2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 06:25:31 +00:00
Commit Graph

37483 Commits

Author SHA1 Message Date
Matthijs Mekking
bc703a12e7 Remove checks when going to dnssec-policy none
The changes in the code have the side effect that the CDNSKEY and CDS
records in the secure version of the zone are not reusable and thus
are thrashed from the zone. Remove the apex checks for this use case.
We only care about that the zone is not immediately goes bogus, but
a user really should use the built-in "insecure" policy when unsigning
a zone.
2022-11-03 10:20:05 +01:00
Matthijs Mekking
ef1cb9935c Add nsec3 system test that transfers in NSEC3
Similar to an attempt to add NSEC through dynamic update, add a test
case that tries to add NSEC3 through zone transfer.
2022-11-03 10:20:05 +01:00
Matthijs Mekking
4cd8e8e9c3 Add two more nsec3 system tests
Add one more case that tests reconfiguring a zone to turn off
inline-signing. It should still be a valid DNSSEC zone and the NSEC3
parameters should not change.

Add another test to ensure that you cannot update the zone with a
NSEC3 record.
2022-11-03 10:20:05 +01:00
Matthijs Mekking
57ea9e08c6 Update kasp system test to work with .signed files
We no longer accept copying DNSSEC records from the raw zone to
the secure zone, so update the kasp system test that relies on this
accordingly.

Also add more debugging and store the dnssec-verify results in a file.
2022-11-03 10:20:05 +01:00
Matthijs Mekking
9018fbb205 Test changing from dynamic to inline-signing
Add a kasp system test that reconfigures a dnssec-policy zone from
maintaining DNSSEC records directly to the zone to using inline-signing.

Add a similar test case to the nsec3 system test, testing the same
thing but now with NSEC3 in use.
2022-11-03 10:20:05 +01:00
Ondřej Surý
52cf8205a0 Merge branch '3646-use-after-free-triggers-a-crash-in-reactivate_node' into 'main'
Don't cleanup the dead nodes when pruning the tree

Closes #3646

See merge request isc-projects/bind9!7018
2022-11-03 08:09:28 +00:00
Ondřej Surý
c429b52533 Don't cleanup the dead nodes when pruning the tree
The dead nodes might get reactivated during the db iterator walks the
version of the tree, so we can't cleanup the dead nodes while the db
version is open.  Restore the previous behaviour that cleaned up the
dead nodes when we are closing the version.
2022-11-03 09:06:08 +01:00
Ondřej Surý
7f19af2622 Merge branch '3641-cleanup-dead_nodes-from-prune_tree' into 'main'
Cleanup the dead nodes when pruning the tree

Closes #3641

See merge request isc-projects/bind9!7012
2022-11-02 18:08:42 +00:00
Ondřej Surý
625c6fd16f Add CHANGES for [GL #3641] 2022-11-02 13:10:42 +01:00
Ondřej Surý
be204bf4c7 Cleanup the dead nodes when pruning the tree
While sending the node to prune_tree(), we can also cleanup dead nodes
because we already hold the tree and node bucket write locks.
2022-11-02 13:06:52 +01:00
Ondřej Surý
0e04156f4b Merge branch 'ondrej-rework-pthread-rwlock-3' into 'main'
Make the pthread_rwlock implementation header-only macros [3/3]

See merge request isc-projects/bind9!6909
2022-11-02 09:56:33 +00:00
Ondřej Surý
0492bbf590 Make the pthread_rwlock implementation header-only macros [2/2]
While using mutrace, the phtread-rwlock based isc_rwlock implementation
would be all tracked in the rwlock.c unit losing all useful information
as all rwlocks would be traced in a single place.  Rewrite the
pthread_rwlock based implementation to be header-only macros, so we can
use mutrace to properly track the rwlock contention without heavily
patching mutrace to understand the libisc synchronization primitives.
2022-11-02 10:34:10 +01:00
Ondřej Surý
6bd201ccec Remove one level of indirection from isc_rwlock [1/2]
Instead of checking the PTHREAD_RUNTIME_CHECK from the header, move it
to the pthread_rwlock implementation functions.  The internal isc_rwlock
actually cannot fail, so the checks in the header was useless anyway.
2022-11-02 10:27:09 +01:00
Ondřej Surý
68cfbd238c Merge branch 'ondrej-rework-pthread-rwlock-2' into 'main'
Remove isc_rwlock_downgrade() from isc_rwlock [2/3]

See merge request isc-projects/bind9!6908
2022-11-02 08:52:27 +00:00
Ondřej Surý
1d448de802 Merge branch 'ondrej-rework-pthread-rwlock-1' into 'main'
Remove isc_rwlock_downgrade usage in rbtdb.c [1/3]

See merge request isc-projects/bind9!6907
2022-11-02 08:05:38 +00:00
Ondřej Surý
98b7a93772 Remove isc_rwlock_downgrade() from isc_rwlock
The isc_rwlock_downgrade() is not used anywhere, so we can remove it and
make the pthread_rwlock implementation simpler.
2022-11-02 09:05:37 +01:00
Ondřej Surý
e5f7fe1f65 Add strong rwlock consistency checks to dns_rbtdb
The dns_rbtdb unit already tracks the state of the node and tree rwlocks
during the top level function and passes the states of the locks to the
called functions.

Add the tree locking family of macros modeled after node locking macros,
and expand both to track the state of the lock in an external variable.
Additionally, in developer mode, add precondition to the macros, so the
lock is in required state - this should cause an assertion failure on
double locking instead of the thread getting stuck.
2022-11-02 08:45:48 +01:00
Ondřej Surý
006a7f0cb6 Remove isc_rwlock_downgrade usage in rbtdb.c
The only place where isc_rwlock_downgrade was being used was the
decrement_reference() where the code tries either relocks the node
rwlock to write and then tries to upgrade the tree lock.  When returning
from the function it tries to restore the locks into a previous state
which is nice, but kind of moot, because at every use of
decrement_reference() the node locks is immediately or almost
immeditately unlocked, and same holds for the tree lock.

Instead of trying to restore the node and tree lock into the initial
state, the decrement_reference now returns the state of the locks, so
the caller can then use the right unlock operation (read or write).
Only when the tree lock was originally unlocked, the decrement_reference
unlocks the tree lock before returning to the caller.
2022-11-02 08:45:48 +01:00
Ondřej Surý
395a5576b4 Merge branch '3583-make-libcap-mandatory-on-linux' into 'main'
Refactor the privilege dropping

Closes #3583

See merge request isc-projects/bind9!6873
2022-11-01 14:32:34 +00:00
Ondřej Surý
9ed03164ad Add CHANGES and release note for [GL #3583] 2022-11-01 14:37:30 +01:00
Ondřej Surý
576345a447 Refactor the privilege dropping
On Linux, the libcap is now mandatory.  It makes things simpler for us.

System without {set,get}res{uid,gid} now have compatibility shim using
setreuid/setregid or seteuid/setegid to setup effective UID/GID, so the
same code can be called all the time (including on Linux).
2022-11-01 14:37:30 +01:00
Artem Boldariev
64a26f54b0 Merge branch 'artem-fix-tlsdns-tcpdns-unit-tests-connect-func-passing' into 'main'
Fix TCP and TLS DNS tests: properly pass connection callback

See merge request isc-projects/bind9!6986
2022-11-01 13:24:23 +00:00
Artem Boldariev
cad73b95bf TLS DNS unit tests: do not share the port with TCP DNS tests
TLS DNS unit tests were sharing the port with TCP DNS tests by
mistake. That could have caused conflicts between the two, when
running the unit tests in parallel. This commit fixes that.
2022-11-01 14:42:08 +02:00
Artem Boldariev
5167cc5982 TCP and TLS DNS tests: properly pass connection callback
After the loop manager refactoring TCP DNS and TLS DNS unit tests
ended up broken.

The problem is that in these unit tests the code is written in such a
way that for establishing a new connection tcpdns_connect() and
tlsdns_connect() functions are used. However, in these tests as a
connection callback function connect_connect_cb() is used. The
function logic is responsible for determining the function for
establishing subsequent connection.

To do so, it called get_stream_connect_function() ... which can return
only tcp_connect() or tls_connect(), not tcpdns_connect() or
tlsdns_connect(). That is definitely *not* what was implied.

All this time the unit tests were testing something, but now what was
intended.

This commit fixes the problem by passing the tcpdns_connect() and
tlsdns_connect() function pointers to connect_connect_cb().
2022-11-01 14:42:08 +02:00
Ondřej Surý
53d6a0dab0 Merge branch '3583-bind-to-interfaces-early' into 'main'
Rescan interfaces before dropping privileges

Closes #3583

See merge request isc-projects/bind9!6875
2022-11-01 10:50:33 +00:00
Ondřej Surý
3b9295fcd9 Add CHANGES note for [GL #3583] 2022-11-01 11:49:21 +01:00
Ondřej Surý
04a5477eb2 Rescan interfaces before dropping privileges
The ns_interfacemgr_scan() now requires the loopmgr to be running, so we
need to end exclusive mode for the rescan and then begin it again.

This is relatively safe operation (because the scan happens on the timer
anyway), but we need to ensure that we won't load the configuration from
different threads.  This is already the case because the initial load
happens on the main thread and the control channel also listens just on
the main loop.
2022-11-01 11:48:56 +01:00
Arаm Sаrgsyаn
f7f13f430b Merge branch '2895-named-can-create-unrecoverable-managed-keys' into 'main'
Don't trust a placeholder KEYDATA record

Closes #2895

See merge request isc-projects/bind9!7003
2022-11-01 10:48:18 +00:00
Aram Sargsyan
3bf4bc7336 Add CHANGES and release notes for [GL #2895] 2022-11-01 09:51:28 +00:00
Aram Sargsyan
354ae2d7e3 Don't trust a placeholder KEYDATA record
When named starts it creates an empty KEYDATA record in the managed-keys
zone as a placeholder, then schedules a key refresh. If key refresh
fails for some reason (e.g. connectivity problems), named will load the
placeholder key into secroots as a trusted key during the next startup,
which will break the chain of trust, and named will never recover from
that state until managed-keys.bind and managed-keys.bind.jnl files are
manually deleted before (re)starting named again.

Before calling load_secroots(), check that we are not dealing with a
placeholder.
2022-11-01 09:50:34 +00:00
Aram Sargsyan
8c48eabbc1 Test managed-keys placeholder
Add a dnssec test to make sure that named can correctly process a
managed-keys zone with a placeholder KEYDATA record.
2022-11-01 09:50:34 +00:00
Evan Hunt
faad579301 Merge branch '3617-keyfetch-race' into 'main'
call dns_resolver_createfetch() asynchronously in zone_refreshkeys()

Closes #3617

See merge request isc-projects/bind9!6971
2022-11-01 06:28:04 +00:00
Evan Hunt
1ab97cd41b CHANGES for [GL #3617] 2022-10-31 14:40:40 -07:00
Evan Hunt
31c53235dd Call dns_resolver_createfetch() asynchronously in zone_refreshkeys()
Because dns_resolver_createfetch() locks the view, it was necessary
to unlock the zone in zone_refreshkeys() before calling it in order
to maintain the lock order, and relock afterward. this permitted a race
with dns_zone_synckeyzone().

This commit moves the call to dns_resolver_createfetch() into a separate
function which is called asynchronously after the zone has been
unlocked.

The keyfetch object now attaches to the zone to ensure that
it won't be shut down before the asynchronous call completes.

This necessitated refactoring dns_zone_detach() so it always runs
unlocked. For managed zones it now schedules zone_shutdown() to
run asynchronously, and for unmanaged zones, it requires the last
dns_zone_detach() to be run without loopmgr running.
2022-10-31 14:34:12 -07:00
Ondřej Surý
16be88d14f Merge branch '3634-dont-enforce-jemalloc-on-NetBSD' into 'main'
Don't enforce jemalloc on NetBSD

Closes #3634

See merge request isc-projects/bind9!7004
2022-10-31 15:14:37 +00:00
Ondřej Surý
fdf1e226fd Add CHANGES note for [GL #3634] 2022-10-31 14:48:08 +00:00
Ondřej Surý
feea72414b Don't enforce jemalloc on NetBSD
The NetBSD system allocator is in fact based on the jemalloc, but it
doesn't export the extended interface, so we can't use that.  Remove
the jemalloc enforcement for the NetBSD.
2022-10-31 14:46:30 +00:00
Evan Hunt
07e2b57152 Merge branch '3632-async-backwards' into 'main'
isc_async_run() runs events in reverse order

Closes #3632

See merge request isc-projects/bind9!7000
2022-10-31 13:24:38 +00:00
Evan Hunt
dc878e3098 isc_async_run() runs events in reverse order
when more than one event was scheduled in the isc_aysnc queue,
they were executed in reverse order. we need to pull events
off the back of queue instead the front, so that uv_loop will
run them in the right order.

note that isc_job_run() has the same behavior, because it calls
uv_idle_start() directly. in that case we just document it so
it'll be less surprising in the future.
2022-10-31 05:43:45 -07:00
Evan Hunt
0f4af13906 Merge branch 'each-fix-fuzz' into 'main'
fix build error in fuzz tests

See merge request isc-projects/bind9!6997
2022-10-31 11:28:38 +00:00
Evan Hunt
428eac45ba fix build error in fuzz tests
a missing include file caused dns_message_checksig.c to fail
to build on some platforms. this has been fixed.
2022-10-31 04:28:01 -07:00
Evan Hunt
792d69855a Merge branch 'each-dupsigs-test' into 'main'
make dupsigs test less timing-sensitive

See merge request isc-projects/bind9!6998
2022-10-31 11:23:41 +00:00
Evan Hunt
d9b85cbaae make dupsigs test less timing-sensitive
the dupsigs test is prone to failing on slow CI machines
because the first test can occur before the zone is fully
signed.

instead of just waiting ten seconds arbitrarily, we now
check every second, and allow up to 30 seconds before giving
up.
2022-10-31 04:03:01 -07:00
Ondřej Surý
a69ba0b6bf Merge branch '3628-cleanup-task-from-dns_masterdump' into 'main'
Refactor zone loading and dumping to use offloaded work

Closes #3628

See merge request isc-projects/bind9!6990
2022-10-31 10:30:49 +00:00
Ondřej Surý
8fc229c17a Add CHANGES note for [GL #3628] 2022-10-31 10:30:27 +00:00
Ondřej Surý
04670889bc Refactor dns_master_dump*async() to use offloaded work
The dns_master_dump*async() functions were using isc_async_run() to
schedule work on the active loop; use isc_work_enqueue() instead.
2022-10-31 10:30:27 +00:00
Evan Hunt
b54c721894 refactor dns_master_dump*async() to use loop callbacks
Asynchronous zone dumping now uses loop callbacks instead of
task events.
2022-10-31 10:30:27 +00:00
Evan Hunt
d63f742b42 Merge branch '3631-fix-zone-maintenance-race' into 'main'
fix a potential data race in zone_maintenance()

Closes #3631

See merge request isc-projects/bind9!6999
2022-10-31 10:24:24 +00:00
Evan Hunt
f92b946df3 fix a potential data race in zone_maintenance()
zone_maintenance() accessed zone timer information without locking.
2022-10-31 02:54:40 -07:00
Ondřej Surý
a20d0008da Merge branch '3625-run-zone-loading-as-offloaded-task' into 'main'
Move the zone loading to the offloaded threads

Closes #3625

See merge request isc-projects/bind9!6985
2022-10-31 06:24:23 +00:00