Merge tag 'v9.21.2'

doc/arm/changelog.rst

@@ -18,6 +18,7 @@ Changelog
    development. Regular users should refer to :ref:`Release Notes <relnotes>`
    for changes relevant to them.
 
+.. include:: ../changelog/changelog-9.21.2.rst
 .. include:: ../changelog/changelog-9.21.1.rst
 .. include:: ../changelog/changelog-9.21.0.rst
 .. include:: ../changelog/changelog-history.rst

doc/arm/notes.rst

@@ -39,6 +39,7 @@ https://www.isc.org/download/. There you will find additional
 information about each release, and source code.
 
 .. include:: ../notes/notes-known-issues.rst
+.. include:: ../notes/notes-9.21.2.rst
 .. include:: ../notes/notes-9.21.1.rst
 .. include:: ../notes/notes-9.21.0.rst
 

doc/changelog/changelog-9.21.2.rst

@@ -0,0 +1,300 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+BIND 9.21.2
+-----------
+
+New Features
+~~~~~~~~~~~~
+
+- Log query response status to the query log. ``a4b9625196d``
+
+  Log a query response summary using the new category `responses`.
+  Logging can be controlled by the option `responselog` and `rndc
+  responselog`. :gl:`#459` :gl:`!9449`
+
+- Added WALLET type. ``d0d4c6dae72``
+
+  Add the new record type WALLET (262).  This provides a mapping from a
+  domain name to a cryptographic currency wallet.  Multiple mappings can
+  exist if multiple records exist. :gl:`#4947` :gl:`!9521`
+
+- Support ISO timestamps with timezone information. ``e618cdddf8f``
+
+  The configuration option `print-time` can now be set to
+  `iso8601-tzinfo` in order to use the ISO 8601 timestamp with timezone
+  information when logging. This is used as a default for `named -g`.
+  :gl:`#4963` :gl:`!9563`
+
+- Add flag to named-checkconf to ignore "not configured" errors.
+  ``0d2482c62e9``
+
+  `named-checkconf` now takes "-n" to ignore "not configured" errors.
+  This allows named-checkconf to check the syntax of configurations from
+  other builds which have support for more options. :gl:`!9446`
+
+- Implement the ForwardOnlyFail statistics channel counter.
+  ``3efa17ee014``
+
+  The new ForwardOnlyFail statistics channel counter indicates the
+  number of queries failed due to bad forwarders for 'forward only'
+  zones.
+
+  Related to #1793 :gl:`!9498`
+
+Removed Features
+~~~~~~~~~~~~~~~~
+
+- Remove "port" from source address options. ``dc3578ee84c``
+
+  Remove the use of "port" when configuring query-source(-v6), transfer-
+  source(-v6), notify-source(-v6), parental-source(-v6), etc. Remove the
+  use of source ports for parental-agents.
+
+  Also remove the deprecated options use-{v4,v6}-udp-ports and
+  avoid-{v4,v6}udp-ports. :gl:`#3843` :gl:`!9469`
+
+- Remove DNSRPS implementation from the open-source version.
+  ``20024a28c01``
+
+  DNSRPS was the API for a commercial implementation of Response-Policy
+  Zones that was supposedly better.  However, it was never open-sourced
+  and has only ever been available from a single vendor.  This goes
+  against the principle that the open-source edition of BIND 9 should
+  contain only features that are generally available and universal.
+
+  This commit removes the DNSRPS implementation from BIND 9.  It may be
+  reinstated in the subscription edition if there's enough interest from
+  customers, but it would have to be rewritten as a plugin (hook)
+  instead of hard-wiring it again in so many places. :gl:`!9358`
+
+- Remove unused function dns_zonemgr_resumexfrs() ``4d759a251b9``
+
+  :gl:`!9565`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Set logging category for notify/xfer-in related messages.
+  ``796f8861735``
+
+  Some 'notify' and 'xfer-in' related log messages were logged at the
+  'general' category instead of their own category. This has been fixed.
+  :gl:`#2730` :gl:`!9451`
+
+- Restore the number of threadpool threads back to original value.
+  ``28badd8ed48``
+
+  The issue of long-running operations potentially blocking query
+  resolution has been fixed. Revert this temporary workaround and
+  restore the number of threadpool threads. :gl:`#4898` :gl:`!9530`
+
+- Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS. ``b343484ddb6``
+
+  This change allows fallback from an IXFR failure to AXFR when the
+  reason is `DNS_R_TOOMANYRECORDS`. This is because this error condition
+  could be temporary only in an intermediate version of IXFR
+  transactions and it's possible that the latest version of the zone
+  doesn't have that condition. In such a case, the secondary would never
+  be able to update the zone (even if it could) without this fallback.
+
+  This fallback behavior is particularly useful with the recently
+  introduced `max-records-per-type` and `max-types-per-name` options:
+  the primary may not have these limitations and may temporarily
+  introduce "too many" records, breaking IXFR. If the primary side
+  subsequently deletes these records, this fallback will help recover
+  the zone transfer failure automatically; without it, the secondary
+  side would first need to increase the limit, which requires more
+  operational overhead and has its own adverse effect. :gl:`#4928`
+  :gl:`!9333`
+
+- Remove statslock from dnssec-signzone. ``f466e32fdb1``
+
+  Silence Coverity CID 468757 and 468767 (DATA RACE read not locked) by
+  converting dnssec-signzone to use atomics for statistics counters
+  rather than using a lock. :gl:`#4939` :gl:`!9496`
+
+- Honour the Control Group memory contraints on Linux. ``f48b86871f4``
+
+  On Linux, the system administrator can use Control Group ``cgroup``
+  mechanism to limit the amount of available memory to the process.
+  This limit will be honoured when calculating the percentage-based
+  values. :gl:`!9556`
+
+- Use libuv functions to get memory available to BIND 9. ``aed7f552d54``
+
+  This change uses uv_get_available_memory() if available with fallback
+  to uv_get_constrained_memory() with fallback to uv_get_total_memory().
+  :gl:`!9527`
+
+- Use release memory ordering when incrementing reference counter.
+  ``b1be0145a5a``
+
+  As the relaxed memory ordering doesn't ensure any memory
+  synchronization, it is possible that the increment will succeed even
+  in the case when it should not - there is a race between
+  atomic_fetch_sub(..., acq_rel) and atomic_fetch_add(..., relaxed).
+  Only the result is consistent, but the previous value for both calls
+  could be same when both calls are executed at the same time.
+  :gl:`!9460`
+
+- Use uv_available_parallelism() if available. ``59e85a022da``
+
+  Instead of cooking up our own code for getting the number of available
+  CPUs for named to use, make use of uv_available_parallelism() from
+  libuv >= 1.44.0. :gl:`!9524`
+
+Bug Fixes
+~~~~~~~~~
+
+- Fix a statistics channel counter bug when 'forward only' zones are
+  used. ``b82957376dc``
+
+  When resolving a zone with a 'forward only' policy, and finding out
+  that all the forwarders are marked as "bad", the 'ServerQuota' counter
+  of the statistics channel was incorrectly increased. This has been
+  fixed. :gl:`#1793` :gl:`!9493`
+
+- Fix a bug in the static-stub implementation. ``3304e1dc769``
+
+  Static-stub addresses and addresses from other sources were being
+  mixed together, resulting in static-stub queries going to addresses
+  not specified in the configuration, or alternatively, static-stub
+  addresses being used instead of the correct server addresses.
+  :gl:`#4850` :gl:`!9314`
+
+- Don't allow statistics-channel if libxml2 and libjson-c are
+  unsupported. ``0d4accd07f4``
+
+  When the libxml2 and libjson-c libraries are not supported, the
+  statistics channel can't return anything useful, so it is now
+  disabled. Use of `statistics-channel` in `named.conf` is a fatal
+  error. :gl:`#4895` :gl:`!9423`
+
+- Separate DNSSEC validation from the long-running tasks.
+  ``23b2ce56e5d``
+
+  As part of the KeyTrap \[CVE-2023-50387\] mitigation, the DNSSEC CPU-
+  intensive operations were offloaded to a separate threadpool that we
+  use to run other tasks that could affect the networking latency.
+
+  If that threadpool is running some long-running tasks like RPZ,
+  catalog zone processing, or zone file operations, it would delay
+  DNSSEC validations to a point where the resolving signed DNS records
+  would fail.
+
+  Split the CPU-intensive and long-running tasks into separate
+  threadpools in a way that the long-running tasks don't block the CPU-
+  intensive operations. :gl:`#4898` :gl:`!9473`
+
+- Fix assertion failure when processing access control lists.
+  ``6bb4070685c``
+
+  The named process could terminate unexpectedly when processing ACL.
+  This has been fixed. :gl:`#4908` :gl:`!9458`
+
+- Fix bug in Offline KSK that is using ZSK with unlimited lifetime.
+  ``3e11c4a8733``
+
+  If the ZSK has unlimited lifetime, the timing metadata "Inactive" and
+  "Delete" cannot be found and is treated as an error, preventing the
+  zone to be signed. This has been fixed. :gl:`#4914` :gl:`!9447`
+
+- Fix data race in offloaded dns_message_checksig() ``3808567de1a``
+
+  When verifying a message in an offloaded thread there is a race with
+  the worker thread which writes to the same buffer. Clone the message
+  buffer before offloading. :gl:`#4929` :gl:`!9481`
+
+- Limit the outgoing UDP send queue size. ``3b26732781c``
+
+  If the operating system UDP queue gets full and the outgoing UDP
+  sending starts to be delayed, BIND 9 could exhibit memory spikes as it
+  tries to enqueue all the outgoing UDP messages.  Try a bit harder to
+  deliver the outgoing UDP messages synchronously and if that fails,
+  drop the outgoing DNS message that would get queued up and then
+  timeout on the client side. :gl:`#4930` :gl:`!9506`
+
+- Do not set SO_INCOMING_CPU. ``f93934dea76``
+
+  We currently set SO_INCOMING_CPU incorrectly, and testing by Ondrej
+  shows that fixing the issue by setting affinities is worse than
+  letting the kernel schedule threads without constraints. So we should
+  not set SO_INCOMING_CPU anymore. :gl:`#4936` :gl:`!9497`
+
+- Fix the 'rndc dumpdb' command's error reporting. ``4498c0216f1``
+
+  The 'rndc dumpdb' command wasn't reporting errors which occurred when
+  starting up the database dump process by named, like, for example, a
+  permission denied error for the 'dump-file' file. This has been fixed.
+  Note, however, that 'rndc dumpdb' performs asynchronous writes, so
+  errors can also occur during the dumping process, which will not be
+  reported back to 'rndc', but which will still be logged by named.
+  :gl:`#4944` :gl:`!9547`
+
+- Fix long-running incoming transfers. ``f0accc8f617``
+
+  Incoming transfers that took longer than 30 seconds would stop reading
+  from the TCP stream and the incoming transfer would be indefinitely
+  stuck causing BIND 9 to hang during shutdown.
+
+  This has been fixed and the `max-transfer-time-in` and `max-transfer-
+  idle-in` timeouts are now honoured. :gl:`#4949` :gl:`!9531`
+
+- Fix assertion failure when receiving DNS responses over TCP.
+  ``fe305f96c9c``
+
+  When matching the received Query ID in the TCP connection, an invalid
+  received Query ID can very rarely cause assertion failure. :gl:`#4952`
+  :gl:`!9580`
+
+- Null clausedefs for ancient options. ``474398a5a99``
+
+  This commit nulls all type fields for the clausedef lists that are
+  declared ancient, and removes the corresponding cfg_type_t and parsing
+  functions when they are found to be unused after the change.
+
+  Among others, it removes some leftovers from #1913. :gl:`#4962`
+  :gl:`!9552`
+
+- Don't ignore the local port number in dns_dispatch_add() for TCP.
+  ``41f4c620c2e``
+
+  The dns_dispatch_add() function registers the 'resp' entry in
+  'disp->mgr->qids' hash table with 'resp->port' being 0, but in
+  tcp_recv_success(), when looking up an entry in the hash table after a
+  successfully received data the port is used, so if the local port was
+  set (i.e. it was not 0) it fails to find the entry and results in an
+  unexpected error.
+
+  Set the 'resp->port' to the given local port value extracted from
+  'disp->local'. :gl:`#4969` :gl:`!9576`
+
+- Add a missing rcu_read_unlock() call on exit path. ``d7d1804f16e``
+
+  An exit path in the dns_dispatch_add() function fails to get out of
+  the RCU critical section when returning early. Add the missing
+  rcu_read_unlock() call. :gl:`!9561`
+
+- Clean up DNSRPS. ``4187ef28e2c``
+
+  Addressed several build and test errors when DNSRPS is enabled.
+  :gl:`!9374`
+
+- Don't enable REUSEADDR on outgoing UDP sockets. ``27c4d7ef6d9``
+
+  The outgoing UDP sockets enabled `SO_REUSEADDR` that allows sharing of
+  the UDP sockets, but with one big caveat - the socket that was opened
+  the last would get all traffic.  The dispatch code would ignore the
+  invalid responses in the dns_dispatch, but this could lead to
+  unexpected results. :gl:`!9569`
+
+

doc/notes/notes-9.21.2.rst

@@ -0,0 +1,181 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.21.2
+---------------------
+
+New Features
+~~~~~~~~~~~~
+
+- Log query response status to the query log.
+
+  Log a query response summary using the new ``responses`` category.
+  Logging can be controlled via the :any:`responselog` option and via
+  :option:`rndc responselog`. :gl:`#459`
+
+- Added WALLET type.
+
+  Add the new record type WALLET (262).  This provides a mapping from a
+  domain name to a cryptographic currency wallet.  Multiple mappings can
+  exist if multiple records exist. :gl:`#4947`
+
+- Support ISO timestamps with timezone information.
+
+  The configuration option :any:`print-time` can now be set to
+  ``iso8601-tzinfo``, to use the ISO 8601 timestamp with timezone
+  information when logging. This is used as a default for :option:`named
+  -g`.  :gl:`#4963`
+
+- Add flag to :iscman:`named-checkconf` to ignore "not configured"
+  errors.
+
+  :iscman:`named-checkconf` now takes the :option:`named-checkconf -n`
+  option to ignore "not configured" errors.  This allows
+  :iscman:`named-checkconf` to check the syntax of configurations from
+  other builds that have support for options not present in the
+  :iscman:`named-checkconf` build. :gl:`!9446`
+
+- Implement the ForwardOnlyFail statistics channel counter.
+
+  The new ForwardOnlyFail statistics channel counter indicates the
+  number of queries that failed due to bad forwarders for "forward only"
+  zones. Related to :gl:`#1793`.
+
+Removed Features
+~~~~~~~~~~~~~~~~
+
+- Remove ``port`` from source address options.
+
+  Remove the use of ``port`` when configuring :any:`query-source`,
+  :any:`transfer-source`, :any:`notify-source`, :any:`parental-source`,
+  etc., and their ``-v6`` counterparts. Also, remove the use of source
+  ports for :any:`parental-agents`.
+
+  Also remove the deprecated options ``use-v4-udp-ports``,
+  ``use-v6-udp-ports``, ``avoid-v4-udp-ports``, and
+  ``avoid-v6-udp-ports``. :gl:`#3843`
+
+- Remove DNSRPS implementation from the open source version of BIND 9.
+
+  DNSRPS was a reputedly improved API for a commercial implementation of
+  Response Policy Zones; however, it was never open-sourced and has only
+  ever been available from a single vendor. This goes against the
+  principle that the open source edition of BIND 9 should contain only
+  features that are generally available and universal.  :gl:`!9358`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Set logging category for ``notify``/``xfer-in``-related messages.
+
+  Some ``notify`` and ``xfer-in``-related log messages were logged at
+  the "general" category level instead of their own category. This has
+  been fixed.  :gl:`#2730`
+
+- Allow IXFR-to-AXFR fallback on ``DNS_R_TOOMANYRECORDS``.
+
+  This change allows fallback from an IXFR failure to AXFR when the
+  reason is ``DNS_R_TOOMANYRECORDS``. :gl:`#4928`
+
+- Honor the Control Group memory contraints on Linux.
+
+  On Linux, the system administrator can use the Control Group
+  (``cgroup``) mechanism to limit the amount of memory available to the
+  process.  This limit is now honored when calculating the
+  percentage-based values. :gl:`!9556`
+
+Bug Fixes
+~~~~~~~~~
+
+- Fix a statistics channel counter bug when "forward only" zones are
+  used.
+
+  When resolving a zone with a "forward only" policy, and finding out
+  that all the forwarders were marked as "bad", the "ServerQuota"
+  counter of the statistics channel was incorrectly increased. This has
+  been fixed. :gl:`#1793`
+
+- Fix a bug in the static-stub implementation.
+
+  Static-stub addresses and addresses from other sources were being
+  mixed together, resulting in static-stub queries going to addresses
+  not specified in the configuration, or alternatively, static-stub
+  addresses being used instead of the correct server addresses.
+  :gl:`#4850`
+
+- Don't allow :any:`statistics-channels` if libxml2 and libjson-c are
+  not configured.
+
+  When BIND 9 is not configured with the libxml2 and libjson-c
+  libraries, the use of the :any:`statistics-channels` option is a fatal
+  error.  :gl:`#4895`
+
+- Separate DNSSEC validation from long-running tasks.
+
+  Split CPU-intensive and long-running tasks into separate threadpools
+  in a way that the long-running tasks - like RPZ, catalog zone
+  processing, or zone file operations - don't block CPU-intensive
+  operations like DNSSEC validations. :gl:`#4898`
+
+- Fix an assertion failure when processing access control lists.
+
+  The :iscman:`named` process could terminate unexpectedly when
+  processing ACLs.  This has been fixed. :gl:`#4908`
+
+- Fix a bug in Offline KSK using a ZSK with an unlimited lifetime.
+
+  If the ZSK had an unlimited lifetime, the timing metadata ``Inactive``
+  and ``Delete`` could not be found and were treated as an error,
+  preventing the zone from being signed. This has been fixed.
+  :gl:`#4914`
+
+- Limit the outgoing UDP send queue size.
+
+  If the operating system UDP queue got full and the outgoing UDP
+  sending started to be delayed, BIND 9 could exhibit memory spikes as
+  it tried to enqueue all the outgoing UDP messages. It now tries to
+  deliver the outgoing UDP messages synchronously; if that fails, it
+  drops the outgoing DNS message that would get queued up and then
+  timeout on the client side. :gl:`#4930`
+
+- Do not set ``SO_INCOMING_CPU``.
+
+  Remove the ``SO_INCOMING_CPU`` setting as kernel scheduling performs
+  better without constraints. :gl:`#4936`
+
+- Fix the :option:`rndc dumpdb` command's error reporting.
+
+  The :option:`rndc dumpdb` command was not reporting errors that
+  occurred when :iscman:`named` started up the database dump process.
+  This has been fixed. :gl:`#4944`
+
+- Fix long-running incoming transfers.
+
+  Incoming transfers that took longer than 30 seconds would stop reading
+  from the TCP stream and the incoming transfer would be indefinitely
+  stuck, causing BIND 9 to hang during shutdown.
+
+  This has been fixed, and the :any:`max-transfer-time-in` and
+  :any:`max-transfer-idle-in` timeouts are now honored. :gl:`#4949`
+
+- Fix an assertion failure when receiving DNS responses over TCP.
+
+  When matching the received Query ID in the TCP connection, an invalid
+  Query ID could cause an assertion failure. This has been fixed.
+  :gl:`#4952`
+
+
+Known Issues
+~~~~~~~~~~~~
+
+- There are no new known issues with this release. See :ref:`above
+  <relnotes_known_issues>` for a list of all known issues affecting this
+  BIND 9 branch.