Since BIND 9 headers are not longer public, there's no reason to keep
the ISC_LANG_BEGINDECL and ISC_LANG_ENDDECL macros to support including
them from C++ projects.
Merge branch 'ondrej/remove-C++-header-support' into 'main'
See merge request isc-projects/bind9!9925
Since BIND 9 headers are not longer public, there's no reason to keep
the ISC_LANG_BEGINDECL and ISC_LANG_ENDDECL macros to support including
them from C++ projects.
For performance reasons, the returned GLUE records are cached on the first use. The current implementation could randomly cause a performance drop and increased memory use. This has been fixed.
Closes#5064
Merge branch '5064-rewrite-glue-cache-in-qpzone' into 'main'
See merge request isc-projects/bind9!9831
This is a second attempt to rewrite the GLUE cache to not use per
database version hash table. Instead of keeping a hash table indexed by
the node, use a directly linked list of GLUE records for each
slabheader. This was attempted before, but there was a data race caused
by the fact that the thread cleaning the GLUE records could be slower
than accessing the slab headers again and reinitializing the wait-free
stack.
The improved design builds on the previous design, but adds a new
dns_gluelist structure that has a pointer to the database version.
If a dns_gluelist belonging to a different (old) version is detected, it
is just detached from the slabheader and left for the closeversion() to
clean it up later.
coccinelle v1.1 trips over a superfluous isc_mem_get() NULL check in
tests/libtest/ns.c and reports the following failure in CI:
EXN: Failure("rule starting on line 26: already tagged token:\nC code context\nFile \"./tests/libtest/ns.c\", line 350, column 1, charpos = 7939\n around = 'if',\n whole content = \tif (qctx != NULL) {") in ./tests/libtest/ns.c
coccinelle v1.1 reports the following failure:
EXN: Failure("./lib/dns/sdlz.c: 172: try to delete an expanded token: unsigned") in ./lib/dns/sdlz.c
coccinelle v1.2 reports the following failure:
EXN: Failure("./util/models.c: 21: try to delete an expanded token: unsigned") in ./util/models.c
DLV is long gone, so we can remove design documentation around DLV, related command line options (that were already a hard failure), and some DLV related test remnants.
Merge branch 'matthijs-remove-dlv-remnants' into 'main'
See merge request isc-projects/bind9!9888
DLV is long gone, so we can remove design documentation around DLV,
related command line options (that were already a hard failure),
and some DLV related test remnants.
The top blocks 'primaries' and 'parental-agents' are no longer preferred and should be renamed to 'remote-servers'. The zone statements 'parental-agents' and 'primaries' are still used, and may refer to any 'remote-servers' top block.
Closes#4544
Merge branch '4544-primaries-block-documentation-issues' into 'main'
See merge request isc-projects/bind9!9822
The 'remote-servers' named.conf reference conflicts with the standard
term from the glossary. Rename the standard term to server-list to
make the docs build.
Add back the top blocks 'parental-agents', 'primaries', and 'masters'
to the configuration. Do not document them as so many names for the
same clause is confusing.
This has a slight negative side effect that a top block 'primaries'
can be referred to with a zone statement 'parental-agents' for example,
but that shouldn't be a big issue.
Having zone statements that are also top blocks is confusing, and if
we want to add more in the future (which I suspect will be for
generalized notifications, multi-signer), we need to duplicate a lot
of code.
Remove top blocks 'parental-agents' and 'primaries' and just have one
top block 'remote-servers' that you can refer to with zone statements.
Fix the loop terminating condition to get consistent sample sizes and increase the minimum number of samples from 20 to 40.
Closes#5091
Merge branch '5091-investigate-checking-startup-notify-rate-limit-failure' into 'main'
See merge request isc-projects/bind9!9894
The terminating conditions for the startup notify test would
occasionally get ~20 records or get +10 seconds of records due to
a bad terminating condition. Additionally 20 samples lead to test
failures. Fix the terminating condition to use the correct conditional
(-eq -> -ge) and increase the minimum number of log entries to
average over to 40.
gcovr has issues with processing files produced as part of a BIND 9
build with tracing support enabled (--enable-tracing). Depending on the
gcovr version used, these issues may result in either warnings or
failures being reported by that tool. Disable tracing support for
gcovr-enabled builds to work around these issues.
Include the recent changes such as:
- changes to running system tests
- gitlab development workflow
- changelog and release note process
Closes#5045
Merge branch '5045-update-contributing' into 'main'
See merge request isc-projects/bind9!9784
After the rndc reload command finished, we might have queried the
database zone sooner than it was reloaded because rndc reloads zones
asynchronously if no specific zone was provided. We should wait for "all
zones loaded" in the ns1 log to be sure.
Closes#5075
Merge branch '5075-database-rndc-reload-ensure-all-zones-loaded' into 'main'
See merge request isc-projects/bind9!9829
After the rndc reload command finished, we might have queried the
database zone sooner than it was reloaded because rndc reloads zones
asynchronously if no specific zone was provided. We should wait for "all
zones loaded" in the ns1 log to be sure.
The `sortlist` option, which was deprecated in BIND 9.20, has now been removed.
Closes#4665
Merge branch '4665-remove-sortlist' into 'main'
See merge request isc-projects/bind9!9839
this commit removes the deprecated "sortlist" option. the option
is now marked as ancient; it is a fatal error to use it in
named.conf.
the sortlist system test has been removed, and other tests that
referenced the option have been modified.
the enabling functions, dns_message_setsortorder() and
dns_rdataset_towiresorted(), have also been removed.
Check that zones with AAAA records are served by IPv6 servers and that zones with A records are served by IPv4 servers.
Sometimes, IPv6 services are accidentally misconfigured and zones with IPv6 (AAAA) address records are not served by DNS servers with IPv6 addresses, which means they need to use translation devices to look up those IPv6 addresses. The reverse is also sometimes true: zones with A records are not resolvable over IPv4 when they should be.
To prevent this, BIND now looks for these misconfigured zones and issues a warning if they are found.
Closes#4370
Merge branch '4370-check-that-a-zone-is-served-by-ipv6-servers-if-it-has-aaaa-records' into 'main'
See merge request isc-projects/bind9!8393
This checks that "zone has A records but is not served by IPv4
servers" and "zone has AAAA records but is not served by IPv6
servers" are emitted when they should be and not when they shouldn't
be.
named-checkzone will now, as part of the zone's integrity checks,
look to see if there are A or AAAA records being served and if so
check that the nameservers have A or AAAA records respectively.
These are a sometimes overlooked checks that, if not met, can mean
that a service that is supposed to reachable over IPv6 will not be
resolvable when the recursive resolver is IPv6 only. Similarly for
IPv4 servers when there are IPv4 only resolvers.
Some files used logmodule names that had been copied in from elsewhere; these have now been given module names of their own. Also, the RBT and RBTDB logmodules have been removed, since they are now unused.
Merge branch 'each-cleanup-logmodules' into 'main'
See merge request isc-projects/bind9!9895
- remove obsolete DNS_LOGMODULE_RBT and DNS_LOGMODULE_RBTDB
- correct the misuse of the wrong log modules in dns/rpz.c and
dns/catz.c, and add DNS_LOGMODULE_RPZ and DNS_LOGMODULE_CATZ
to support them.
These options have been deprecated in 9.19 in favor of the 'trust-anchors' option and are now being removed.
Closes#5080
Merge branch '5080-remove-trusted-and-managed-keys' into 'main'
See merge request isc-projects/bind9!9855
The style guide now mentions clang-format, doesn't parenthesize return values, and no longer calls for backward compatibility in public function names.
Merge branch 'each-style-update' into 'main'
See merge request isc-projects/bind9!9892
`shutdown_trigger_close_cb` is not called in the main loop since
queued events in the `loop->async_trigger`, including loop teardown
(shutdown_server) are processed first, before the `uv_close` callback
is executed..
In order to pass the information to the queued events, it is necessary
to set the flag earlier in the process and not wait for the `uv_close`
callback to trigger.
The December releases suffer from the ns2/managed1.conf file not being
in the mkeys extra_artifacts. This manifests only when pytest is run
with the --setup-only option, which is the case in the
cross-version-config-tests CI job. The original issue is fixed in !9815,
but the fix will be effective only when subsequent releases are out.
The #4666 issue removed the "fixed" value for the "rrset-order" option
which is still present in the December release system test and which the
current named can't handle. This will be addressed when when the January
9.21 release is published.
The #4482 issue removed the "dnssec-must-be-secure" feature.
If the RETERR define is only used once in a file, just drop the macro.
Merge branch 'matthijs-remove-single-use-define-reterr' into 'main'
See merge request isc-projects/bind9!9871
This allows easier identification of which burst is which in
named.run.
Merge branch 'marka-use-different-burst-name-for-forensics' into 'main'
See merge request isc-projects/bind9!9881
This subtest exercises static stub behaviour when server-addresses has an address. This was misidentified in the description.
Closes!9799
Merge branch 'marka-fix-stub-subtest-description' into 'main'
See merge request isc-projects/bind9!9799
