When updating the statistics for RRset types, if a header is marked
stale or ancient, the appropriate statistic counters are decremented,
then incremented.
Also fix some out of date comments.
(cherry picked from commit a3af2c57e7)
The stale RR types are now printed with '#'. This used to be the
prefix for RR types that were marked ancient, but commit
df50751585 changed the meaning. It is
probably better to keep '#' for stale RR types and introduce a new
prefix for reintroducing ancient type stat counters.
(cherry picked from commit c9d56a8185)
Add a helper shell function, rndc_dumpdb(), which provides a convenient
way to call "rndc dumpdb" for a given server with optional additional
arguments. Since database dumping is an asynchronous process, the
function waits until the dump is complete before returning, which
prevents false positives in system tests caused by inspecting the dump
before its preparation is finished. The function also renames the dump
file before returning so that it does not get overwritten by subsequent
calls; this retains forensic data in case of an unexpected test failure.
(cherry picked from commit ab78e350dd)
Multiple resolvers in the "wildcard" system test are configured with a
single root hint: "ns.root-servers.nil", pointing to 10.53.0.1, which is
inconsistent with authoritative data served by ns1. This may cause
intermittent resolution failures, triggering false positives for the
"wildcard" system test. Prevent this from happening by making ns2, ns3,
and ns5 use root hints corresponding to the contents of ns1/root.db.in.
(cherry picked from commit dd430c3093)
The ns2 named instance in the "staticstub" system test is configured
with a single root hint commonly used in BIND system tests
(a.root-servers.nil with an address of 10.53.0.1), which is inconsistent
with authoritative data served by ns1. This may cause intermittent
resolution failures, triggering false positives for the "staticstub"
system test. Prevent this from happening by making ns1 serve data
corresponding to the contents of bin/tests/system/common/root.hint.
(cherry picked from commit 4b5e1da0e3)
Appending output of a command to the same file as the one that command
is reading from is a dangerous practice. It seems to have accidentally
worked with all the awk implementations we have tested against so far,
but for BusyBox awk, doing this may result in the input/output file
being written to in an infinite loop. Prevent this from happening by
redirect awk output to a temporary file and appending its contents to
the original file in a separate shell pipeline.
(cherry picked from commit bb9c1654e2)
The Net::DNS Perl module needs the Digest::HMAC module to support TSIG.
However, since the latter is not a hard requirement for the former, some
packagers do not make Net::DNS depend on Digest::HMAC. If Net::DNS is
installed on a host but Digest::HMAC is not, the "xfer" system test
breaks in a very hard-to-debug way (ans5 returns TSIG RRs with empty
RDATA, which prevents TSIG-signed SOA queries and transfers from
working). Prevent this from happening by making the "xfer" system test
explicitly require Digest::HMAC apart from Net::DNS.
(cherry picked from commit b10d28d1e0)
The BusyBox version of sed treats leading '\+' in a regular expression
to be matched as a syntax error ("Repetition not preceded by valid
expression"), which triggers false positives for the "digdelv" system
test. Make the relevant sed invocations work portably across all sed
implementations by removing the leading backslash.
(cherry picked from commit 266e3ed52a)
The BusyBox version of awk treats some variables which other awk
implementations consider to be decimal values as octal values. This
intermittently breaks key event interval calculations in the "autosign"
system test, trigger false positives for it. Prevent the problem from
happening by stripping leading zeros from the affected awk variables.
(cherry picked from commit ad008f7dbf)
Including <sys/errno.h> instead of <errno.h> raises a compiler warning
when building against musl libc. Always include <errno.h> instead of
<sys/errno.h> to prevent that compilation warning from being triggered
and to achieve consistency in this regard across the entire source tree.
(cherry picked from commit b5cd146033)
Resolvers in the "filter-aaaa" system test are configured with a single
root hint: "ns.rootservers.net", pointing to 10.53.0.1. However,
querying ns1 for "ns.rootservers.net" results in NXDOMAIN answers.
Since the TTL for the root hint is set to 0, it may happen that a
resolver's ADB will be asked to return any known addresses for
"ns.rootservers.net", but it will only have access to a cached NXDOMAIN
answer for that name and an expired root hint, which will result in a
resolution failure, triggering a false positive for the "filter-aaaa"
system test. Prevent this from happening by making all the root hints
consistent with authoritative data served by ns1.
(cherry picked from commit c19ebde14b)
This commit changes the BIND cookie algorithms to match
draft-sury-toorop-dnsop-server-cookies-00. Namely, it changes the Client Cookie
algorithm to use SipHash 2-4, adds the new Server Cookie algorithm using SipHash
2-4. The change doesn't make the SipHash 2-4 to be the default algorithm, this
is up to the operator.
The MSVS C compiler requires every struct to have at least one member.
The dns_geoip_databases_t structure had one set of members for
HAVE_GEOIP and a different set for HAVE_GEOIP2, and none when neither
API is in use.
This commit silences the compiler error by moving the declaration of
dns_geoip_databases_t to types.h as an opaque reference, and commenting
out the contents of geoip.h when neither version of GeoIP is enabled.
(cherry picked from commit 81fcde5953)
When trying to extract the key ID from a key file name, some test code
incorrectly attempts to strip all leading zeros. This breaks tests when
keys with ID 0 are generated. Add a new helper shell function,
keyfile_to_key_id(), which properly handles keys with ID 0 and use it in
test code whenever a key ID needs to be extracted from a key file name.
(cherry picked from commit 7d6eaad1bd)
When printing a packet, dnstap-read checks whether its text form takes
up more than the 2048 bytes allocated for the output buffer by default.
If that is the case, the output buffer is automatically expanded, but
the truncated output is left in the buffer, resulting in malformed data
being printed. Clear the output buffer before expanding it to prevent
this issue from occurring.
(cherry picked from commit 3549abe81d)
- revise mapping of search terms to database types to match the
GeoIP2 schemas.
- open GeoIP2 databases when starting up; close when shutting down.
- clarify the logged error message when an unknown database type
is configured.
- add new geoip ACL subtypes to support searching for continent in
country databases.
- map geoip ACL subtypes to specific MMDB database queries.
- perform MMDB lookups based on subtype, saving state between
queries so repeated lookups for the same address aren't necessary.
(cherry picked from commit 6e0b93e5a0)
