2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 21:47:59 +00:00

35505 Commits

Author SHA1 Message Date
Michał Kępień
cb97395a8f Prepare release notes for BIND 9.17.22 2022-01-20 11:19:58 +01:00
Michał Kępień
cc26eb8961 Reorder release notes 2022-01-20 11:19:58 +01:00
Petr Špaček
c2ed72a324 Add release note for GL #2398 and GL #3048
Related: !5620
Fix the isc_hp initialization and memory usage

Related: !5646
Reduce freemax values for dns_message mempools
2022-01-20 11:19:58 +01:00
Petr Špaček
1acbf17cda Add release note for GL #2264
Related: !5627
Use ECDSA P-256 instead of 4096-bit RSA for 'tls ephemeral'
2022-01-20 11:19:58 +01:00
Petr Špaček
5b79ec4033 Tweak and reword release notes 2022-01-20 11:19:58 +01:00
Michał Kępień
d4f01d03d7 Remove release note for GL #3079 2022-01-20 11:19:58 +01:00
Michał Kępień
b82d315327 Merge branch '3080-rndc-catch-canceled' into 'main'
rndc: catch ISC_R_CANCELED in rndc_recvdone()

Closes #3080

See merge request isc-projects/bind9!5716
2022-01-20 08:03:18 +00:00
Evan Hunt
ce83b97099 CHANGES for [GL #3080] 2022-01-19 14:30:17 +01:00
Michał Kępień
d1d721aae1 rndc: prevent crashing after receiving a signal
If isc_app_run() gets interrupted by a signal, the global 'rndc_task'
variable may already be detached from (set to NULL) by the time the
outstanding netmgr callbacks are run.  This triggers an assertion
failure in isc_task_shutdown().  However, explicitly calling
isc_task_shutdown() from rndc code is redundant because it does not use
isc_task_onshutdown() and the task_shutdown() function gets
automatically called anyway when the task manager gets destroyed (after
isc_app_run() returns).  Remove the redundant isc_task_shutdown() calls
to prevent crashes after receiving a signal.
2022-01-19 14:30:17 +01:00
Evan Hunt
289c1d33ee rndc: sync ISC_R_CANCELED handling in callbacks
rndc_recvdone() is not treating the ISC_R_CANCELED result code as a
request to stop data processing, which may cause a crash when trying to
dereference ccmsg->buffer.  Fix by ensuring ISC_R_CANCELED results in an
early exit from rndc_recvdone().

Make sure the logic for handling ISC_R_CANCELED in rndc_recvnonce()
matches the one present in rndc_recvdone() to ensure consistent behavior
between these two sibling functions.
2022-01-19 14:30:17 +01:00
Petr Špaček
710f62bf39 Merge branch 'pspacek/doc-cleanup' into 'main'
Developer docs cleanup

See merge request isc-projects/bind9!4527
2022-01-18 16:20:55 +00:00
Petr Špaček
69d0fe9e72
Replace obsolete references to ATF with Cmocka
Fixup for MR!886.
2022-01-18 17:12:57 +01:00
Petr Špaček
631ee58010
Document new system test output format after build system rewrite
Fixup to MR !985.
2022-01-18 17:12:32 +01:00
Petr Špaček
dac41968a9
Fix command to run all unit tests in doc/dev/dev.md
Fixup for build system rewrite 978c7b2e89aa37a7ddfe2f6b6ba12ce73dd04528,
MR !985.
2022-01-18 17:12:27 +01:00
Artem Boldariev
3c5dbe5742 Merge branch 'artem-doth-test-fix-failure-after-reconfig' into 'main'
doth test: fix failure after reconfig

See merge request isc-projects/bind9!5720
2022-01-18 12:43:42 +00:00
Artem Boldariev
d3e7c0e647 doth test: fix failure after reconfig
Sometimes the serving a query or two might fail in the test due to the
listeners not being reinitialised on time. This commit makes the test
suite to wait for reconfiguration message in the log file to detect
the time when the reconfiguration request completed.
2022-01-18 14:25:43 +02:00
Michał Kępień
89260d6c86 Merge branch '3099-reimplement-the-gnutls-cli-check-in-python' into 'main'
Reimplement the gnutls-cli check in Python

Closes #3099

See merge request isc-projects/bind9!5732
2022-01-18 10:03:09 +00:00
Michał Kępień
29961bd741 Reimplement the gnutls-cli check in Python
gnutls-cli is tricky to script around as it immediately closes the
server connection when its standard input is closed.  This prevents
simple shell-based I/O redirection from being used for capturing the DNS
response sent over a TLS connection and the workarounds for this issue
employ non-standard utilities like "timeout".

Instead of resorting to clever shell hacks, reimplement the relevant
check in Python.  Exit immediately upon receiving a valid DNS response
or when gnutls-cli exits in order to decrease the test's run time.
Employ dnspython to avoid the need for storing DNS queries in binary
files and to improve test readability.  Capture more diagnostic output
to facilitate troubleshooting.  Use a pytest fixture instead of an
Autoconf macro to keep test requirements localized.
2022-01-18 11:00:46 +01:00
Ondřej Surý
17fca0ba96 Merge branch '3093-restore-setting-IPV6_V6ONLY-on-IPv6-sockets' into 'main'
Explicitly enable IPV6_V6ONLY on the netmgr sockets

Closes #3093

See merge request isc-projects/bind9!5714
2022-01-17 22:55:20 +00:00
Ondřej Surý
21c0cfd053 Add CHANGES and release notes for [GL #3093] 2022-01-17 22:16:27 +01:00
Ondřej Surý
7267c39323 Remove +mapped option from dig
The network manager doesn't have support for IPv4-mapped IPv6 addresses,
thus we are removing the +mapped option from dig command.
2022-01-17 22:16:27 +01:00
Ondřej Surý
b5e086257d Explicitly enable IPV6_V6ONLY on the netmgr sockets
Some operating systems (OpenBSD and DragonFly BSD) don't restrict the
IPv6 sockets to sending and receiving IPv6 packets only.  Explicitly
enable the IPV6_V6ONLY socket option on the IPv6 sockets to prevent
failures from using the IPv4-mapped IPv6 address.
2022-01-17 22:16:27 +01:00
Artem Boldariev
55a0d0880a Merge branch '3101-use-ext-regex-to-check-for-http2-support-in-curl' into 'main'
doth test: use extended reg. expression to check for HTTP/2 support

Closes #3101

See merge request isc-projects/bind9!5733
2022-01-17 17:14:45 +00:00
Artem Boldariev
4884ab0340 doth test: use extended reg. expression to check for HTTP/2 support
Using extended regular expressions to check for HTTP/2 support in curl
appears to be a more portable option, which also works on
e.g. OpenBSD.
2022-01-17 16:36:27 +02:00
Ondřej Surý
748b61554e Merge branch 'djt-update-cookie-secret-doc' into 'main'
Update docs to reflect changes to acceptable cookie-secret values

See merge request isc-projects/bind9!5628
2022-01-17 10:50:30 +00:00
Dan Theisen
acf1d502d6 docs: Update ARM to reflect changes to acceptable cookie-secret values 2022-01-17 11:48:25 +01:00
Ondřej Surý
b4ed35c946 Merge branch '3093-missing-libuv-code' into 'main'
add UV_ENOTSUP to isc___nm_uverr2result()

Closes #3093

See merge request isc-projects/bind9!5712
2022-01-17 10:46:35 +00:00
Evan Hunt
be0bc24c7f add UV_ENOTSUP to isc___nm_uverr2result()
This error code is now mapped to ISC_R_FAMILYNOSUPPORT.
2022-01-17 11:45:10 +01:00
Ondřej Surý
ec82226465 Merge branch 'ondrej/fix-missing-backtick-in-host.rst' into 'main'
Add missing backtick to host.rst

See merge request isc-projects/bind9!5724
2022-01-16 07:01:45 +00:00
Ondřej Surý
aaa31962d2 Add missing backtick to host.rst
The missing backtick was causing formatting problems in the host
manpage.
2022-01-16 07:56:17 +01:00
Artem Boldariev
e9942b3ba7 Merge branch 'artem-better-doh-error-logging' into 'main'
DoH: log bad HTTP/2 requests

See merge request isc-projects/bind9!5679
2022-01-14 14:23:43 +00:00
Artem Boldariev
ca9fe3559a DoH: ensure that server_send_error_response() is used properly
The server_send_error_response() function is supposed to be used only
in case of failures and never in case of legitimate requests. Ensure
that ISC_HTTP_ERROR_SUCCESS is never passed there by mistake.
2022-01-14 16:00:42 +02:00
Artem Boldariev
a38b4945c1 DoH: add bad HTTP/2 requests logging
Add some error logging when facing bad requests over HTTP/2. Log the
address and the error description.
2022-01-14 16:00:42 +02:00
Ondřej Surý
5630df8712 Merge branch '3069-increase-dig-timeout-in-resolver-test-v2' into 'main'
Increase the timeout to 15 seconds for the resolver test

Closes #3069

See merge request isc-projects/bind9!5721
2022-01-14 13:51:16 +00:00
Ondřej Surý
d3b975abb6 Increase the timeout to 15 seconds for the resolver test
1. 10 seconds is an unfortunate pick because that reintroduces the
   problem described in commit 5307bf64 (for an earlier check).

   Change the +tries=3 +timeout=10 to +tries=2 +time=15, so that we
   minimize the risk of dig missing any responses sent by the server in
   the first 15 seconds while also increasing our chances of the
   response arriving in time on machines under heavy load and allowing
   it a single retry in case things go awry.

2. The comment about TCP above was misleading: as painfully proven by
   GitLab CI, using TCP is no guarantee of receiving a response in a
   timely manner.  It may help a bit, but it is certainly not a 100%
   reliable solution.

   Change the dig invocation to just use UDP like in the two prior
   tests for consistency (and revise that comment accordingly).
2022-01-14 13:00:56 +01:00
Ondřej Surý
70596240c4 Merge branch '3069-increase-dig-timeout-in-resolver-test' into 'main'
Make resolver system test shellcheck clean

Closes #3069

See merge request isc-projects/bind9!5719
2022-01-14 11:16:11 +00:00
Ondřej Surý
29b9c8e7f5 Increase the dig timeout in resolver test to 10 seconds
The resolver system tests was exhibiting often intermitten failures,
increase the timeout from default 5 second to 10 seconds to give the dig
more leeway for providing an answer.
2022-01-14 11:13:26 +01:00
Ondřej Surý
6d9afd4cc0 Make resolver system test shellcheck clean
The resolver system test shell scripts were using legacy syntax.
Convert the script into POSIX shell syntax and make them shellcheck
clean.
2022-01-14 11:13:26 +01:00
Ondřej Surý
8d95c96b51 Merge branch '3095-detect-padding-in-struct_msghdr' into 'main'
Instead of detecting MUSL libc, detect padding in struct msghdr

Closes #3095

See merge request isc-projects/bind9!5718
2022-01-13 23:26:54 +00:00
Ondrej Sury
9da228dde6 Instead of detecting MUSL libc, detect padding in struct msghdr
The detection of MUSL libc via autoconf $host turned out to be
not reliable.

Convert the autoconf check from $host detection to actually detect
the padding used in the struct msghdr.
2022-01-13 23:06:09 +01:00
Ondřej Surý
5b7e5b1bd8 Merge branch '3095-invalid-recvmmsg-detection' into 'main'
Fix the UDP recvmmsg support

Closes #3095

See merge request isc-projects/bind9!5713
2022-01-13 18:43:00 +00:00
Ondřej Surý
8d778f758b Add CHANGES and release notes for [GL #3095] 2022-01-13 19:06:39 +01:00
Ondřej Surý
0a4e91ee47 Revert "Always enqueue isc__nm_tcp_resumeread()"
The commit itself is harmless, but at the same time it is also useless,
so we are reverting it.

This reverts commit 11c869a3d53eafa4083b404e6b6686a120919c26.
2022-01-13 19:06:39 +01:00
Ondrej Sury
287ea095f1 Disable udp recvmmsg support on systems with MUSL libc
The Linux kernel diverts from the POSIX specification for two members of
struct msghdr making them size_t sized (instead of int and socklen_t).
In glibc, the developers have decided to use that.  However, the MUSL
developers used padding for the struct and kept the members defined
according to the POSIX.

This creates a problem, because libuv doesn't use recvmmsg() library
call where the padding members are correctly zeroed and instead calls
the syscall directly, the struct msghdr is passed to the kernel with
enormous values in those two members (because of the random junk in the
padding members) and the syscall thus fail with EMSGSIZE.

Disable udp recvmmsg support on systems with MUSL libc until the libuv
starts zeroing the struct msghdr before passing it to the syscall.
2022-01-13 19:06:39 +01:00
Ondřej Surý
7370725008 Fix the UDP recvmmsg support
Previously, the netmgr/udp.c tried to detect the recvmmsg detection in
libuv with #ifdef UV_UDP_<foo> preprocessor macros.  However, because
the UV_UDP_<foo> are not preprocessor macros, but enum members, the
detection didn't work.  Because the detection didn't work, the code
didn't have access to the information when we received the final chunk
of the recvmmsg and tried to free the uvbuf every time.  Fortunately,
the isc__nm_free_uvbuf() had a kludge that detected attempt to free in
the middle of the receive buffer, so the code worked.

However, libuv 1.37.0 changed the way the recvmmsg was enabled from
implicit to explicit, and we checked for yet another enum member
presence with preprocessor macro, so in fact libuv recvmmsg support was
never enabled with libuv >= 1.37.0.

This commit changes to the preprocessor macros to autoconf checks for
declaration, so the detection now works again.  On top of that, it's now
possible to cleanup the alloc_cb and free_uvbuf functions because now,
the information whether we can or cannot free the buffer is available to
us.
2022-01-13 19:06:39 +01:00
Ondřej Surý
abe466e5b3 Merge branch '2951-dont-schedule-zone-refresh-when-shutting-down' into 'main'
Refactor zone stub, refresh and notify event callbacks

Closes #2951

See merge request isc-projects/bind9!5715
2022-01-13 17:46:08 +00:00
Ondřej Surý
abe6d4ee04 Add CHANGES note for [GL #3084] 2022-01-13 17:58:33 +01:00
Ondřej Surý
c960236adb Don't schedule next zone events when shutting down
When the named is shutting down, the zone event callbacks could
re-schedule the stub and refresh events leading to assertion failure.

Handle the ISC_R_SHUTTINGDOWN event state gracefully by bailing out.
2022-01-13 17:58:33 +01:00
Ondřej Surý
efca93942c Refactor zone stub, refresh and notify event callbacks
This commit cleanups the way how we handle the revent->result in the
stub_callback(), refresh_callback() and notify_done() zone callbacks.
2022-01-13 17:58:33 +01:00
Ondřej Surý
28c8fb839c Merge branch '3086-remove-workaround-for-server-mishandling-notify-with-soa-record-in-answer-section' into 'main'
Remove the workaround for broken handling of NOTIFY with SOA

Closes #3086

See merge request isc-projects/bind9!5704
2022-01-13 16:56:19 +00:00