2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Commit Graph

29277 Commits

Author SHA1 Message Date
Michał Kępień
3c0f8d9146 use reference counter for pipeline groups (v3)
Track pipeline groups using a shared reference counter
instead of a linked list.

(cherry picked from commit 31f392db20207a1b05d6286c3c56f76c8d69e574)
(cherry picked from commit 2211120222)
2019-04-25 16:32:05 +02:00
Witold Kręcicki
d989a8b38e tcp-clients could still be exceeded (v2)
the TCP client quota could still be ineffective under some
circumstances.  this change:

- improves quota accounting to ensure that TCP clients are
  properly limited, while still guaranteeing that at least one client
  is always available to serve TCP connections on each interface.
- uses more descriptive names and removes one (ntcptarget) that
  was no longer needed
- adds comments

(cherry picked from commit 9e74969f85329fe26df2fad390468715215e2edd)
(cherry picked from commit d7e84cee0b)
2019-04-25 16:32:05 +02:00
Witold Kręcicki
07c3365b0b fix enforcement of tcp-clients (v1)
tcp-clients settings could be exceeded in some cases by
creating more and more active TCP clients that are over
the set quota limit, which in the end could lead to a
DoS attack by e.g. exhaustion of file descriptors.

If TCP client we're closing went over the quota (so it's
not attached to a quota) mark it as mortal - so that it
will be destroyed and not set up to listen for new
connections - unless it's the last client for a specific
interface.

(cherry picked from commit eafcff07c25bdbe038ae1e4b6660602a080b9395)
(cherry picked from commit 9e7617cc84)
2019-04-25 16:32:04 +02:00
Ondřej Surý
7ef3953085 Merge branch '880-secure-asdfasdfasdf-abacadabra-crash-v9_14-master' into 'master'
Resolve "CVE-2019-6467: lib/ns/query.c:9176: INSIST(!qctx->is_zone) failed, back trace"

Closes #880

See merge request isc-projects/bind9!1868
2019-04-25 10:27:33 -04:00
Evan Hunt
38c29c1b5b CHANGES, release note
(cherry picked from commit ab5473007e91f011d003ff0ba5ab32fa0d56360c)
(cherry picked from commit 404be59527)
2019-04-25 16:02:22 +02:00
Matthijs Mekking
f3d3703fe3 Fix nxdomain-redirect assertion failure
- Always set is_zonep in query_getdb; previously it was only set if
  result was ISC_R_SUCCESS or ISC_R_NOTFOUND.
- Don't reset is_zone for redirect.
- Style cleanup.

(cherry picked from commit a85cc641d7a4c66cbde03cc4e31edc038a24df46)
(cherry picked from commit 486a201149)
2019-04-25 16:01:02 +02:00
Matthijs Mekking
2fbadaeec6 Add test for nxdomain-redirect ncachenxdomain
(cherry picked from commit 2d65626630c19bb8159a025accb18e5179da5dc3)
(cherry picked from commit 05d29443eb)
2019-04-25 16:01:02 +02:00
Mark Andrews
9b67f3d34b Merge branch '995-dlz_open_driver-fix-build-failure-without-dlfcn-h' into 'master'
Resolve "dlz_open_driver: fix build failure without dlfcn.h"

Closes #995

See merge request isc-projects/bind9!1854
2019-04-23 19:18:19 -04:00
Mark Andrews
19e4098139 add CHANGES 2019-04-24 09:07:19 +10:00
Mark Andrews
eee8084734 conditionally include <dlfcn.h> 2019-04-24 09:06:08 +10:00
Mark Andrews
ea131d2e6a Merge branch '996-wrong-key-id-is-displayed-for-rsamd5-keys' into 'master'
Resolve "Wrong key id is displayed for RSAMD5 keys."

Closes #996

See merge request isc-projects/bind9!1852
2019-04-23 18:36:57 -04:00
Mark Andrews
11cddb689f add CHANGES 2019-04-24 08:19:08 +10:00
Mark Andrews
ffaa5a07dd compute the RSAMD5 key id 2019-04-24 08:05:27 +10:00
Matthijs Mekking
e79dd268b6 Merge branch 'matthijs-fix-dnssec-test-intermittent-failure-kskonly' into 'master'
Fix dnssec test intermittent failure related to kskonly bugfix

See merge request isc-projects/bind9!1836
2019-04-23 11:11:19 -04:00
Matthijs Mekking
83473b9758 Harden grep key ID calls
Key IDs may accidentally match dig output that is not the key ID (for
example the RRSIG inception or expiration time, the query ID, ...).
Search for key ID + signer name should prevent that, as that is what
only should occur in the RRSIG record, and signer name always follows
the key ID.
2019-04-23 16:49:38 +02:00
Matthijs Mekking
67f0635f3c Remove sleeps
Remove sleep calls from test, rely on wait_for_log().  Make
wait_for_log() and dnssec_loadkeys_on() fail the test if the
appropriate log line is not found.

Slightly adjust the echo_i() lines to print only the key ID (not the
key name).
2019-04-23 16:49:38 +02:00
Witold Krecicki
671505feb8 Merge branch '992-fetchcount-increment-in-resume-qmin' into 'master'
When resuming from qname-minimization increase fetches-per-zone counters for the 'new' zone

Closes #992

See merge request isc-projects/bind9!1847
2019-04-23 10:27:12 -04:00
Witold Kręcicki
7043c6eaf5 When resuming from qname-minimization increase fetches-per-zone counters for the 'new' zone 2019-04-23 10:16:09 -04:00
Michał Kępień
774b07785c Merge branch 'michal/minor-nsupdate-system-test-tweaks' into 'master'
Minor "nsupdate" system test tweaks

See merge request isc-projects/bind9!1837
2019-04-23 09:20:06 -04:00
Michał Kępień
f8746cddbc Wait more than 1 second for NSEC3 chain changes
One second may not be enough for an NSEC3 chain change triggered by an
UPDATE message to complete.  Wait up to 10 seconds when checking whether
a given NSEC3 chain change is complete in the "nsupdate" system test.
2019-04-23 14:59:05 +02:00
Michał Kępień
1c8e5ea333 Remove redundant sleeps
In the "nsupdate" system test, do not sleep before checking results of
changes which are expected to be processed synchronously, i.e. before
nsupdate returns.
2019-04-23 14:59:05 +02:00
Mark Andrews
fd7f2c8f9d Merge branch 'cleanup-socket-references' into 'master'
use isc_refcount_decrement to decrement NEWCONNSOCK(dev)->references; use...

See merge request isc-projects/bind9!1821
2019-04-23 00:29:30 -04:00
Mark Andrews
265554f895 use isc_refcount_decrement to decrement NEWCONNSOCK(dev)->references; use isc_refcount_increment instead of isc_refcount_init in socket_create 2019-04-23 00:12:17 -04:00
Mark Andrews
3b9d451902 Merge branch 'clang-false-positive' into 'master'
add assertions to silence clang false positive

See merge request isc-projects/bind9!1808
2019-04-22 23:19:28 -04:00
Mark Andrews
bed9ad79ba add assertions to silence clang false positive 2019-04-22 23:03:46 -04:00
Mark Andrews
9482d8470b Merge branch '962-bind-just-disables-gssapi-support-if-no-gssapi-krb5-headers-found' into 'master'
Resolve "Bind just disables GSSAPI support if no GSSAPI/KRB5 headers found"

Closes #962

See merge request isc-projects/bind9!1815
2019-04-22 22:33:42 -04:00
Mark Andrews
e420078c63 make 'configure --with-gssapi=yes' fatal if support is not found 2019-04-22 22:16:59 -04:00
Evan Hunt
c9cb567f17 Merge branch '990-return-servfail' into 'master'
force SERVFAIL response in the gotanswer failure case

Closes #990

See merge request isc-projects/bind9!1838
2019-04-22 22:07:50 -04:00
Evan Hunt
4d358c9bce CHANGES 2019-04-22 18:48:19 -07:00
Evan Hunt
7402615697 force SERVFAIL response in the gotanswer failure case
- named could return FORMERR if parsing iterative responses
  ended with a result code such as DNS_R_OPTERR. instead of
  computing a response code based on the result, in this case
  we now just force the response to be SERVFAIL.
2019-04-22 18:48:19 -07:00
Mark Andrews
f3e2780dc8 Merge branch 'incorrect-use-of-bool' into 'master'
using 0 instead of false

See merge request isc-projects/bind9!1820
2019-04-22 21:25:33 -04:00
Mark Andrews
da7f683abf using 0 instead of false 2019-04-23 11:08:06 +10:00
Michał Kępień
e47754d7bf Merge branch 'michal/win32-system-test-fixes' into 'master'
Miscellaneous Windows system test fixes

See merge request isc-projects/bind9!1794
2019-04-19 05:52:14 -04:00
Michał Kępień
b6c1cdfffe Update interface lists in ifconfig scripts
Make bin/tests/system/ifconfig.bat also configure addresses ending with
9 and 10, so that the script is in sync with its Unix counterpart.

Update comments listing the interfaces created by ifconfig.{bat,sh} so
that they do not include addresses whose last octet is zero (since an
address like 10.53.1.0/24 is not a valid host address and thus the
aforementioned scripts do not even attempt configuring them).
2019-04-19 11:27:06 +02:00
Michał Kępień
e4280ed9f5 Fix the "dnssec" system test on Windows
On Windows, the bin/tests/system/dnssec/signer/example.db.signed file
contains carriage return characters at the end of each line.  Remove
them before passing the aforementioned file to the awk script extracting
key IDs so that the latter can work properly.
2019-04-19 11:21:43 +02:00
Michał Kępień
761ba4514f Do not wait for lock file cleanup on Windows
As signals are currently not handled by named on Windows, instances
terminated using signals are not able to perform a clean shutdown, which
involves e.g. removing the lock file.  Thus, waiting for a given
instance's lock file to be removed beforing assuming it is shut down
is pointless on Windows, so do not even attempt it.
2019-04-19 11:21:43 +02:00
Michał Kępień
28f5400d0d Merge branch '979-win32-remove-lock-file-upon-shutdown' into 'master'
win32: remove lock file upon shutdown

Closes #979

See merge request isc-projects/bind9!1793
2019-04-19 05:20:30 -04:00
Michał Kępień
e048436805 Add CHANGES entry
5214.	[bug]		win32: named now removes its lock file upon shutdown.
			[GL #979]
2019-04-19 10:59:41 +02:00
Michał Kępień
c506077da5 win32: remove lock file upon shutdown
Upon named shutdown, the lock file should not just be unlocked but also
removed.
2019-04-19 10:59:41 +02:00
Michał Kępień
9fceb376c6 Merge branch '978-win32-fix-service-state-reported-during-shutdown' into 'master'
win32: fix service state reported during shutdown

Closes #978

See merge request isc-projects/bind9!1792
2019-04-19 04:19:34 -04:00
Michał Kępień
e7332343ed Add CHANGES entry
5213.	[bug]		win32: Eliminated a race which allowed named.exe running
			as a service to be killed prematurely during shutdown.
			[GL #978]
2019-04-19 09:37:51 +02:00
Michał Kępień
964749dfdb win32: fix service state reported during shutdown
When a Windows service receives a request to stop, it should not set its
state to SERVICE_STOPPED until it is completely shut down as doing that
allows the operating system to kill that service prematurely, which in
the case of named may e.g. prevent the PID file and/or the lock file
from being cleaned up.

Set service state to SERVICE_STOP_PENDING when named begins its shutdown
and only report the SERVICE_STOPPED state immediately before exiting.
2019-04-19 09:37:51 +02:00
Ondřej Surý
1a9be94f83 Merge branch '989-check-for-typeof-extension' into 'master'
Use uintmax_t instead of typeof(x) in the ISC_ALIGN macro on non-GNUC systems

Closes #989

See merge request isc-projects/bind9!1826
2019-04-18 07:16:04 -04:00
Ondřej Surý
2e40cc94dc On non-GNUC systems, use uintmax_t in the ISC_ALIGN macro 2019-04-18 12:55:25 +02:00
Ondřej Surý
9d329a5e74 Merge branch 'ondrej/text-files-dont-need-copyright' into 'master'
Simple text files don't need copyright header

See merge request isc-projects/bind9!1809
2019-04-18 02:53:51 -04:00
Ondřej Surý
1877139a32 Simple text files with docs on build or design don't really need copyright on their own 2019-04-18 08:52:00 +02:00
Ondřej Surý
abce724ad9 Merge branch 'ondrej/refactor-DNS_RDATASET_FIXED-code-flow' into 'master'
Refactor the DNS_RDATASET_FIXED code to use macros instead of ifdefs

See merge request isc-projects/bind9!1811
2019-04-17 04:46:37 -04:00
Ondřej Surý
4edbb773a1 Refactor the DNS_RDATASET_FIXED code to use constants instead of ifdefs 2019-04-17 10:35:11 +02:00
Evan Hunt
87daa5471d Merge branch 'placeholder' into 'master'
placeholder

See merge request isc-projects/bind9!1813
2019-04-16 15:57:26 -04:00
Evan Hunt
591e37a7e2 placeholder 2019-04-16 12:56:59 -07:00