Merge branch 'prep-release' into master

Prepare documentation for BIND 9.17.2

See merge request isc-private/bind9!172

CHANGES

@@ -1,72 +1,82 @@
+	--- 9.17.2 released ---
+
 5438.	[bug]		Fix a race in TCP accepting code. [GL #1930]
 
-5437.	[bug]		Fix a data race in resolver log_formerr. [GL #1808]
+5437.	[bug]		Fix a data race in lib/dns/resolver.c:log_formerr().
+			[GL #1808]
 
-5436.	[placeholder]
+5436.	[security]	It was possible to trigger an INSIST when determining
+			whether a record would fit into a TCP message buffer.
+			(CVE-2020-8618) [GL #1850]
 
-5435.	[placeholder]
+5435.	[tests]		Add RFC 4592 responses examples to the wildcard system
+			test. [GL #1718]
 
-5434.	[placeholder]
+5434.	[security]	It was possible to trigger an INSIST in
+			lib/dns/rbtdb.c:new_reference() with a particular zone
+			content and query patterns. (CVE-2020-8619) [GL #1111]
+			[GL #1718]
 
 5433.	[placeholder]
 
-5432.	[bug]		Check the question section when processing AXFR, IXFR
-			and SOA replies when transfer a zone in. [GL #1683]
+5432.	[bug]		Check the question section when processing AXFR, IXFR,
+			and SOA replies when transferring a zone in. [GL #1683]
 
 5431.	[func]		Reject DS records at the zone apex when loading
 			master files. Log but otherwise ignore attempts to
 			add DS records at the zone apex via UPDATE. [GL #1798]
 
-5430.	[doc]		Update docs - with netmgr we're creating separate
-			socket for each IPv6 interface, just as with IPv4.
+5430.	[doc]		Update docs - with netmgr, a separate listening socket
+			is created for each IPv6 interface (just as with IPv4).
 			[GL #1782]
 
 5429.	[cleanup]	Move BIND binaries which are neither daemons nor
 			administrative programs to $bindir. [GL #1724]
 
-5428.	[bug]		Cleanup GSSAPI resources in nsupdate only after taskmgr
+5428.	[bug]		Clean up GSSAPI resources in nsupdate only after taskmgr
 			has been destroyed. Thanks to Petr Menšík. [GL !3316]
 
 5427.	[placeholder]
 
-5426.	[bug]		Don't fail when setting SO_INCOMING_CPU on the socket
+5426.	[bug]		Don't abort() when setting SO_INCOMING_CPU on the socket
 			fails. [GL #1911]
 
-5425.	[func]		The default value of "max-stale-ttl" has been change
+5425.	[func]		The default value of "max-stale-ttl" has been changed
 			from 1 week to 12 hours. [GL #1877]
 
-5424.	[bug]		With kasp, when creating a successor key, the goal
+5424.	[bug]		With KASP, when creating a successor key, the "goal"
 			state of the current active key (predecessor) was not
-			changed and thus was never is removed from the zone.
-			[GL #1846]
+			changed and thus never removed from the zone. [GL #1846]
 
-5423.	[bug]		Fix a bug in keymgr_key_has_successor: it would
-			return a false positive if any other key in the
-			keyring has a successor. [GL #1845]
+5423.	[bug]		Fix a bug in keymgr_key_has_successor(): it incorrectly
+			returned true if any other key in the keyring had a
+			successor. [GL #1845]
 
-5422.	[bug]		When using dnssec-policy, print correct keytiming
+5422.	[bug]		When using dnssec-policy, print correct key timing
 			metadata. [GL #1843]
 
-5421.	[bug]		Fixed a race that could cause named to crash when
-			looking up the nodename of an RBT node if the tree
-			was modified. [GL #1857]
+5421.	[bug]		Fix a race that could cause named to crash when looking
+			up the nodename of an RBT node if the tree was modified.
+			[GL #1857]
 
-5420.	[bug]		Add missing isc_{mutex,conditional}_destroy calls
+5420.	[bug]		Add missing isc_{mutex,conditional}_destroy() calls
 			that caused a memory leak on FreeBSD. [GL #1893]
 
-5419.	[func]		"dig +qid=<num>" sets the query ID to an arbitrary
-			value. "configure --enable-singletrace" allows
-			trace logging of a single query when QID is set to 0.
-			[GL #1851]
+5419.	[func]		Add new dig command line option, "+qid=<num>", which
+			allows the query ID to be set to an arbitrary value.
+			Add a new ./configure option, --enable-singletrace,
+			which allows trace logging of a single query when QID is
+			set to 0. [GL #1851]
 
-5418.	[bug]		delv failed to parse deprecated trusted-keys style
+5418.	[bug]		delv failed to parse deprecated trusted-keys-style
 			trust anchors. [GL #1860]
 
 5417.	[cleanup]	The code determining the advertised UDP buffer size in
 			outgoing EDNS queries has been refactored to improve its
 			clarity. [GL #1868]
 
-5416.	[bug]		Fix a lock order inversion in unix/socket.c. [GL #1859]
+5416.	[bug]		Fix a lock order inversion in lib/isc/unix/socket.c.
+			[GL #1859]
 
 5415.	[test]		Address race in dnssec system test that led to
 			test failures. [GL #1852]
@@ -78,22 +88,21 @@
 5413.	[test]		Address race in autosign system test that led to
 			test failures. [GL #1852]
 
-5412.	[bug]		'provide-ixfr no;' fail to return up-to-date responses
+5412.	[bug]		'provide-ixfr no;' failed to return up-to-date responses
 			when the serial was greater than or equal to the
 			current serial. [GL #1714]
 
-5411.	[cleanup]	Refactoring of TCP accept code to use a single accept()
-			and pass the accepted socket to child threads for
-			processing. [GL !3320]
+5411.	[cleanup]	TCP accept code has been refactored to use a single
+			accept() and pass the accepted socket to child threads
+			for processing. [GL !3320]
 
-5410.	[func]		Add the ability to specify per-type record count
-			limits in an "update-policy" statement, which
-			are enforced when adding records via UPDATE.
-			[GL #1657]
+5410.	[func]		Add the ability to specify per-type record count limits,
+			which are enforced when adding records via UPDATE, in an
+			"update-policy" statement. [GL #1657]
 
-5409.	[performance]	When looking up NSEC3 data in a zone database, skip
-			the check for empty non-terminal nodes; the NSEC3
-			tree doesn't have any. [GL #1834]
+5409.	[performance]	When looking up NSEC3 data in a zone database, skip the
+			check for empty non-terminal nodes; the NSEC3 tree does
+			not have any. [GL #1834]
 
 5408.	[protocol]	Print Extended DNS Errors if present in OPT record.
 			[GL #1835]
@@ -101,13 +110,13 @@
 5407.	[func]		Zone timers are now exported via statistics channel.
 			Thanks to Paul Frieden, Verizon Media. [GL #1232]
 
-5406.	[func]		Added a new logging category, "rpz-passthru". It allows
-			RPZ passthru actions to be logged into a separate
-			channel. [GL #54]
+5406.	[func]		Add a new logging category, "rpz-passthru", which allows
+			RPZ passthru actions to be logged in a separate channel.
+			[GL #54]
 
-5405.	[bug]		'named-checkconf -p' could include spurious text
-			in server-addresses statements due to an uninitialized
-			DSCP value. [GL #1812]
+5405.	[bug]		'named-checkconf -p' could include spurious text in
+			server-addresses statements due to an uninitialized DSCP
+			value. [GL #1812]
 
 5404.	[bug]		'named-checkconf -z' could incorrectly indicate
 			success if errors were found in one view but not in a

bin/tests/system/wildcard/ns1/example.db.in

@@ -0,0 +1,12 @@
+$ORIGIN example.
+example.                 3600 IN  SOA   . . 0 0 0 0 0
+example.                 3600     NS    ns.example.com.
+example.                 3600     NS    ns.example.net.
+*.example.               3600     TXT   "this is a wildcard"
+*.example.               3600     MX    10 host1.example.
+sub.*.example.           3600     TXT   "this is not a wildcard"
+host1.example.           3600     A     192.0.2.1
+_ssh._tcp.host1.example. 3600     SRV   0 0 22 host1.example.
+_ssh._tcp.host2.example. 3600     SRV   0 0 22 host2.example.
+subdel.example.          3600     NS    ns.example.com.
+subdel.example.          3600     NS    ns.example.net.

bin/tests/system/wildcard/ns1/named.conf.in

@@ -24,6 +24,10 @@ options {
 
 zone "." { type master; file "root.db.signed"; };
 
+/*
+ * RFC 4592 example zone.
+ */
+zone "example" { type master; file "example.db"; };
 zone "nsec" { type master; file "nsec.db.signed"; };
 zone "private.nsec" { type master; file "private.nsec.db.signed"; };
 

bin/tests/system/wildcard/ns1/sign.sh

@@ -15,6 +15,9 @@ SYSTESTDIR=wildcard
 
 dssets=
 
+# RFC 4592 example zone.
+cp example.db.in example.db
+
 zone=nsec
 infile=nsec.db.in
 zonefile=nsec.db

bin/tests/system/wildcard/tests.sh

@@ -142,5 +142,93 @@ grep -i 'flags:.* ad[ ;]'  dig.out.ns4.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=`expr $status + $ret`
 
+echo_i "checking RFC 4592 responses ..."
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: host3.example. QTYPE=MX, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 host3.example. MX IN > dig.out.ns1.test$n || ret=1
+grep '^host3.example..*IN.MX.10 host1.example.' dig.out.ns1.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: host3.example. QTYPE=A, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 host3.example. A IN > dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: foo.bar.example. QTYPE=TXT, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 foo.bar.example TXT IN > dig.out.ns1.test$n || ret=1
+grep '^foo.bar.example..*IN.TXT."this is a wildcard"' dig.out.ns1.test$n > /dev/null || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 1," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: host1.example. QTYPE=MX, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 host1.example MX IN > dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: host1.example. QTYPE=MX, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 host1.example MX IN > dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: sub.*.example. QTYPE=MX, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 "sub.*.example." MX IN > dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: _telnet._tcp.host1.example. QTYPE=SRV, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 _telnet._tcp.host1.example. SRV IN > dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: host.subdel.example. QTYPE=A, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 host.subdel.example A IN > dig.out.ns1.test$n || ret=1
+grep "status: NOERROR" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
+grep "AUTHORITY: 2," dig.out.ns1.test$n > /dev/null || ret=1
+grep "subdel.example..*IN.NS.ns.example.com." dig.out.ns1.test$n > /dev/null || ret=1
+grep "subdel.example..*IN.NS.ns.example.net." dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
+n=`expr $n + 1`
+echo_i "checking RFC 4592: ghost.*.example. QTYPE=MX, QCLASS=IN ($n)"
+ret=0
+$DIG $DIGOPTS @10.53.0.1 "ghost.*.example" MX IN > dig.out.ns1.test$n || ret=1
+grep "status: NXDOMAIN" dig.out.ns1.test$n > /dev/null || ret=1
+grep "ANSWER: 0," dig.out.ns1.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=`expr $status + $ret`
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1

configure.ac

@@ -14,8 +14,8 @@
 #
 m4_define([bind_VERSION_MAJOR], 9)dnl
 m4_define([bind_VERSION_MINOR], 17)dnl
-m4_define([bind_VERSION_PATCH], 1)dnl
-m4_define([bind_VERSION_EXTRA], -dev)dnl
+m4_define([bind_VERSION_PATCH], 2)dnl
+m4_define([bind_VERSION_EXTRA], )dnl
 m4_define([bind_DESCRIPTION], [(Development Release)])dnl
 m4_define([bind_SRCID], [m4_esyscmd_s([git rev-parse --short HEAD | cut -b1-7])])dnl
 m4_define([bind_PKG_VERSION], [[bind_VERSION_MAJOR.bind_VERSION_MINOR.bind_VERSION_PATCH]bind_VERSION_EXTRA])dnl

doc/arm/notes.rst

@@ -62,7 +62,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, source code, and pre-compiled versions
 for Microsoft Windows operating systems.
 
-.. include:: ../notes/notes-current.rst
+.. include:: ../notes/notes-9.17.2.rst
 .. include:: ../notes/notes-9.17.1.rst
 .. include:: ../notes/notes-9.17.0.rst
 

doc/notes/notes-9.17.2.rst

@@ -25,19 +25,24 @@ Security Fixes
 -  Replaying a TSIG BADTIME response as a request could trigger an
    assertion failure. This was disclosed in CVE-2020-8617. [GL #1703]
 
+-  It was possible to trigger an assertion when attempting to fill an
+   oversized TCP buffer. This was disclosed in CVE-2020-8618. [GL #1850]
+
+-  It was possible to trigger an INSIST failure when a zone with an
+   interior wildcard label was queried in a certain pattern. This was
+   disclosed in CVE-2020-8619. [GL #1111] [GL #1718]
+
 Known Issues
 ~~~~~~~~~~~~
 
 -  In this release, the build system has been significantly changed (see
-   below), and there is a number of unresolved issues to be aware of
-   when using a development release. Please refer to `GitLab issue #4`_
-   for a list of not yet resolved issues that will be fixed in the
-   following releases. [GL #4]
-
-.. _GitLab issue #4: https://gitlab.isc.org/isc-projects/bind9/-/issues/4
+   below) and there are several unresolved issues to be aware of when
+   using a development release. Please refer to `GitLab issue #4`_ for a
+   list of not-yet-resolved issues that will be fixed in future
+   releases. [GL #4]
 
 -  BIND crashes on startup when linked against libuv 1.36. This issue
-   is related to ``recvmmsg()`` support in libuv which was first
+   is related to ``recvmmsg()`` support in libuv, which was first
    included in libuv 1.35. The problem was addressed in libuv 1.37, but
    the relevant libuv code change requires a special flag to be set
    during library initialization in order for ``recvmmsg()`` support to
@@ -56,7 +61,28 @@ New Features
    first. Extra attention is also needed when using non-standard
    ``./configure`` options. [GL #4]
 
--  Added a new logging category ``rpz-passthru`` which allows RPZ
+-  Documentation was converted from DocBook to reStructuredText. The
+   BIND 9 ARM is now generated using Sphinx and published on `Read the
+   Docs`_. Release notes are no longer available as a separate document
+   accompanying a release. [GL #83]
+
+-  ``named`` and ``named-checkzone`` now reject master zones that have a
+   DS RRset at the zone apex. Attempts to add DS records at the zone
+   apex via UPDATE will be logged but otherwise ignored. DS records
+   belong in the parent zone, not at the zone apex. [GL #1798]
+
+-  Per-type record count limits can now be specified in
+   ``update-policy`` statements, to limit the number of records of a
+   particular type that can be added to a domain name via dynamic
+   update. [GL #1657]
+
+-  ``dig`` and other tools can now print the Extended DNS Error (EDE)
+   option when it appears in a request or a response. [GL #1835]
+
+-  ``dig +qid=<num>`` allows the user to specify a particular query ID
+   for testing purposes. [GL #1851]
+
+-  A new logging category, ``rpz-passthru``, was added, which allows RPZ
    passthru actions to be logged into a separate channel. [GL #54]
 
 -  Zone timers are now exported via statistics channel. For primary
@@ -64,27 +90,43 @@ New Features
    timers also include expire and refresh times. Contributed by Paul
    Frieden, Verizon Media. [GL #1232]
 
--  ``dig`` and other tools can now print the Extended DNS Error (EDE)
-   option when it appears in a request or response. [GL #1834]
-
--  Per-type record count limits can now be specified in ``update-policy``
-   statements, to limit the number of records of a particular type
-   that can be added to a domain name via dynamic update. [GL #1657]
-
--  ``named`` and ``named-checkzone`` now reject master zones that
-   have a DS RRset at the zone apex.  Attempts to add DS records
-   at the zone apex via UPDATE will be logged but otherwise ignored.
-   DS records belong in the parent zone, not at the zone apex. [GL #1798]
-
 Feature Changes
 ~~~~~~~~~~~~~~~
 
+-  The default value of ``max-stale-ttl`` has changed from 1 week to 12
+   hours. This option controls how long ``named`` retains expired RRsets
+   in cache as a potential mitigation mechanism, should there be a
+   problem with one or more domains. Note that cache content retention
+   is independent of whether stale answers are used in response to
+   client queries (``stale-answer-enable yes|no`` and ``rndc serve-stale
+   on|off``). Serving of stale answers when the authoritative servers
+   are not responding must be explicitly enabled, whereas the retention
+   of expired cache content takes place automatically on all versions of
+   BIND 9 that have this feature available. [GL #1877]
+
+   .. warning::
+       This change may be significant for administrators who expect that
+       stale cache content will be automatically retained for up to 1
+       week. Add option ``max-stale-ttl 1w;`` to ``named.conf`` to keep
+       the previous behavior of ``named``.
+
 -  BIND 9 no longer sets receive/send buffer sizes for UDP sockets,
    relying on system defaults instead. [GL #1713]
 
 -  The default rwlock implementation has been changed back to the native
    BIND 9 rwlock implementation. [GL #1753]
 
+-  BIND 9 binaries which are neither daemons nor administrative programs
+   were moved to ``$bindir``. Only ``ddns-confgen``, ``named``,
+   ``rndc``, ``rndc-confgen``, and ``tsig-confgen`` were left in
+   ``$sbindir``. [GL #1724]
+
+-  ``listen-on-v6 { any; }`` creates a separate socket for each
+   interface. Previously, just one socket was created on systems
+   conforming to :rfc:`3493` and :rfc:`3542`. This change was introduced
+   in BIND 9.16.0, but it was accidentally omitted from documentation.
+   [GL #1782]
+
 -  The native PKCS#11 EdDSA implementation has been updated to PKCS#11
    v3.0 and thus made operational again. Contributed by Aaron Thompson.
    [GL !3326]
@@ -102,75 +144,72 @@ Feature Changes
    consistency. Log messages are emitted for streams with inconsistent
    message IDs. [GL #1674]
 
--  ``dig +qid=<num>`` allows the user to specify a particular query ID
-   for testing purposes. [GL #1851]
-
--  The default value of ``max-stale-ttl`` has changed from 1 week to 12 hours.
-   This option controls how long named retains expired RRsets in cache as a
-   potential mitigation mechanism, should there be a problem with one or more
-   domains.  Note that cache content retention is independent of whether or not
-   stale answers will be used in response to client queries
-   (``stale-answer-enable yes|no`` and ``rndc serve-stale on|off``).  Serving of
-   stale answers when the authoritative servers are not responding must be
-   explicitly enabled, whereas the retention of expired cache content takes
-   place automatically on all versions of BIND that have this feature available.
-   [GL #1877]
-
-   .. warning:
-       This change may be significant for administrators who expect that stale
-       cache content will be automatically retained for up to 1 week.  Add
-       option ``max-stale-ttl 1w;`` to named.conf to keep the previous behavior
-       of named.
-
--  BIND binaries which are neither daemons nor administrative programs
-   were moved to ``$bindir``. Only ``ddns-confgen``, ``named``,
-   ``rndc``, ``rndc-confgen``, and ``tsig-confgen`` were left in
-   ``$sbindir``. [GL #1724]
-
--  listen-on-v6 { any; } creates separate sockets for all interfaces,
-   while previously it created one socket on systems conforming to
-   :rfc:`3493` and :rfc:`3542`, this change was introduced in 9.16.0
-   but accudently ommited from documentation.
-
--  The question section is now checked when processing AXFR, IXFR
+-  The question section is now checked when processing AXFR, IXFR,
    and SOA replies while transferring a zone in. [GL #1683]
 
 Bug Fixes
 ~~~~~~~~~
 
--  A bug in dnstap initialization could prevent some dnstap data from
-   being logged, especially on recursive resolvers. [GL #1795]
+-  When fully updating the NSEC3 chain for a large zone via IXFR, a
+   temporary loss of performance could be experienced on the secondary
+   server when answering queries for nonexistent data that required
+   DNSSEC proof of non-existence (in other words, queries that required
+   the server to find and to return NSEC3 data). The unnecessary
+   processing step that was causing this delay has now been removed.
+   [GL #1834]
+
+-  ``named`` could crash with an assertion failure if the name of a
+   database node was looked up while the database was being modified.
+   [GL #1857]
 
 -  When running on a system with support for Linux capabilities,
    ``named`` drops root privileges very soon after system startup. This
-   was causing a spurious log message, *unable to set effective uid to
-   0: Operation not permitted*, which has now been silenced. [GL #1042]
+   was causing a spurious log message, ``unable to set effective uid to
+   0: Operation not permitted``, which has now been silenced. [GL #1042]
    [GL #1090]
 
+-  A possible deadlock in ``lib/isc/unix/socket.c`` was fixed.
+   [GL #1859]
+
+-  Previously, ``named`` did not destroy some mutexes and conditional
+   variables in netmgr code, which caused a memory leak on FreeBSD. This
+   has been fixed. [GL #1893]
+
+-  A data race in ``lib/dns/resolver.c:log_formerr()`` that could lead
+   to an assertion failure was fixed. [GL #1808]
+
+-  Previously, ``provide-ixfr no;`` failed to return up-to-date
+   responses when the serial number was greater than or equal to the
+   current serial number. [GL #1714]
+
+-  A bug in dnstap initialization could prevent some dnstap data from
+   being logged, especially on recursive resolvers. [GL #1795]
+
+-  A bug in dnssec-policy keymgr was fixed, where the check for the
+   existence of a given key's successor would incorrectly return
+   ``true`` if any other key in the keyring had a successor. [GL #1845]
+
+-  With dnssec-policy, when creating a successor key, the "goal" state
+   of the current active key (the predecessor) was not changed and thus
+   never removed from the zone. [GL #1846]
+
 -  When ``named-checkconf -z`` was run, it would sometimes incorrectly
    set its exit code. It reflected the status of the last view found; if
    zone-loading errors were found in earlier configured views but not in
    the last one, the exit code indicated success. Thanks to Graham
    Clinch. [GL #1807]
 
+- ``named-checkconf -p`` could include spurious text in
+  ``server-addresses`` statements due to an uninitialized DSCP value.
+  This has been fixed. [GL #1812]
+
 -  When built without LMDB support, ``named`` failed to restart after a
    zone with a double quote (") in its name was added with ``rndc
    addzone``. Thanks to Alberto Fernández. [GL #1695]
 
--  Missing mutex and conditional destruction in netmgr code leads to a
-   memory leak on BSD systems. [GL #1893]
+-  The ARM has been updated to indicate that the TSIG session key is
+   generated when named starts, regardless of whether it is needed.
+   [GL #1842]
 
--  ``named`` could crash with an assertion failure if the name of a
-   database node was looked up while the database was being modified.
-   [GL #1857]
-
--  Fix a bug in dnssec-policy keymgr where the check if a key has a
-   successor would return a false positive if any other key in the
-   keyring has a successor. [GL #1845]
-
--  With dnssec-policy, when creating a successor key, the goal state of
-   the current active key (the predecessor) was not changed and thus was
-   never is removed from the zone. [GL #1846]
-
--  Fix a data race in resolver.c:formerr() that could lead to assertion
-   failure. [GL #1808]
+.. _GitLab issue #4: https://gitlab.isc.org/isc-projects/bind9/-/issues/4
+.. _Read the Docs: https://bind9.readthedocs.io/

lib/bind9/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1700
+LIBINTERFACE = 1701
 LIBREVISION = 0
 LIBAGE = 0

lib/dns/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1701
+LIBINTERFACE = 1702
 LIBREVISION = 0
 LIBAGE = 0

lib/dns/rbtdb.c

@@ -1858,8 +1858,13 @@ delete_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
  * Caller must be holding the node lock.
  */
 static inline void
-new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
-	INSIST(!ISC_LINK_LINKED(node, deadlink));
+new_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
+	      isc_rwlocktype_t locktype) {
+	if (locktype == isc_rwlocktype_write && ISC_LINK_LINKED(node, deadlink))
+	{
+		ISC_LIST_UNLINK(rbtdb->deadnodes[node->locknum], node,
+				deadlink);
+	}
 	if (isc_refcount_increment0(&node->references) == 0) {
 		/* this is the first reference to the node */
 		isc_refcount_increment0(
@@ -1877,13 +1882,14 @@ is_leaf(dns_rbtnode_t *node) {
 }
 
 static inline void
-send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node) {
+send_to_prune_tree(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
+		   isc_rwlocktype_t locktype) {
 	isc_event_t *ev;
 	dns_db_t *db;
 
 	ev = isc_event_allocate(rbtdb->common.mctx, NULL, DNS_EVENT_RBTPRUNE,
 				prune_tree, node, sizeof(isc_event_t));
-	new_reference(rbtdb, node);
+	new_reference(rbtdb, node, locktype);
 	db = NULL;
 	attach((dns_db_t *)rbtdb, &db);
 	ev->ev_sender = db;
@@ -1919,7 +1925,7 @@ cleanup_dead_nodes(dns_rbtdb_t *rbtdb, int bucketnum) {
 		       node->data == NULL);
 
 		if (is_leaf(node) && rbtdb->task != NULL) {
-			send_to_prune_tree(rbtdb, node);
+			send_to_prune_tree(rbtdb, node, isc_rwlocktype_write);
 		} else if (node->down == NULL && node->data == NULL) {
 			/*
 			 * Not a interior node and not needing to be
@@ -1987,7 +1993,7 @@ reactivate_node(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 		}
 	}
 
-	new_reference(rbtdb, node);
+	new_reference(rbtdb, node, locktype);
 
 	NODE_UNLOCK(nodelock, locktype);
 }
@@ -2122,15 +2128,17 @@ decrement_reference(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node,
 		 * periodic walk-through).
 		 */
 		if (!pruning && is_leaf(node) && rbtdb->task != NULL) {
-			send_to_prune_tree(rbtdb, node);
+			send_to_prune_tree(rbtdb, node, isc_rwlocktype_write);
 			no_reference = false;
 		} else {
 			delete_node(rbtdb, node);
 		}
 	} else {
 		INSIST(node->data == NULL);
-		INSIST(!ISC_LINK_LINKED(node, deadlink));
-		ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node, deadlink);
+		if (!ISC_LINK_LINKED(node, deadlink)) {
+			ISC_LIST_APPEND(rbtdb->deadnodes[bucket], node,
+					deadlink);
+		}
 	}
 
 restore_locks:
@@ -2200,16 +2208,13 @@ prune_tree(isc_task_t *task, isc_event_t *event) {
 
 			/*
 			 * We need to gain a reference to the node before
-			 * decrementing it in the next iteration.  In addition,
-			 * if the node is in the dead-nodes list, extract it
-			 * from the list beforehand as we do in
-			 * reactivate_node().
+			 * decrementing it in the next iteration.
 			 */
 			if (ISC_LINK_LINKED(parent, deadlink)) {
 				ISC_LIST_UNLINK(rbtdb->deadnodes[locknum],
 						parent, deadlink);
 			}
-			new_reference(rbtdb, parent);
+			new_reference(rbtdb, parent, isc_rwlocktype_write);
 		} else {
 			parent = NULL;
 		}
@@ -2976,7 +2981,7 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 		 * We increment the reference count on node to ensure that
 		 * search->zonecut_rdataset will still be valid later.
 		 */
-		new_reference(search->rbtdb, node);
+		new_reference(search->rbtdb, node, isc_rwlocktype_read);
 		search->zonecut = node;
 		search->zonecut_rdataset = found;
 		search->need_cleanup = true;
@@ -3028,7 +3033,8 @@ zone_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 
 static inline void
 bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
-	      isc_stdtime_t now, dns_rdataset_t *rdataset) {
+	      isc_stdtime_t now, isc_rwlocktype_t locktype,
+	      dns_rdataset_t *rdataset) {
 	unsigned char *raw; /* RDATASLAB */
 
 	/*
@@ -3043,7 +3049,7 @@ bind_rdataset(dns_rbtdb_t *rbtdb, dns_rbtnode_t *node, rdatasetheader_t *header,
 		return;
 	}
 
-	new_reference(rbtdb, node);
+	new_reference(rbtdb, node, locktype);
 
 	INSIST(rdataset->methods == NULL); /* We must be disassociated. */
 
@@ -3148,12 +3154,12 @@ setup_delegation(rbtdb_search_t *search, dns_dbnode_t **nodep,
 		NODE_LOCK(&(search->rbtdb->node_locks[node->locknum].lock),
 			  isc_rwlocktype_read);
 		bind_rdataset(search->rbtdb, node, search->zonecut_rdataset,
-			      search->now, rdataset);
+			      search->now, isc_rwlocktype_read, rdataset);
 		if (sigrdataset != NULL && search->zonecut_sigrdataset != NULL)
 		{
 			bind_rdataset(search->rbtdb, node,
 				      search->zonecut_sigrdataset, search->now,
-				      sigrdataset);
+				      isc_rwlocktype_read, sigrdataset);
 		}
 		NODE_UNLOCK(&(search->rbtdb->node_locks[node->locknum].lock),
 			    isc_rwlocktype_read);
@@ -3818,18 +3824,21 @@ again:
 							      foundname, NULL);
 				if (result == ISC_R_SUCCESS) {
 					if (nodep != NULL) {
-						new_reference(search->rbtdb,
-							      node);
+						new_reference(
+							search->rbtdb, node,
+							isc_rwlocktype_read);
 						*nodep = node;
 					}
 					bind_rdataset(search->rbtdb, node,
 						      found, search->now,
+						      isc_rwlocktype_read,
 						      rdataset);
 					if (foundsig != NULL) {
-						bind_rdataset(search->rbtdb,
-							      node, foundsig,
-							      search->now,
-							      sigrdataset);
+						bind_rdataset(
+							search->rbtdb, node,
+							foundsig, search->now,
+							isc_rwlocktype_read,
+							sigrdataset);
 					}
 				}
 			} else if (found == NULL && foundsig == NULL) {
@@ -4114,7 +4123,8 @@ found:
 				 * ensure that search->zonecut_rdataset will
 				 * still be valid later.
 				 */
-				new_reference(search.rbtdb, node);
+				new_reference(search.rbtdb, node,
+					      isc_rwlocktype_read);
 				search.zonecut = node;
 				search.zonecut_rdataset = header;
 				search.zonecut_sigrdataset = NULL;
@@ -4292,7 +4302,7 @@ found:
 			goto node_exit;
 		}
 		if (nodep != NULL) {
-			new_reference(search.rbtdb, node);
+			new_reference(search.rbtdb, node, isc_rwlocktype_read);
 			*nodep = node;
 		}
 		if ((search.rbtversion->secure == dns_db_secure &&
@@ -4300,10 +4310,10 @@ found:
 		    (search.options & DNS_DBFIND_FORCENSEC) != 0)
 		{
 			bind_rdataset(search.rbtdb, node, nsecheader, 0,
-				      rdataset);
+				      isc_rwlocktype_read, rdataset);
 			if (nsecsig != NULL) {
 				bind_rdataset(search.rbtdb, node, nsecsig, 0,
-					      sigrdataset);
+					      isc_rwlocktype_read, sigrdataset);
 			}
 		}
 		if (wild) {
@@ -4376,7 +4386,7 @@ found:
 
 	if (nodep != NULL) {
 		if (!at_zonecut) {
-			new_reference(search.rbtdb, node);
+			new_reference(search.rbtdb, node, isc_rwlocktype_read);
 		} else {
 			search.need_cleanup = false;
 		}
@@ -4384,10 +4394,11 @@ found:
 	}
 
 	if (type != dns_rdatatype_any) {
-		bind_rdataset(search.rbtdb, node, found, 0, rdataset);
+		bind_rdataset(search.rbtdb, node, found, 0, isc_rwlocktype_read,
+			      rdataset);
 		if (foundsig != NULL) {
 			bind_rdataset(search.rbtdb, node, foundsig, 0,
-				      sigrdataset);
+				      isc_rwlocktype_read, sigrdataset);
 		}
 	}
 
@@ -4570,8 +4581,7 @@ cache_zonecut_callback(dns_rbtnode_t *node, dns_name_t *name, void *arg) {
 		 * We increment the reference count on node to ensure that
 		 * search->zonecut_rdataset will still be valid later.
 		 */
-		new_reference(search->rbtdb, node);
-		INSIST(!ISC_LINK_LINKED(node, deadlink));
+		new_reference(search->rbtdb, node, locktype);
 		search->zonecut = node;
 		search->zonecut_rdataset = dname_header;
 		search->zonecut_sigrdataset = sigdname_header;
@@ -4679,14 +4689,15 @@ find_deepest_zonecut(rbtdb_search_t *search, dns_rbtnode_t *node,
 			}
 			result = DNS_R_DELEGATION;
 			if (nodep != NULL) {
-				new_reference(search->rbtdb, node);
+				new_reference(search->rbtdb, node, locktype);
 				*nodep = node;
 			}
 			bind_rdataset(search->rbtdb, node, found, search->now,
-				      rdataset);
+				      locktype, rdataset);
 			if (foundsig != NULL) {
 				bind_rdataset(search->rbtdb, node, foundsig,
-					      search->now, sigrdataset);
+					      search->now, locktype,
+					      sigrdataset);
 			}
 			if (need_headerupdate(found, search->now) ||
 			    (foundsig != NULL &&
@@ -4795,13 +4806,13 @@ find_coveringnsec(rbtdb_search_t *search, dns_dbnode_t **nodep,
 			if (result != ISC_R_SUCCESS) {
 				goto unlock_node;
 			}
-			bind_rdataset(search->rbtdb, node, found, now,
+			bind_rdataset(search->rbtdb, node, found, now, locktype,
 				      rdataset);
 			if (foundsig != NULL) {
 				bind_rdataset(search->rbtdb, node, foundsig,
-					      now, sigrdataset);
+					      now, locktype, sigrdataset);
 			}
-			new_reference(search->rbtdb, node);
+			new_reference(search->rbtdb, node, locktype);
 			*nodep = node;
 			result = DNS_R_COVERINGNSEC;
 		} else if (!empty_node) {
@@ -5026,18 +5037,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
 		if ((search.options & DNS_DBFIND_COVERINGNSEC) != 0 &&
 		    nsecheader != NULL) {
 			if (nodep != NULL) {
-				new_reference(search.rbtdb, node);
-				INSIST(!ISC_LINK_LINKED(node, deadlink));
+				new_reference(search.rbtdb, node, locktype);
 				*nodep = node;
 			}
 			bind_rdataset(search.rbtdb, node, nsecheader,
-				      search.now, rdataset);
+				      search.now, locktype, rdataset);
 			if (need_headerupdate(nsecheader, search.now)) {
 				update = nsecheader;
 			}
 			if (nsecsig != NULL) {
 				bind_rdataset(search.rbtdb, node, nsecsig,
-					      search.now, sigrdataset);
+					      search.now, locktype,
+					      sigrdataset);
 				if (need_headerupdate(nsecsig, search.now)) {
 					updatesig = nsecsig;
 				}
@@ -5052,18 +5063,18 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
 		 */
 		if (nsheader != NULL) {
 			if (nodep != NULL) {
-				new_reference(search.rbtdb, node);
-				INSIST(!ISC_LINK_LINKED(node, deadlink));
+				new_reference(search.rbtdb, node, locktype);
 				*nodep = node;
 			}
 			bind_rdataset(search.rbtdb, node, nsheader, search.now,
-				      rdataset);
+				      locktype, rdataset);
 			if (need_headerupdate(nsheader, search.now)) {
 				update = nsheader;
 			}
 			if (nssig != NULL) {
 				bind_rdataset(search.rbtdb, node, nssig,
-					      search.now, sigrdataset);
+					      search.now, locktype,
+					      sigrdataset);
 				if (need_headerupdate(nssig, search.now)) {
 					updatesig = nssig;
 				}
@@ -5084,8 +5095,7 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
 	 */
 
 	if (nodep != NULL) {
-		new_reference(search.rbtdb, node);
-		INSIST(!ISC_LINK_LINKED(node, deadlink));
+		new_reference(search.rbtdb, node, locktype);
 		*nodep = node;
 	}
 
@@ -5117,13 +5127,14 @@ cache_find(dns_db_t *db, const dns_name_t *name, dns_dbversion_t *version,
 	if (type != dns_rdatatype_any || result == DNS_R_NCACHENXDOMAIN ||
 	    result == DNS_R_NCACHENXRRSET)
 	{
-		bind_rdataset(search.rbtdb, node, found, search.now, rdataset);
+		bind_rdataset(search.rbtdb, node, found, search.now, locktype,
+			      rdataset);
 		if (need_headerupdate(found, search.now)) {
 			update = found;
 		}
 		if (!NEGATIVE(found) && foundsig != NULL) {
 			bind_rdataset(search.rbtdb, node, foundsig, search.now,
-				      sigrdataset);
+				      locktype, sigrdataset);
 			if (need_headerupdate(foundsig, search.now)) {
 				updatesig = foundsig;
 			}
@@ -5282,15 +5293,15 @@ cache_findzonecut(dns_db_t *db, const dns_name_t *name, unsigned int options,
 	}
 
 	if (nodep != NULL) {
-		new_reference(search.rbtdb, node);
-		INSIST(!ISC_LINK_LINKED(node, deadlink));
+		new_reference(search.rbtdb, node, locktype);
 		*nodep = node;
 	}
 
-	bind_rdataset(search.rbtdb, node, found, search.now, rdataset);
+	bind_rdataset(search.rbtdb, node, found, search.now, locktype,
+		      rdataset);
 	if (foundsig != NULL) {
 		bind_rdataset(search.rbtdb, node, foundsig, search.now,
-			      sigrdataset);
+			      locktype, sigrdataset);
 	}
 
 	if (need_headerupdate(found, search.now) ||
@@ -5653,10 +5664,11 @@ zone_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 		}
 	}
 	if (found != NULL) {
-		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+		bind_rdataset(rbtdb, rbtnode, found, now, isc_rwlocktype_read,
+			      rdataset);
 		if (foundsig != NULL) {
 			bind_rdataset(rbtdb, rbtnode, foundsig, now,
-				      sigrdataset);
+				      isc_rwlocktype_read, sigrdataset);
 		}
 	}
 
@@ -5747,9 +5759,9 @@ cache_findrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 		}
 	}
 	if (found != NULL) {
-		bind_rdataset(rbtdb, rbtnode, found, now, rdataset);
+		bind_rdataset(rbtdb, rbtnode, found, now, locktype, rdataset);
 		if (!NEGATIVE(found) && foundsig != NULL) {
-			bind_rdataset(rbtdb, rbtnode, foundsig, now,
+			bind_rdataset(rbtdb, rbtnode, foundsig, now, locktype,
 				      sigrdataset);
 		}
 	}
@@ -5917,6 +5929,9 @@ resign_insert(dns_rbtdb_t *rbtdb, int idx, rdatasetheader_t *newheader) {
 	return (result);
 }
 
+/*
+ * node write lock must be held.
+ */
 static void
 resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
 	      rdatasetheader_t *header) {
@@ -5928,7 +5943,8 @@ resign_delete(dns_rbtdb_t *rbtdb, rbtdb_version_t *version,
 				header->heap_index);
 		header->heap_index = 0;
 		if (version != NULL) {
-			new_reference(rbtdb, header->node);
+			new_reference(rbtdb, header->node,
+				      isc_rwlocktype_write);
 			ISC_LIST_APPEND(version->resigned_list, header, link);
 		}
 	}
@@ -5959,6 +5975,9 @@ update_recordsandxfrsize(bool add, rbtdb_version_t *rbtversion,
 	RWUNLOCK(&rbtversion->rwlock, isc_rwlocktype_write);
 }
 
+/*
+ * write lock on rbtnode must be held.
+ */
 static isc_result_t
 add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
       rbtdb_version_t *rbtversion, rdatasetheader_t *newheader,
@@ -6085,9 +6104,11 @@ add32(dns_rbtdb_t *rbtdb, dns_rbtnode_t *rbtnode, const dns_name_t *nodename,
 					free_rdataset(rbtdb, rbtdb->common.mctx,
 						      newheader);
 					if (addedrdataset != NULL) {
-						bind_rdataset(rbtdb, rbtnode,
-							      topheader, now,
-							      addedrdataset);
+						bind_rdataset(
+							rbtdb, rbtnode,
+							topheader, now,
+							isc_rwlocktype_write,
+							addedrdataset);
 					}
 					return (DNS_R_UNCHANGED);
 				}
@@ -6147,6 +6168,7 @@ find_header:
 			free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
 			if (addedrdataset != NULL) {
 				bind_rdataset(rbtdb, rbtnode, header, now,
+					      isc_rwlocktype_write,
 					      addedrdataset);
 			}
 			return (DNS_R_UNCHANGED);
@@ -6258,6 +6280,7 @@ find_header:
 			free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
 			if (addedrdataset != NULL) {
 				bind_rdataset(rbtdb, rbtnode, header, now,
+					      isc_rwlocktype_write,
 					      addedrdataset);
 			}
 			return (ISC_R_SUCCESS);
@@ -6307,6 +6330,7 @@ find_header:
 			free_rdataset(rbtdb, rbtdb->common.mctx, newheader);
 			if (addedrdataset != NULL) {
 				bind_rdataset(rbtdb, rbtnode, header, now,
+					      isc_rwlocktype_write,
 					      addedrdataset);
 			}
 			return (ISC_R_SUCCESS);
@@ -6504,7 +6528,8 @@ find_header:
 	}
 
 	if (addedrdataset != NULL) {
-		bind_rdataset(rbtdb, rbtnode, newheader, now, addedrdataset);
+		bind_rdataset(rbtdb, rbtnode, newheader, now,
+			      isc_rwlocktype_write, addedrdataset);
 	}
 
 	return (ISC_R_SUCCESS);
@@ -7045,13 +7070,15 @@ subtractrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
 	}
 
 	if (result == ISC_R_SUCCESS && newrdataset != NULL) {
-		bind_rdataset(rbtdb, rbtnode, newheader, 0, newrdataset);
+		bind_rdataset(rbtdb, rbtnode, newheader, 0,
+			      isc_rwlocktype_write, newrdataset);
 	}
 
 	if (result == DNS_R_NXRRSET && newrdataset != NULL &&
 	    (options & DNS_DBSUB_WANTOLD) != 0)
 	{
-		bind_rdataset(rbtdb, rbtnode, header, 0, newrdataset);
+		bind_rdataset(rbtdb, rbtnode, header, 0, isc_rwlocktype_write,
+			      newrdataset);
 	}
 
 unlock:
@@ -7929,8 +7956,7 @@ getoriginnode(dns_db_t *db, dns_dbnode_t **nodep) {
 	/* Note that the access to origin_node doesn't require a DB lock */
 	onode = (dns_rbtnode_t *)rbtdb->origin_node;
 	if (onode != NULL) {
-		new_reference(rbtdb, onode);
-
+		new_reference(rbtdb, onode, isc_rwlocktype_none);
 		*nodep = rbtdb->origin_node;
 	} else {
 		INSIST(IS_CACHE(rbtdb));
@@ -8123,7 +8149,8 @@ getsigningtime(dns_db_t *db, dns_rdataset_t *rdataset, dns_name_t *foundname) {
 		 * Found something; pass back the answer and unlock
 		 * the bucket.
 		 */
-		bind_rdataset(rbtdb, header->node, header, 0, rdataset);
+		bind_rdataset(rbtdb, header->node, header, 0,
+			      isc_rwlocktype_read, rdataset);
 
 		if (foundname != NULL) {
 			dns_rbt_fullnamefromnode(header->node, foundname);
@@ -9130,7 +9157,7 @@ rdatasetiter_current(dns_rdatasetiter_t *iterator, dns_rdataset_t *rdataset) {
 		  isc_rwlocktype_read);
 
 	bind_rdataset(rbtdb, rbtnode, header, rbtiterator->common.now,
-		      rdataset);
+		      isc_rwlocktype_read, rdataset);
 
 	NODE_UNLOCK(&rbtdb->node_locks[rbtnode->locknum].lock,
 		    isc_rwlocktype_read);
@@ -9585,7 +9612,7 @@ dbiterator_current(dns_dbiterator_t *iterator, dns_dbnode_t **nodep,
 		result = ISC_R_SUCCESS;
 	}
 
-	new_reference(rbtdb, node);
+	new_reference(rbtdb, node, isc_rwlocktype_none);
 
 	*nodep = rbtdbiter->node;
 
@@ -10498,7 +10525,7 @@ expire_header(dns_rbtdb_t *rbtdb, rdatasetheader_t *header, bool tree_locked,
 		 * We first need to gain a new reference to the node to meet a
 		 * requirement of decrement_reference().
 		 */
-		new_reference(rbtdb, header->node);
+		new_reference(rbtdb, header->node, isc_rwlocktype_write);
 		decrement_reference(rbtdb, header->node, 0,
 				    isc_rwlocktype_write,
 				    tree_locked ? isc_rwlocktype_write

lib/irs/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1700
+LIBINTERFACE = 1701
 LIBREVISION = 0
 LIBAGE = 0

lib/isc/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1701
+LIBINTERFACE = 1702
 LIBREVISION = 0
 LIBAGE = 0

lib/isccc/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1700
-LIBREVISION = 1
+LIBINTERFACE = 1701
+LIBREVISION = 0
 LIBAGE = 0

lib/isccfg/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1700
-LIBREVISION = 1
+LIBINTERFACE = 1701
+LIBREVISION = 0
 LIBAGE = 0

lib/ns/api

@@ -11,6 +11,6 @@
 # 9.13/9.14: 1300-1499
 # 9.15/9.16: 1500-1699
 # 9.17/9.18: 1700-1899
-LIBINTERFACE = 1701
+LIBINTERFACE = 1702
 LIBREVISION = 0
 LIBAGE = 0

lib/ns/client.c

@@ -287,45 +287,20 @@ client_senddone(isc_nmhandle_t *handle, isc_result_t result, void *cbarg) {
 	isc_nmhandle_unref(handle);
 }
 
-/*%
- * We only want to fail with ISC_R_NOSPACE when called from
- * ns_client_sendraw() and not when called from ns_client_send(),
- * tcpbuffer is NULL when called from ns_client_sendraw() and
- * length != 0.  tcpbuffer != NULL when called from ns_client_send()
- * and length == 0.
- */
-
-static isc_result_t
+static void
 client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
-		    isc_buffer_t *tcpbuffer, uint32_t length,
 		    unsigned char **datap) {
 	unsigned char *data;
 	uint32_t bufsize;
-	isc_result_t result;
 
 	REQUIRE(datap != NULL);
-	REQUIRE((tcpbuffer == NULL && length != 0) ||
-		(tcpbuffer != NULL && length == 0));
 
 	if (TCP_CLIENT(client)) {
 		INSIST(client->tcpbuf == NULL);
-		if (length + 2 > NS_CLIENT_TCP_BUFFER_SIZE) {
-			result = ISC_R_NOSPACE;
-			goto done;
-		}
 		client->tcpbuf = isc_mem_get(client->mctx,
 					     NS_CLIENT_TCP_BUFFER_SIZE);
 		data = client->tcpbuf;
-		if (tcpbuffer != NULL) {
-			isc_buffer_init(tcpbuffer, data,
-					NS_CLIENT_TCP_BUFFER_SIZE);
-			isc_buffer_init(buffer, data,
-					NS_CLIENT_TCP_BUFFER_SIZE);
-		} else {
-			isc_buffer_init(buffer, data,
-					NS_CLIENT_TCP_BUFFER_SIZE);
-			INSIST(length <= 0xffff);
-		}
+		isc_buffer_init(buffer, data, NS_CLIENT_TCP_BUFFER_SIZE);
 	} else {
 		data = client->sendbuf;
 		if ((client->attributes & NS_CLIENTATTR_HAVECOOKIE) == 0) {
@@ -343,17 +318,9 @@ client_allocsendbuf(ns_client_t *client, isc_buffer_t *buffer,
 		if (bufsize > NS_CLIENT_SEND_BUFFER_SIZE) {
 			bufsize = NS_CLIENT_SEND_BUFFER_SIZE;
 		}
-		if (length > bufsize) {
-			result = ISC_R_NOSPACE;
-			goto done;
-		}
 		isc_buffer_init(buffer, data, bufsize);
 	}
 	*datap = data;
-	result = ISC_R_SUCCESS;
-
-done:
-	return (result);
 }
 
 static isc_result_t
@@ -385,8 +352,10 @@ ns_client_sendraw(ns_client_t *client, dns_message_t *message) {
 		goto done;
 	}
 
-	result = client_allocsendbuf(client, &buffer, NULL, mr->length, &data);
-	if (result != ISC_R_SUCCESS) {
+	client_allocsendbuf(client, &buffer, &data);
+
+	if (mr->length > isc_buffer_length(&buffer)) {
+		result = ISC_R_NOSPACE;
 		goto done;
 	}
 
@@ -422,7 +391,6 @@ ns_client_send(ns_client_t *client) {
 	isc_result_t result;
 	unsigned char *data;
 	isc_buffer_t buffer = { .magic = 0 };
-	isc_buffer_t tcpbuffer = { .magic = 0 };
 	isc_region_t r;
 	dns_compress_t cctx;
 	bool cleanup_cctx = false;
@@ -491,13 +459,7 @@ ns_client_send(ns_client_t *client) {
 		}
 	}
 
-	/*
-	 * XXXRTH  The following doesn't deal with TCP buffer resizing.
-	 */
-	result = client_allocsendbuf(client, &buffer, &tcpbuffer, 0, &data);
-	if (result != ISC_R_SUCCESS) {
-		goto done;
-	}
+	client_allocsendbuf(client, &buffer, &data);
 
 	result = dns_compress_init(&cctx, -1, client->mctx);
 	if (result != ISC_R_SUCCESS) {
@@ -619,7 +581,6 @@ renderend:
 		client->sendcb(&buffer);
 	} else if (TCP_CLIENT(client)) {
 		isc_buffer_usedregion(&buffer, &r);
-		isc_buffer_add(&tcpbuffer, r.length);
 #ifdef HAVE_DNSTAP
 		if (client->view != NULL) {
 			dns_dt_send(client->view, dtmsgtype, &client->peeraddr,
@@ -628,11 +589,10 @@ renderend:
 		}
 #endif /* HAVE_DNSTAP */
 
-		/* don't count the 2-octet length header */
-		respsize = isc_buffer_usedlength(&tcpbuffer) - 2;
+		respsize = isc_buffer_usedlength(&buffer);
 
 		isc_nmhandle_ref(client->handle);
-		result = client_sendpkg(client, &tcpbuffer);
+		result = client_sendpkg(client, &buffer);
 		if (result != ISC_R_SUCCESS) {
 			/* We won't get a callback to clean it up */
 			isc_nmhandle_unref(client->handle);

lib/ns/include/ns/client.h

@@ -81,7 +81,7 @@
  *** Types
  ***/
 
-#define NS_CLIENT_TCP_BUFFER_SIZE  (65535 + 2)
+#define NS_CLIENT_TCP_BUFFER_SIZE  65535
 #define NS_CLIENT_SEND_BUFFER_SIZE 4096
 
 /*!

lib/ns/xfrout.c

@@ -649,14 +649,13 @@ typedef struct {
 	dns_db_t *db;
 	dns_dbversion_t *ver;
 	isc_quota_t *quota;
-	rrstream_t *stream;    /* The XFR RR stream */
-	bool question_added;   /* QUESTION section sent? */
-	bool end_of_stream;    /* EOS has been reached */
-	isc_buffer_t buf;      /* Buffer for message owner
-				* names and rdatas */
-	isc_buffer_t txlenbuf; /* Transmit length buffer */
-	isc_buffer_t txbuf;    /* Transmit message buffer */
-	size_t cbytes;	       /* Length of current message */
+	rrstream_t *stream;  /* The XFR RR stream */
+	bool question_added; /* QUESTION section sent? */
+	bool end_of_stream;  /* EOS has been reached */
+	isc_buffer_t buf;    /* Buffer for message owner
+			      * names and rdatas */
+	isc_buffer_t txbuf;  /* Transmit message buffer */
+	size_t cbytes;	     /* Length of current message */
 	void *txmem;
 	unsigned int txmemlen;
 	dns_tsigkey_t *tsigkey; /* Key used to create TSIG */
@@ -1269,12 +1268,11 @@ xfrout_ctx_create(isc_mem_t *mctx, ns_client_t *client, unsigned int id,
 
 	/*
 	 * Allocate another temporary buffer for the compressed
-	 * response message and its TCP length prefix.
+	 * response message.
 	 */
-	len = 2 + 65535;
+	len = NS_CLIENT_TCP_BUFFER_SIZE;
 	mem = isc_mem_get(mctx, len);
-	isc_buffer_init(&xfr->txlenbuf, mem, 2);
-	isc_buffer_init(&xfr->txbuf, (char *)mem + 2, len - 2);
+	isc_buffer_init(&xfr->txbuf, (char *)mem, len);
 	xfr->txmem = mem;
 	xfr->txmemlen = len;
 
@@ -1324,7 +1322,6 @@ sendstream(xfrout_ctx_t *xfr) {
 	int n_rrs;
 
 	isc_buffer_clear(&xfr->buf);
-	isc_buffer_clear(&xfr->txlenbuf);
 	isc_buffer_clear(&xfr->txbuf);
 
 	is_tcp = ((xfr->client->attributes & NS_CLIENTATTR_TCP) != 0);

util/copyrights

@@ -1226,7 +1226,7 @@
 ./doc/misc/stub.zoneopt				X	2018,2019,2020
 ./doc/notes/notes-9.17.0.rst			RST	2020
 ./doc/notes/notes-9.17.1.rst			RST	2020
-./doc/notes/notes-current.rst			RST	2020
+./doc/notes/notes-9.17.2.rst			RST	2020
 ./docutil/HTML_COPYRIGHT			X	2001,2004,2016,2018,2019,2020
 ./docutil/MAN_COPYRIGHT				X	2001,2004,2016,2018,2019,2020
 ./docutil/patch-db2latex-duplicate-template-bug	X	2007,2018,2019,2020