanne Goldlust <sgoldlust@isc.org>
(cherry picked from commit c088772191)
2024-08-23 08:05:16 +10:00
Mark Andrews
4c980c2a51 Add good dnssec-policy tag-range variants test examples
(cherry picked from commit e7decd7a65)
2024-08-23 08:05:16 +10:00
Mark Andrews
1f1440c1b9 Check key tag range when matching dnssec keys to kasp keys
(cherry picked from commit 035289be71)
2024-08-23 08:05:16 +10:00
Mark Andrews
e3dedfb981 Add optional range directive to keys in dnssec-policy
(cherry picked from commit c5bc0a1805)
2024-08-23 08:05:16 +10:00