2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-29 13:38:26 +00:00

41111 Commits

Author SHA1 Message Date
Ondřej Surý
381763120b Merge branch '4187-auto-vectorize-compiler-optimization-causing-exception-crash' into 'main'
Use proper padding instead of using alignas()

Closes #4187

See merge request isc-projects/bind9!8530
2024-02-08 11:17:58 +00:00
Ondřej Surý
306124b385
Add CHANGES note for [GL #4187] 2024-02-08 10:54:57 +01:00
Ondřej Surý
2463e5232d
Use proper padding instead of using alignas()
As it was pointed out, the alignas() can't be used on objects larger
than `max_align_t` otherwise the compiler might miscompile the code to
use auto-vectorization on unaligned memory.

As we were only using alignas() as a way to prevent false memory
sharing, we can use manual padding in the affected structures.
2024-02-08 10:54:35 +01:00
Ondřej Surý
05e60a0af6 Merge branch 'ondrej/various-rbtdb-fixes' into 'main'
Various rbtdb fixes and optimizations

See merge request isc-projects/bind9!8675
2024-02-08 07:34:07 +00:00
Ondřej Surý
8404129471
Use DNS_QPGC_MAYBE instead of DNS_QPGC_ALL for more realistic load
In the benchmarks, DNS_QPGC_ALL was trying to hard to cleanup QP
and this was slowing down QP too much.  Use DNS_QPGC_MAYBE instead
that we are going to use anyway for more realistic load - this also
shows the memory usage matching the real loads.
2024-02-08 08:33:36 +01:00
Ondřej Surý
6e81717cff
Add CHANGES note for [GL !8675] 2024-02-08 08:33:36 +01:00
Ondřej Surý
3f774c2a8a
Optimize cname_and_other_data to stop as earliest as possible
Stop the cname_and_other_data processing if we already know that the
result is true.  Also, we know that CNAME will be placed in the priority
headers, so we can stop looking for CNAME if we haven't found CNAME and
we are past the priority headers.
2024-02-08 08:33:36 +01:00
Ondřej Surý
3ac482be7f
Optimize the slabheader placement for certain RRTypes
Mark the infrastructure RRTypes as "priority" types and place them at
the beginning of the rdataslab header data graph.  The non-priority
types either go right after the priority types (if any).
2024-02-08 08:33:36 +01:00
Ondřej Surý
5070c7f5c7
Fix missing RRSIG for CNAME with different slabheader order
The cachedb was missing piece of code (already found in zonedb) that
would make lookups in the slabheaders to miss the RRSIGs for CNAME if
the order of CNAME and RRSIG(CNAME) was reversed in the node->data.
2024-02-08 08:02:48 +01:00
Ondřej Surý
f89e3e04cf Merge branch 'ondrej/isc-mem-rcu-barrier-improvements' into 'main'
Use _exit() in the fatal() function

See merge request isc-projects/bind9!8703
2024-02-08 07:02:21 +00:00
Ondřej Surý
0c18ed7ec6
Remove isc__tls_setfatalmode() function and the calls
With _exit() instead of exit() in place, we don't need
isc__tls_setfatalmode() mechanism as the atexit() calls will not be
executed including OpenSSL atexit hooks.
2024-02-08 08:01:58 +01:00
Ondřej Surý
76997983fd
Use EXIT_SUCCESS and EXIT_FAILURE
Instead of randomly using -1 or 1 as a failure status, properly utilize
the EXIT_FAILURE define that's platform specific (as it should be).
2024-02-08 08:01:58 +01:00
Ondřej Surý
e140743e6a
Improve the rcu_barrier() call when destroying the mem context
Instead of crude 5x rcu_barrier() call in the isc__mem_destroy(), change
the mechanism to call rcu_barrier() until the memory use and references
stops decreasing.  This should deal with any number of nested call_rcu()
levels.

Additionally, don't destroy the contextslock if the list of the contexts
isn't empty.  Destroying the lock could make the late threads crash.
2024-02-08 08:01:58 +01:00
Ondřej Surý
4bec711fe3
Use _exit() in the fatal() function
Since the fatal() isn't a correct but rather abrupt termination of the
program, we want to skip the various atexit() calls because not all
memory might be freed during fatal() call, etc.  Using _exit() instead
of exit() has this effect - the program will end, but no destructors or
atexit routines will be called.
2024-02-08 08:01:58 +01:00
Ondřej Surý
4e2e2a13b7 Merge branch 'ondrej/use-error-checking-mutex-on-linux' into 'main'
Always use adaptive mutexes on Linux and use error checking mutexes in developer mode

See merge request isc-projects/bind9!8693
2024-02-07 21:55:31 +00:00
Ondřej Surý
2c98ccbdba
Use error checking mutex in developer mode on Linux
When developer mode is enabled, use error checking mutex type, so we can
discover wrong use of mutexes faster.
2024-02-07 20:54:05 +01:00
Ondřej Surý
01038d894f
Always use adaptive mutexes on Linux
When adaptive mutexes are available (with glibc), always use them.
Remove the autoconf switch and also fix the static initializer.
2024-02-07 20:54:05 +01:00
Ondřej Surý
cb1d2e57e9
Remove unused mutex from netmgr
The netmgr->lock was dead code, remove it.
2024-02-07 20:54:05 +01:00
Mark Andrews
8c6531d326 Merge branch '4519-check-return-value-of-snprintf-in-lib-isccfg-check-c' into 'main'
Resolve "Check return value of snprintf in lib/isccfg/check.c"

Closes #4519

See merge request isc-projects/bind9!8624
2024-02-07 13:49:19 +00:00
Mark Andrews
2f87c429a2 cleanup isc_symtab_define with isc_symexists_replace 2024-02-07 13:52:10 +11:00
Mark Andrews
1fb61494a8 Add RUNTIME_CHECK 2024-02-07 13:40:03 +11:00
Mark Andrews
95de7f829c Ensure keyname buffer is big enough
Use a temporary string rather than a fixed buffer to construct
the keyname.
2024-02-07 13:39:51 +11:00
Mark Andrews
7cced1732d cleanup isc_symtab_undefine callers
isc_symtab_undefine now only return ISC_R_SUCCESS and ISC_R_EXISTS.
Cleanup callers looking for other values.
2024-02-07 12:56:39 +11:00
Mark Andrews
248b713b0c Merge branch '4561-shutdown-test-doesn-t-log-everything-to-named-run' into 'main'
Resolve "Shutdown test doesn't log everything to named.run"

Closes #4561

See merge request isc-projects/bind9!8695
2024-02-07 01:03:05 +00:00
Tom Krizek
fb70c4d475 Re-enable rndc shutdown test
The issue preventing a proper rndc shutdown was recently fixed and
the test now passes.
2024-02-07 11:29:47 +11:00
Mark Andrews
3651c58a6a Capture the resolver's startup and shutdown logging
Also set the debugging to 99.
2024-02-07 11:29:47 +11:00
Mark Andrews
65a3450b8b Merge branch '4529-abort-in-nsupdate-2' into 'main'
Resolve "Abort in nsupdate"

Closes #4529

See merge request isc-projects/bind9!8658
2024-02-06 23:27:05 +00:00
Mark Andrews
4087a75fd6 Add CHANGES entry for [GL #4529] 2024-02-07 09:53:03 +11:00
Mark Andrews
4b93ae74c7 Restore dns_requestmgr_shutdown re-entrancy
In the conversion to rcu the ability to call dns_requestmgr_shutdown
multiple times was lost.  nsupdate depended on this.  Restore support
for that.
2024-02-07 09:52:32 +11:00
Arаm Sаrgsyаn
97b3477d0a Merge branch '4241-expose-zone-first-time-refreshes' into 'main'
Resolve "Expose data about 'first time' zone maintenance in-progress"

Closes #4241

See merge request isc-projects/bind9!8481
2024-02-06 11:26:28 +00:00
Aram Sargsyan
1d064d3257 Add a release note for [GL #4241] 2024-02-05 17:45:19 +00:00
Aram Sargsyan
e17079e375 Add a CHANGES note for [GL #4241] 2024-02-05 17:41:53 +00:00
Aram Sargsyan
e3557f8661 Add a check for the 'first refresh' data in rndc status
Check that 'rndc status' correctly indicates the expected number
of the secondary zones which have the 'first refresh' flag set.
2024-02-05 17:41:14 +00:00
Aram Sargsyan
0b6ee6b953 Add a check for the 'first refresh' data in the stats channel
Currently we test the incoming zone transfers data in the statistics
channel by retransfering the zones in slow mode and capturing the XML
and JSON outputs in the meantime to check their validity. Add a new
transfer to the test, and check that the XML and JSON files correctly
indicate that we have 3 retransfers and 1 new (first time) transfer.
2024-02-05 17:41:14 +00:00
Aram Sargsyan
2ec041b719 Expose the 'first refresh' zone flag in rndc status
Expose the newly added 'first refresh' flag in the information
provided by the 'rndc staus' command, by showing the number of
zones, which are not yet fully ready, and their first refresh
is pending or is in-progress.
2024-02-05 17:41:14 +00:00
Aram Sargsyan
0a1f05987f Expose 'first refresh' zone flag in stats channel
Add a new zone flag to indicate that a secondary type zone is
not yet fully ready, and a first time refresh is pending or is
in progress.

Expose this new flag in the statistics channel's "Incoming Zone
Transfers" section.
2024-02-05 17:41:14 +00:00
Arаm Sаrgsyаn
87942ee0b4 Merge branch '4373-dnssec-validation-yes-should-fail-without-trust-anchors' into 'main'
'dnssec-validation yes' should fail when no trust anchors are configured

Closes #4373

See merge request isc-projects/bind9!8575
2024-02-02 19:55:00 +00:00
Aram Sargsyan
85f966a8f6 Document a specific 'dnssec-validation yes' usage incompatibility
Static trust anchor for the root zone can not be used with
'dnssec-validation auto'.
2024-02-02 19:54:09 +00:00
Aram Sargsyan
d28fd93a58 Use trust anchors with 'dnssec-validation yes' in system tests
Explicitly use an empty 'trust-anchors' statement in the system
tests where it was used implicitly before.

In resolver/ns5/named.conf.in use the trust anchor in 'trusted.conf',
which was supposed to be used there.
2024-02-02 19:54:09 +00:00
Aram Sargsyan
fdb7e4e3f5 Add CHANGES and release notes for [GL #4373] 2024-02-02 19:54:08 +00:00
Aram Sargsyan
0d47f565ea Test trusted anchors configurations for 'dnssec-validation yes'
Add checks into the  'checkconf' system test to make sure that the
'dnssec-validation yes' option fails without configured trusted
anchors, and succeeds with configured non-empty, as well as empty
trusted anchors.
2024-02-02 19:53:45 +00:00
Aram Sargsyan
e8fa9aa5c7 Document new requirements for 'dnssec-validation yes'
Using the 'dnssec-validation yes' option now requires an explicitly
confgiured 'trust-anchors' statement (or 'managed-keys' or
'trusted-keys', both deprecated).
2024-02-02 19:53:45 +00:00
Aram Sargsyan
4cdef214d2 Require trust anchors for 'dnnsec-validation yes'
Using the 'dnssec-validation yes' option now requires an explicitly
confgiured 'trust-anchors' statement (or 'managed-keys' or
'trusted-keys', both deprecated).
2024-02-02 19:53:45 +00:00
Matthijs Mekking
308ed1a1ea Merge branch '4531-improve-parental-agents-definition-arm' into 'main'
Improve parental-agents definition in ARM

Closes #4531

See merge request isc-projects/bind9!8650
2024-02-02 16:19:05 +00:00
Matthijs Mekking
ab9c62f4b9 Add CHANGES for #4531
Improve ARM parental-agents definition.
2024-02-02 16:45:31 +01:00
Matthijs Mekking
604f8e7797 Improve parental-agents definition in ARM
"A parental agent is the entity that is allowed to change a zone's
delegation information" is untrue, because it is possible to use some
hidden server or a validating resolver.

Also the new text makes it more clear that named sends DS queries to
these servers.
2024-02-02 16:45:11 +01:00
Arаm Sаrgsyаn
a863450695 Merge branch 'aram/dns-getdb-flags-fix' into 'main'
Fix the DNS_GETDB_STALEFIRST flag

See merge request isc-projects/bind9!8683
2024-02-02 15:05:58 +00:00
Aram Sargsyan
f329c1ebc9 Add a CHANGES note for [GL !8683] 2024-02-02 14:15:31 +00:00
Aram Sargsyan
0d7c7777da Improve the definition of the DNS_GETDB_* flags
Use the (1 << N) form for defining the flags, in order to avoid
errors like the one fixed in the previous commit.

Also convert the definitions to an enum, as done in some of our
recent refactoring work.
2024-02-02 14:15:31 +00:00
Aram Sargsyan
be7d8fafe2 Fix the DNS_GETDB_STALEFIRST flag
The DNS_GETDB_STALEFIRST flag is defined as 0x0C, which is the
combination of the DNS_GETDB_PARTIAL (0x04) and the
DNS_GETDB_IGNOREACL (0x08) flags (0x04 | 0x08 == 0x0C) , which is
an obvious error.

All the flags should be power of two, so they don't interfere with
each other. Fix the DNS_GETDB_STALEFIRST flag by setting it to 0x10.
2024-02-02 13:50:57 +00:00