2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Commit Graph

39359 Commits

Author SHA1 Message Date
Tom Krizek
5f85f63bf1 Mark the test_named_shutdown[rndc] test as xfail
It is currently affected by #4060, making the unstable as it
occassionally fails.
2023-07-04 12:58:16 +02:00
Tom Krizek
ceed694659 Use timeout for rndc status in shutdown test
Pass 5 second timeout to the rndc status command(s) to avoid hitting the
hard 10 second timeout from subprocess.call, which would result in an
unwanted exception that would only mask the real issue: if the rndc
status times out in this test, it is likely due to the server not
stopping as it should.
2023-07-04 12:58:16 +02:00
Tom Krizek
603c58ee28 Split shutdown test into separate test cases
The shutdown test attempts to shut down the server using two different
methods - rndc and sigterm. Use pytest.mark.parametrize to run these as
separate test cases for easier identification of failures.
2023-07-04 12:58:14 +02:00
Evan Hunt
ee75ebc711 Merge branch 'each-lock-counter' into 'main'
fix a TSAN bug in "rndc fetchlimit"

See merge request isc-projects/bind9!8067
2023-06-30 06:52:18 +00:00
Evan Hunt
5ba73c785e fix a TSAN bug in "rndc fetchlimit"
fctx counters could be accessed without locking when
"rndc fetchlimit" is called; while this is probably harmless
in production, it triggered TSAN reports in system tests.
2023-06-30 06:52:01 +00:00
Evan Hunt
bbc64c14e3 Merge branch '4173-refactor-resume_qmin' into 'main'
minor refactoring of resume_qmin() for clarity

Closes #4173

See merge request isc-projects/bind9!8068
2023-06-29 17:34:20 +00:00
Evan Hunt
352d542d27 minor refactoring of resume_qmin() for clarity
make the code flow clearer by enumerating the result codes that
are treated as success conditions for an intermediate minimized
query (ISC_R_SUCCESS, DNS_R_DELEGATION, DNS_R_NXRRSET, etc), rather
than just folding them all into the 'default' branch of a switch
statement.
2023-06-29 10:14:20 -07:00
Michał Kępień
98d532abb9 Merge branch '4169-add-google-site-verification-tag-to-the-toc-page' into 'main'
Add Google Site Verification tag to the TOC page

Closes #4169

See merge request isc-projects/bind9!8076
2023-06-29 16:48:15 +00:00
Michał Kępień
13c35ab0b3 Add Google Site Verification tag to the TOC page
This should allow tracking HTTP 404 errors for Read the Docs using the
Google Search Console.
2023-06-29 18:32:50 +02:00
Michał Kępień
b22b318604 Merge branch 'michal/update-release-and-cve-checklists' into 'main'
Update release and CVE checklists

See merge request isc-projects/bind9!8074
2023-06-29 14:14:02 +00:00
Michał Kępień
d7638d52e2 Update release and CVE checklists 2023-06-29 16:08:35 +02:00
Tom Krizek
8b17b31316 Merge branch 'tkrizek-disable-delv-in-tsan' into 'main'
Disable delv tests under TSAN

See merge request isc-projects/bind9!8062
2023-06-29 10:58:44 +00:00
Tom Krizek
76d9873ef6 Check for unset variables only after conf.sh is loaded
Make the cds/setup.sh compatible with the workaround which relies on
testing the TSAN_OPTIONS variable which may not be set.
2023-06-29 10:35:47 +02:00
Tom Krizek
06056c44a7 Fix checking for executables in shell conditions in tests
Surround the variables which are checked whether they're executable in
double quotes. Without them, empty paths won't be properly interpreted
as not executable.
2023-06-29 10:35:47 +02:00
Tom Krizek
384339dbba Only use delv if available in mkeys test
Check that $DELV is an executable before using it in a test.
2023-06-29 10:35:47 +02:00
Tom Krizek
fbcf37f914 Disable delv tests under TSAN
Since delv can occasionally hang in system tests when running with TSAN
(see GL#4119), disable these tests as a workaround. Otherwise, the hung
delv process will just waste CI resources and prevent any meaningful
output from the rest of the test suite.
2023-06-29 10:35:47 +02:00
Mark Andrews
06131a8760 Merge branch '4154-restore-the-ability-to-read-old-hmac-md5-key-pair-files' into 'main'
Resolve "Restore the ability to read old HMAC-MD5 key pair files."

Closes #4154

See merge request isc-projects/bind9!8041
2023-06-29 00:20:07 +00:00
Mark Andrews
e3e20ed76e Emit deprecated warning for K* file pairs
We try reading the same file using different methods so only
emit a warning if we successfully read the file.
2023-06-29 08:28:48 +10:00
Mark Andrews
91cb94dcbb Add release note entry for [GL #4154] 2023-06-29 08:28:48 +10:00
Mark Andrews
c91a208ef5 Test legacy HMAC key files with dig
tsig-keygen is now used to generate key files for TSIG.  These have
a different format to those that were generated by dnssec-keygen.
Test that dig can still read these files.
2023-06-29 08:28:48 +10:00
Mark Andrews
e1fb17e72c Test support with legacy HMAC K files with nsupdate
tsig-keygen generates key files that are different to those that
where generated by dnssec-keygen.  Check that nsupdate can still
read those old format files.
2023-06-29 08:28:48 +10:00
Mark Andrews
3f93d3f757 Restore the ability to read legacy K*+157+* files
The ability to read legacy HMAC-MD5 K* keyfile pairs using algorithm
number 157 was accidentally lost when the algorithm numbers were
consolidated into a single block, in commit
09f7e0607a.

The assumption was that these algorithm numbers were only known
internally, but they were also used in key files. But since HMAC-MD5
got renumbered from 157 to 160, legacy HMAC-MD5 key files no longer
work.

Move HMAC-MD5 back to 157 and GSSAPI back to 160.  Add exception for
GSSAPI to list_hmac_algorithms.
2023-06-29 08:28:44 +10:00
Ondřej Surý
4320c1f345 Merge branch '3325-strict-qname-minimisation-should-check-for-cached-nodata-for-ns-name' into 'main'
Refactor QNAME minimization to use NS records and check for cached NODATA

Closes #3325, #3326, and #3331

See merge request isc-projects/bind9!6267
2023-06-28 10:29:57 +00:00
Mark Andrews
2a71ed47a7 Add release note for [GL #3325] 2023-06-28 18:07:03 +10:00
Mark Andrews
f378e02423 Add CHANGES note for [GL #3325] 2023-06-28 18:07:03 +10:00
Mark Andrews
ea11650376 In rctx_answer return DNS_R_DELEGATION on NOFOLLOW
When DNS_FETCHOPT_NOFOLLOW is set DNS_R_DELEGATION needs to be
returned to restart the resolution process rather than converting
it to ISC_R_SUCCESS.
2023-06-28 11:48:32 +10:00
Mark Andrews
80bc0ee075 Skip some QNAME mininisation queries if possible
If we know that the NS RRset for an intermediate label doesn't exist
on cache contents don't query using that name when looking for a
referral.
2023-06-28 11:47:56 +10:00
Mark Andrews
dd00b3c50b Use NS rather than A records for qname-minimization relaxed
Remove all references to DNS_FETCHOPT_QMIN_USE_A and adjust
the expected tests results in the qmin system test.
2023-06-28 11:45:59 +10:00
Ondřej Surý
f6b281f7dd Merge branch 'fanf-overflow-checks' into 'main'
Prevent integer overflow when allocating arrays

Closes #4120, #4121, and #4122

See merge request isc-projects/bind9!8007
2023-06-27 13:13:14 +00:00
Tony Finch
a8dbf61bb1 CHANGES entry
[cleanup]	Ensure that the size calculation does not overflow
		when allocating memory for an array.
		[GL #4120] [GL #4121] [GL #4122]
2023-06-27 12:38:09 +02:00
Tony Finch
e2eaefbf7a Check for overflow when resizing a heap
Ensure that the heap size calculations produce the correct answers,
and use `isc_mem_reget()` instead of calling `get` and `put`.

Closes #4122
2023-06-27 12:38:09 +02:00
Tony Finch
14f5b79c74 Check for overflow in jemalloc_shim
When compiled using a malloc that lacks an equivalent to sallocx(),
the jemalloc_shim adds a size prefix to each allocation. We must check
that this does not overflow.

Closes #4121
2023-06-27 12:38:09 +02:00
Tony Finch
92fcb7457c Use isc_mem_callocate() in http_calloc()
Closes #4120
2023-06-27 12:38:09 +02:00
Tony Finch
81d73600c1 Add isc_mem_callocate() for safer array allocation
As well as clearing the fresh memory, `calloc()`-like functions must
ensure that the count and size do not overflow when multiplied.

Use `isc_mem_callocate()` in `isc__uv_calloc()`.
2023-06-27 12:38:09 +02:00
Tony Finch
7474cad4ad Add <isc/overflow.h> for checked mul, add, and sub
The `ISC_OVERFLOW_XXX()` macros are usually wrappers around
`__builtin_xxx_overflow()`, with alternative implementations
for compilers that lack the builtins.

Replace the overflow checks in `isc/time.c` with the new macros.
2023-06-27 12:38:09 +02:00
Ondřej Surý
bf6f8abb2a Merge branch 'ondrej-use-loop-mctx-in-dns_resolver' into 'main'
Use per-loop memory contexts for dns_resolver child objects

See merge request isc-projects/bind9!8015
2023-06-27 09:31:00 +00:00
Ondřej Surý
5e7b75c504 Add CHANGES note for [GL !8015] 2023-06-27 10:53:02 +02:00
Ondřej Surý
519481dcdb Use per-loop memory contexts for dns_resolver child objects
The dns_resolver creates a lot of smaller objects (fetch context, fetch
counter, query, response, ...) and those are all loop-bound.
Previously, those objects were allocated from the a single resolver
context, which in turn increases contention between threads - remember
"dead by thousand atomic paper cuts".  Instead of using a single memory
context, use the per-loop memory contexts that are bound to a specific
loop and thus there's no contention between them when doing the memory
accounting.
2023-06-27 10:51:54 +02:00
Ondřej Surý
6d309eed05 Merge branch '4163-dont-create-and-destroy-call_rcu-threads-by-hand' into 'main'
Remove the explicit call_rcu thread creating and destruction

Closes #4163

See merge request isc-projects/bind9!8060
2023-06-27 06:00:32 +00:00
Ondřej Surý
90d4ba2a11 Add CHANGES note for [GL #4163] 2023-06-27 07:59:00 +02:00
Ondřej Surý
5bd9343c4e Remove the explicit call_rcu thread creating and destruction
The free_all_cpu_call_rcu_data() call can consume hundreds of
milliseconds on shutdown.  Don't try to be smart and let the RCU library
handle this internally.
2023-06-27 07:59:00 +02:00
Evan Hunt
bcda40db48 Merge branch '950-test-validation' into 'main'
explicitly set dnssec-validation in system tests

Closes #950

See merge request isc-projects/bind9!7999
2023-06-26 21:59:06 +00:00
Evan Hunt
0b09ee8cdc explicitly set dnssec-validation in system tests
the default value of dnssec-validation is 'auto', which causes
a server to send a key refresh query to the root zone when starting
up. this is undesirable behavior in system tests, so this commit
sets dnssec-validation to either 'yes' or 'no' in all tests where
it had not previously been set.

this change had the mostly-harmless side effect of changing the cached
trust level of unvalidated answer data from 'answer' to 'authanswer',
which caused a few test cases in which dumped cache data was examined in
the serve-stale system test to fail. those test cases have now been
updated to expect 'authanswer'.
2023-06-26 13:41:56 -07:00
Tom Krizek
73b09653d4 Merge branch 'tkrizek-system-test-fixes' into 'main'
Fix a couple of oversights in system tests

See merge request isc-projects/bind9!8051
2023-06-26 11:06:36 +00:00
Tom Krizek
5f809e50b6 Check for proper file size output in dnstap test
Previously, the first check silently failed, as 454 is apparently (in my
local setup) the minimum output size for the dnstap output, rather than
470 which the test was expecting. Effectively, the check served as a 5
second sleep rather than waiting for the proper file size.

Additionally, check the expected file sizes and fail if expectations
aren't met.
2023-06-22 19:19:08 +02:00
Tom Krizek
1dd4c2b9e2 Check for proper log message in kasp test
The log message is supposed to contain the zone name which was
erroneously omitted, but didn't pop up during tests, since return code
was silently ignored.

Now it actually waits for the proper log message rather than being an
equivalent of 3 second sleep (which was also sufficient to make the test
pass, thus we detected no failure).
2023-06-22 19:19:05 +02:00
Tom Krizek
d437b7043a Merge branch 'tkrizek-forward-test-echo-i' into 'main'
Fix echo_i typo in forward test

See merge request isc-projects/bind9!8050
2023-06-22 17:15:50 +00:00
Tom Krizek
946d3131fa Fix echo_i typo in forward test 2023-06-22 19:12:46 +02:00
Michal Nowak
71439d0c3a Merge tag 'v9.19.14'
BIND 9.19.14
2023-06-21 19:31:57 +02:00
Arаm Sаrgsyаn
1bdec05d69 Merge branch '4044-placeholder' into 'main'
Add a CHANGES placeholder for [GL #4044]

See merge request isc-projects/bind9!8046
2023-06-20 10:20:43 +00:00