In response to client queries, AsyncDnsServer users can currently only
make the server either send a reply or silently ignore the query. In
the case of TCP queries, neither of these actions causes the client's
connection to be closed - the onus of doing that is on the client.
However, in some cases the server may be required to close the
connection on its own, so AsyncDnsServer users need to have some way of
requesting such an action.
Add a new ResponseAction subclass, ResponseDropAndCloseConnection, which
enables AsyncDnsServer users to conveniently request TCP connections to
be closed. Instead of returning the response to send,
ResponseDropAndCloseConnection raises a custom exception that
AsyncDnsServer._handle_tcp() handles accordingly.
(cherry picked from commit 06b0800df88d3575efff64f30104db3a053fb02c)
With serve-stale enabled, a CNAME chain that contains a stale RRset, the refresh query doesn't always properly refresh the stale RRsets. This has been fixed.
Closes#5243
Backport of MR !10720
Merge branch 'backport-5243-stale-refresh-as-prefetch-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10767
When refreshing stale ncache data, the qctx->rdataset is NULL and
requires special processing.
(cherry picked from commit 7774f16ed5b1675d3bafc479c59ff7fbf1491084)
A serve-stale refresh is similar to a prefetch, the only difference
is when it triggers. Where a prefetch is done when an RRset is about
to expire, a serve-stale refresh is done when the RRset is already
stale.
This means that the check for the stale-refresh window needs to
move into query_stale_refresh(). We need to clear the
DNS_DBFIND_STALEENABLED option at the same places as where we clear
DNS_DBFIND_STALETIMEOUT.
Now that serve-stale refresh acts the same as prefetch, there is no
worry that the same rdataset is added to the message twice. This makes
some code obsolete, specifically where we need to clear rdatasets from
the message.
(cherry picked from commit a66b04c8d46505fc3a9918dd8b7f589ef6b89ff3)
The original `ans.pl` server was a copy of the one in `fetchlimit`, so
there are some changes:
- The server now only responds with A replies (which is the only thing
needed).
- The incrementing of the IP address goes beyond the least significant
octet (so, after 192.0.2.255 it will yield 192.0.3.0).
Backport of MR !10597
Merge branch 'backport-stepan/zero-asyncserver-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10768
The original `ans.pl` server was based on a copy of the one in
`fetchlimit`, so there are some changes:
- The server now only responds with A replies (which is the only thing
needed).
- The incrementing of the IP address goes beyond the least significant
octet (so, after 192.0.2.255 it will yield 192.0.3.0).
(cherry picked from commit ec5729bee3d1aca84ed6136ffdf3d842feeee6c1)
The LSP server (using clangd) was always complaining about:
Suspicious string literal, probably missing a comma
for the two Local IPv6 Unicast Addresses strings that spanned
across multiple lines. Disable clang-format for these two lines.
Backport of MR !10764
Merge branch 'backport-ondrej/fix-suspicious-string-literal-probably-missing-comma-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10765
The LSP server (using clangd) was always complaining about:
Suspicious string literal, probably missing a comma
for the two Local IPv6 Unicast Addresses strings that spanned
across multiple lines. Disable clang-format for these two lines.
(cherry picked from commit 6b7c99027d0253ac7e4b7ec83aa96dbcc70fb3ba)
The beauty and horrors of the C - the compiler properly detects variable
shadowing, but you can freely shadow a standard function 'free()' with
variable called 'free'. And if you reference 'free()' just as 'free'
you get the function pointer which means you can do also pointer
arithmetics, so 'free > 0' is always valid even when you delete the
local variable.
Replace the local variables 'free' with a name that doesn't shadow the
'free()' function to prevent future hard to detect bugs.
(cherry picked from commit 855960ce461ebe88342cce3105b9bdff8347c83c)
Replace the custom DNS server used in the "fetchlimit" system test
with new code based on the isctest.asyncserver module.
Backport of MR !10614
Merge branch 'backport-stepan/fetchlimit-asyncserver-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10755
Replace the custom DNS server used in the "fetchlimit" system test
with new code based on the isctest.asyncserver module.
(cherry picked from commit 9ffc833919165289daed7a45e8a6cf81b6c13302)
Aggressive use of DNSSEC-Validated cache with NSEC was not working in scenarios when no parent NSEC was not in cache. This has been fixed.
Closes#5422
Backport of MR !10736
Merge branch 'backport-5422-aggressive-nsec-not-working-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10754
Add \007.no-apex-covering as an owner name so that the cache does
not get primed with a parent NSEC RRset to test the case where
dns_qp_lookup returns ISC_R_NOTFOUND.
(cherry picked from commit df0492420915dc48407da7855b35b73b0d9852ae)
dns_qp_lookup was returning ISC_R_NOTFOUND rather than DNS_R_PARTIALMATCH
when there wasn't a parent with a NSEC record in the cache. This was
causing find_coveringnsec to fail rather than returing the covering NSEC.
(cherry picked from commit 7de4207cb6dc9c65a4405a1710d15a723a6d2bf1)
The kasp test cases assume that keymgr operations on the zone under test
have been completed before the test is executed. These are typically
quite fast, but the logs need to be explicitly checked for the messages,
otherwise there's a possibility of race conditions causing the
kasp/rollover tests to become unstable.
Call the wait function in all the kasp/rollover tests where it is
expected (which is generally in each test, unless we're dealing with
unsigned zones).
Closes#5371
Backport of MR !10717
Merge branch 'backport-5371-wait-keymgr-done-rollover-kasp-tests-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10752
The kasp test cases assume that keymgr operations on the zone under test
have been completed before the test is executed. These are typically
quite fast, but the logs need to be explicitly checked for the messages,
otherwise there's a possibility of race conditions causing the
kasp/rollover tests to become unstable.
Call the wait function in all the kasp/rollover tests where it is
expected (which is generally in each test, unless we're dealing with
unsigned zones).
(cherry picked from commit 467b826162170334fe1c81cfde02b2fcb77c7725)
Many of our test cases only use a single NamedInstance from the
`servers` fixture. Introduce `nsX` helper fixtures to simplify these
tests and reduce boilterplate code further.
Specifically, the test no longer has to either define its own variable
to extract a single server from the list, or use the longer
servers["nsX"] syntax. While this may seem minor, the amount of times it
is repeated across the tests justifies the change. It also promotes
using more explicit server identification, i.e. `nsX`, rather than
generic `server`. This also improves the clarity of the tests and may be
helpful in traceback during debugging as well.
(cherry picked from commit fe5534291699572e67ad4a854b412e40c524307a)
Prior to this change, there was a single `rollover` test directory, containing 8 tests. These contained even more test scenarios, that were mostly unrelated to each other. This made debugging or even comprehending the tests difficult, as you'd often have to grasp the importance (or rather lack of it) of thousands of lines of setup, configuration and test code, and debug logs.
Now the tests were split up into 14 different test directories, containing 67 tests in total. This makes it much more comprehensible to understand what's going on in any single of these test cases, as there is no unrelated code. It also allows better parallelization and debugging of individual test cases, because of the improved granularity.
Backport of MR !10581
Merge branch 'backport-nicki/split-rollover-test-cases-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10751
Previously, a lot of the checking was re-implemented and duplicated from
check_rollover_step(). Use that function where possible and only
override the needed checks.
(cherry picked from commit d6dffe660352875e7cce6c4a5a201420775b5501)
This is a preparation to split up and further isolate the various
rollover tests in a subsequent commits.
(cherry picked from commit 44dd5b3240895154b95dd73f5a649fc08790ff1d)
Move key calculations and rollover step checks into the shared
isctest.kasp module. Deduplicate the key interval calculations.
(cherry picked from commit b4107103549868c5eeb228278cfe6d010d6d5e8c)
Rather than using multiple slightly modified named.conf files, use a
single template which can be rendered differently based on an input
argument -- in this case, csk_roll.
(cherry picked from commit 784a252425fdbea436ecb48b9992253623ac4f68)
- Refactor and extend the `WatchLog.wait_for_line()` API:
1. To allow for usage of one or more FlexPatterns, i.e. either plain
strings to be matched verbatim, or regular expressions. Both can be
used interchangeably to provide the caller to write simple and
readable test code, while allowing for increased complexity to allow
special cases.
2. Always return the regex match, which allows the caller to identify
which line was matched, as well as to extract any additional
information, such as individual regex groups.
- Add `WatchLog.wait_for_sequence()` and `WatchLog.wait_for_all()` helper functions
Backport of MR !10618
Merge branch 'backport-nicki/watchlog-improvements-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!10749
The test is troublesome, because NamedInstance(identifier) expects that
a directory with such a name exists. While it'd be possible to mock
those directories as well, it'd make the doctest overly long and
complex, which isn't justified, given that it's only testing a couple of
options. Turn it into regular documentation instead.
(cherry picked from commit dcfb6c23da975427e73a21a77636b6f5afcfe5ac)
The buffered reading of finished lines deserves its own class to make
its function clearer, rather than bundling it within the WatchLog class.
Co-Authored-By: Michał Kępień <michal@isc.org>
(cherry picked from commit ee782fb4b1ea17f3b01dc6d549481116409141bc)
Various improvements for typing, naming, code deduplication and better
code organization to make the code easier to read.
(cherry picked from commit 3c8432d19645d4cf1549f9ec5a3a776ab4213e2d)
The TimeoutError is raised when system functions time out. Define a
custom WatchLogTimeout to improve clarity.
(cherry picked from commit 628b47dd308a99fe1ea5bde5f1f4c1d88e0dadcf)
Extend the WatchLog API with a couple of new matching options.
wait_for_sequence() can be used to check a specific sequence of lines
appears in the log file in the given order.
wait_for_all() ensure that all the provided patterns appear in the log
at least once.
Co-authored-by: Colin Vidal <colin@isc.org>
(cherry picked from commit 0a839cd0bdd0256db68cbe85508a17bde6cb4595)
To allow re-use in upcoming functions, isolate the line matching logic
into a separate function. Use an instance-wide deadline attribute, which
is set by the calling function.
(cherry picked from commit 365f8b6af6e213398ad7d9084b0ebf9140b0933b)
In some cases, it can be useful to be able to re-use the same WatchLog
to wait for another line.
(cherry picked from commit 2afb3755b2ceb7066ce112e8f01c39cee27c02d5)
Rather than using two distinct functions for matching either one pattern
(wait_for_line()), or any of multiple patterns (wait_for_lines()), use a
single function that handles both in the same way.
Extend the wait_for_line() API:
1. To allow for usage of one or more FlexPatterns, i.e. either plain
strings to be matched verbatim, or regular expressions. Both can be
used interchangeably to provide the caller to write simple and
readable test code, while allowing for increased complexity to allow
special cases.
2. Always return the regex match, which allows the caller to identify
which line was matched, as well as to extract any additional
information, such as individual regex groups.
(cherry picked from commit 5840908ead3a1f1775bda6690c820bbcbfd9d849)
To simplify usage of multiple wait_for_*() calls, configure the timeout
value for the WatchLog instance, rather than specifying it for each
call.
This is a preparation/cleanup for implementing multiple wait_for_*()
calls in subsequent commits.
(cherry picked from commit f2679bff194e1bb00b3b0f25264f056e5ba60af5)
Move the line buffering functionality into _readline() to improve the
readability of code. This also allows reading the file contents from
other functions, since the line buffer is now an attribute of the class.
(cherry picked from commit 67896ddde2cc9058fc965eb50b263ca7909d24d7)
