2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Commit Graph

38334 Commits

Author SHA1 Message Date
Ondřej Surý
3d4e41d076 Remove the total memory counter
The total memory counter had again little or no meaning when we removed
the internal memory allocator.  It was just a monotonic counter that
would count add the allocation sizes but never subtracted anything, so
it would be just a "big number".
2023-01-24 17:57:16 +00:00
Ondřej Surý
91e349433f Remove maxinuse memory counter
The maxinuse memory counter indicated the highest amount of
memory allocated in the past. Checking and updating this high-
water mark value every time memory was allocated had an impact
on server performance, so it has been removed. Memory size can
be monitored more efficiently via an external tool logging RSS.
2023-01-24 17:57:16 +00:00
Ondřej Surý
971df0b4ed Remove malloced and maxmalloced memory counter
The malloced and maxmalloced memory counters were mostly useless since
we removed the internal allocator blocks - it would only differ from
inuse by the memory context size itself.
2023-01-24 17:57:16 +00:00
Ondřej Surý
7d8aa63026 Make {increment,decrement}_malloced() return void
The return value was only used in a single place and only for
decrement_malloced() and we can easily replace that with atomic_load().
2023-01-24 17:57:16 +00:00
Artem Boldariev
3634c4285a Merge branch 'artem-cookie-use-reuseport-socket-option-in-python-mock-server' into 'main'
Use SO_REUSEADDR for "ans9" mock server in "cookie" test

See merge request isc-projects/bind9!7418
2023-01-24 14:07:03 +00:00
Artem Boldariev
8fdf7bad76 Use SO_REUSEADDR for "ans9" mock server in "cookie" system test
This commit ensures that it is possible to run the 'cookie' test
multiple times in a row.
2023-01-24 14:39:49 +02:00
Evan Hunt
fa6801cc03 Merge branch '3797-part1-zone-task-refactoring' into 'main'
refactor zone.c to use loop callbacks

See merge request isc-projects/bind9!7365
2023-01-23 21:06:49 +00:00
Ondřej Surý
7a692cb136 Enforce receive_secure_serial() and setnsec3param() serialization
Both receive_secure_serial() and setnsec3param() run on the same zone
loop, therefore they are serialized.  Remove the mechanism to enqueue
the nsec3param and secure serial updates in case one of them is
running (as they can not) and replace it with sanity check.
2023-01-23 12:36:12 -08:00
Ondřej Surý
838850612f Replace the dns_io_t mechanism with offloaded threads
Previously, the zone loading and dumping was effectively serialized by
the dns_io_t mechanism.  In theory, more IO operations could be run in
parallel, but the zone manager .iolimit was set to 1 and never increased
as dns_zonemgr_setiolimit() was never ever called.

As the dns_master asynchronous load and dump was already offloaded to
non-worker threads with isc_work mechanism, drop the whole dns_io_t
and just rely on the isc_work to do the load and dump scheduling.
2023-01-23 12:36:07 -08:00
Evan Hunt
59f670bba9 refactor inline signing processing to use loop callbacks
receive_secure_serial() and receive_secure_db() now use
loop callbacks instead of task events.
2023-01-22 17:55:02 -08:00
Evan Hunt
ef0b126b9b refactor setnsec3param() to use loop callbacks
dynamic nsec3param update processing now uses loop callbacks
instead of task events.
2023-01-22 17:55:02 -08:00
Evan Hunt
539dc2a116 refactor asynchronous zone functions to use loop callbacks
Use loopmgr callbacks for:
- dns_zone_keydone() (also added missing documentation)
- dns_zone_setserial()
- zmgr_start_xfrin_ifquota()
2023-01-22 17:55:02 -08:00
Evan Hunt
599bdb1369 refactor dns_io to use loop callbacks
The zonemgr_getio() system now uses loopmgr callbacks instead of
task events. As zone->loadtasks is now no longer used, it has been
removed.
2023-01-22 17:55:02 -08:00
Ondřej Surý
faaf3f98d8 Merge branch '3793-fix-serialized-signing-in-dnssec-signzone' into 'main'
Refactor dnssec-signzone to use loop callbacks

Closes #3793

See merge request isc-projects/bind9!7359
2023-01-22 20:52:10 +00:00
Ondřej Surý
53e835130e Allow interrupting dnssec-signzone during signing
The signal handler in the isc_loop would wait for all the work to finish
before interrupting the signing.  Add teardown handlers via
isc_loopmgr_teardown() to signal the assignwork() it should stop signing
and bail-out early.

NOTE: The dnssec-signzone binary still can't be interrupted during zone
loading, zone cleaning, nsec(3) chain generation or zone writing.  This
might get addressed in the future if it becomes a problem.
2023-01-22 20:44:18 +01:00
Ondřej Surý
f5095e6c34 Dump the signed zone in the text format at the end of dnssec-signzone
Instead of dumping the signed zone contents node by node during the
signing, dump the entire zone at the end.  This was already done for the
raw zone format, but it shows that the IO is better utilized when the
zone dump is done in one single write rather than in small chunks.

A side effect of dumping node by node was that all names were printed
relative to the zone origin rather than being grouped under different
$ORIGINs as would normally be the case when dumping a zone. Also, state
was not maintained from one node to the next regarding whether the CLASS
has already been printed, so it was always included with the first
record of each node.

Since dnssec-signzone uses the dns_master_style_explicittl text format
style, and is the only application that does so, we can revise that
style and add a new DNS_STYLEFLAG_CLASS_PERNAME flag to get the output
back to what it was before this change.
2023-01-22 20:44:07 +01:00
Evan Hunt
a2d773fb98 Refactor dnssec-signzone to use loop callbacks
Use isc_job_run() instead of isc_task_send() for dnssec-signzone
worker threads.

Also fix the issue where the additional assignwork() would be run only
from the main thread effectively serializing all the signing.
2023-01-21 23:39:09 -08:00
Evan Hunt
630724684a Merge branch 'each-cleanup-netmgr-trace' into 'main'
complete change of NETMGR_TRACE to ISC_NETMGR_TRACE

See merge request isc-projects/bind9!7390
2023-01-20 21:12:49 +00:00
Evan Hunt
301f8b23e1 complete change of NETMGR_TRACE to ISC_NETMGR_TRACE
some references to the old ifdef were still in place.
2023-01-20 12:46:34 -08:00
Arаm Sаrgsyаn
46c0b349ed Merge branch '3726-query-forward-dot' into 'main'
Resolve "Forward queries via DoT"

Closes #3726

See merge request isc-projects/bind9!7199
2023-01-20 15:24:40 +00:00
Aram Sargsyan
73e9390715 Add CHANGES and release notes for [GL #3726] 2023-01-20 14:45:30 +00:00
Aram Sargsyan
d02be5e693 Fix nsupdate system test CA certificate signing validity days
The validity default days value of 1 was used for debugging and
left as such accidentally.

Use 10950 days, as used elsewhere (for example, in doth test CA).

This does not affect anything, the value will be effective when
generating new test certificates in the future.
2023-01-20 14:45:30 +00:00
Aram Sargsyan
154cdbd861 Test query forwarding to DoT-enabled upstream servers
Change the 'forward' system test to enable DoT on ns2 server,
and test that forwarding from ns4 to the DoT-enabled ns2 works.

In order to test different scenarios, create a test CA (based on
similar CAs for 'doth' and 'nsupdate' system tests), and test
both insecure (no certificate validation) and secure (also with
mutual TLS) TLS configurations, as well as a configuration with an
expired certificate.
2023-01-20 14:45:30 +00:00
Aram Sargsyan
6ea05ac3fe Resolver query forwarding to DoT-enabled upstream servers
Implement TLS transport usage in the resolver.

Use the configured TLS transport for the forwarders in the resolver.
2023-01-20 14:45:30 +00:00
Aram Sargsyan
3aa2d84880 Load and validate the configured TLS transport for forwarders
Add support for loading and validating the 'tls' parameter from
the forwarders' configuration.

This prepares ground for adding support to forward queries to
DoT-enabled upstream servers.
2023-01-20 14:45:30 +00:00
Aram Sargsyan
e1dd86aa07 Add 'tls' configuration support for the 'forwarders' option
A 'tls' statement can be specified both for individual addresses
and for the whole list (as a default value when an individual
address doesn't have its own 'tls' set), just as it was done
before for the 'port' value.

Create a new function 'print_rawqstring()' to print a string residing
in a 'isc_textregion_t' type parameter.

Create a new function 'copy_string()' to copy a string from a
'cfg_obj_t' object into a 'isc_textregion_t'.
2023-01-20 14:45:30 +00:00
Mark Andrews
0c14e59215 Merge branch 'marka-mock-openbsd' into 'main'
Enable mock tests for OpenBSD

See merge request isc-projects/bind9!7309
2023-01-20 13:53:16 +00:00
Mark Andrews
5c06c67001 Remove conditional around mock tests for OpenBSD
We now use multiple barriers.
2023-01-20 13:32:25 +00:00
Mark Andrews
1873ad4a06 Merge branch '3800-macos-address-in-use-not-handled-gracefully' into 'main'
Resolve "MacOS address in use not handled gracefully"

Closes #3800

See merge request isc-projects/bind9!7381
2023-01-20 13:29:19 +00:00
Mark Andrews
e706fb81ca Add CHANGES note for [GL #3800] 2023-01-20 11:06:08 +11:00
Mark Andrews
b74dd2e8c2 Use INSIST rather then REQUIRE to meet DBC usage rules 2023-01-20 11:05:24 +11:00
Mark Andrews
08c39736a9 isc_nm_listentcp: treat socket failures gracefully
The old code didn't handle race conditions and errors on systems
with non load balancing sockets gracefully.  Look for an error on
any child socket and if found close all the child sockets and return
an error.
2023-01-20 11:05:24 +11:00
Mark Andrews
624f5a0dae isc_nm_listenudp: treat socket failures gracefully
The old code didn't handle race conditions and errors on systems
with non load balancing sockets gracefully.  Look for an error on
any child socket and if found close all the child sockets and return
an error.
2023-01-20 11:05:24 +11:00
Artem Boldariev
fa7fd32a00 Merge branch 'artem-fix-building-on-dragonflybsd' into 'main'
Fix building BIND on DragonFly BSD

Closes #3796

See merge request isc-projects/bind9!7379
2023-01-19 22:55:45 +00:00
Artem Boldariev
942569a1bb Fix building BIND on DragonFly BSD (on both older an newer versions)
This commit ensures that BIND and supplementary tools still can be
built on newer versions of DragonFly BSD. It used to be the case, but
somewhere between versions 6.2 and 6.4 the OS developers rearranged
headers and moved some function definitions around.

Before that the fact that it worked was more like a coincidence, this
time we, at least, looked at the related man pages included with the
OS.

No in depth testing has been done on this OS as we do not really
support this platform - so it is more like a goodwill act. We can,
however, use this platform for testing purposes, too. Also, we know
that the OS users do use BIND, as it is included in its ports
directory.

Building with './configure' and './configure --without-jemalloc' have
been fixed and are known to work at the time the commit is made.
2023-01-20 00:19:12 +02:00
Mark Andrews
65e3527e66 Merge branch '3799-tsan-race-between-dns_rbtnode_t-bitfields' into 'main'
Add missing lock when setting node->wild

Closes #3799

See merge request isc-projects/bind9!7392
2023-01-19 13:24:32 +00:00
Mark Andrews
5c471c5d2c Add CHANGES for [GL #3799] 2023-01-19 23:52:37 +11:00
Mark Andrews
81c24b8da2 Add missing node lock when setting node->wild in rbtdb.c
The write node lock needs to be held when setting node->wild in
add_wildcard_magic except when being called from loading_addrdataset
which is used to load the zone without locking during its initial
load.
2023-01-19 23:52:08 +11:00
Arаm Sаrgsyаn
1a0b36d8a2 Merge branch '3808-refactor-isc_nm_xfr_allowed' into 'main'
Refactor isc_nm_xfr_allowed()

Closes #3808

See merge request isc-projects/bind9!7395
2023-01-19 11:21:19 +00:00
Aram Sargsyan
5a1707aa8d Add a CHANGES note for [GL #3808] 2023-01-19 10:24:36 +00:00
Aram Sargsyan
41dc48bfd7 Refactor isc_nm_xfr_allowed()
Return 'isc_result_t' type value instead of 'bool' to indicate
the actual failure. Rename the function to something not suggesting
a boolean type result. Make changes in the places where the API
function is being used to check for the result code instead of
a boolean value.
2023-01-19 10:24:08 +00:00
Matthijs Mekking
b0b6b47696 Merge branch '3783-parental-ds-requests-need-rd-bit-set' into 'main'
Set RD=1 on DS requests to parental-agents

Closes #3783

See merge request isc-projects/bind9!7361
2023-01-19 10:20:35 +00:00
Matthijs Mekking
dbbacd910f Add CHANGES and release note for GL #3783
News worthy.
2023-01-19 10:19:43 +00:00
Matthijs Mekking
e34722ed43 Set RD bit on checkds requests
It is allowed to point parental-agents to a resolver. Therefore, the
RD bit should be set on requests.

Upon receiving a DS response, ensure that the message has either the
AA or the RA bit set.
2023-01-19 10:19:43 +00:00
Matthijs Mekking
0b9a9f9955 Add checkds test case with resolver parental-agent
Add a test case for a server that uses a resolver as an parental-agent.

We need two root servers, ns1 and ns10, one that delegates to the
'checkds' tld with the DS published (ns2), and one that delegates to
the 'checkds' tld with the DS removed (ns5). Both root zones are
being setup in the 'ns1/setup.sh' script.

We also need two resolvers, ns3 and ns8, that use different root hints
(one uses ns1 address as a hint, the other uses ns10).

Then add the checks to test_checkds.py is similar to the existing tests.

Update 'types' because for zones that have the DS withdrawn (or to be
withdrawn), the CDS and CDNSKEY records should not be published and
thus should not be in the NSEC bitmap.
2023-01-19 10:19:43 +00:00
Ondřej Surý
e54215e048 Merge branch '3801-reduce-memory-bloat-caused-by-delayed-view-detach-lock-order-inversion' into 'main'
Detach the zone views outside of the zone lock

Closes #3801

See merge request isc-projects/bind9!7402
2023-01-19 09:21:18 +00:00
Ondřej Surý
978a0ef84c Detach the zone views outside of the zone lock
Detaching the views in the zone_shutdown() could lead to
lock-order-inversion between adb->namelocks[bucket], adb->lock,
view->lock and zone->lock.  Detach the views outside of the section that
zone-locked.
2023-01-19 09:21:10 +00:00
Ondřej Surý
5c7c1182c0 Merge branch 'ondrej/replace-lgtm-with-codeql-add-python-ply' into 'main'
Add python3-ply for ./configure to succeed on BIND 9.16 branch

See merge request isc-projects/bind9!7405
2023-01-19 09:11:56 +00:00
Ondřej Surý
0622d11366 Add python3-ply to GitHub CodeQL configuration
BIND 9.16 needs Python and PLY packages for configure to succeed.
Unless we want to tweak the build script to exclude python, we need to
add python3-ply package to the CodeQL configuration.
2023-01-19 10:03:37 +01:00
Ondřej Surý
d8f98cec48 Merge branch 'ondrej/replace-lgtm-with-codeql' into 'main'
Add CodeQL GitHub Action

See merge request isc-projects/bind9!7393
2023-01-19 08:45:07 +00:00