When verifying a message in an offloaded thread there is a race with
the worker thread which writes to the same buffer. Clone the message
buffer before offloading.
Closes#4929
Backport of MR !9481
Merge branch 'backport-4929-data-race-in-dns_dnssec_verifymessage-memmove-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9490
When verifying a message in an offloaded thread there is a race with
the worker thread which writes to the same buffer. Clone the message
buffer before offloading.
(cherry picked from commit 35ef25e5ea)
When the libxml2 and libjson-c libraries are not supported, the statistics channel can't return anything useful, so it is now disabled. Use of `statistics-channel` in `named.conf` is a fatal error.
Closes#4895
Backport of MR !9423
Merge branch 'backport-4895-link-style-sheet-to-libxml2-support-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9486
If neither libxml2 nor libjson_c are available have named-checkconf
fail if a statistics-channels block is specified.
(cherry picked from commit b9246418e8)
The `statschannel` system test failed if only one of `libxml2` or `json-c` is
available / configured as checks were being run against the non available
statistics page.
Closes#4919
Backport of MR !9454
Merge branch 'backport-4919-fix-statschannel-system-test-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9483
Forward-port of !9375Closes#4832
Merge branch '4832-bind-arm-review-from-2022-through-9-18-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9480
clang 19 was updated in the base image.
Backport of MR !9475
Merge branch 'backport-mnowak/fix-clang-format-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9477
This change allows fallback from an IXFR failure to AXFR when the reason is `DNS_R_TOOMANYRECORDS`. This is because this error condition could be temporary only in an intermediate version of IXFR transactions and it's possible that the latest version of the zone doesn't have that condition. In such a case, the secondary would never be able to update the zone (even if it could) without this fallback.
This fallback behavior is particularly useful with the recently introduced `max-records-per-type` and `max-types-per-name` options: the primary may not have these limitations and may temporarily introduce "too many" records, breaking IXFR. If the primary side subsequently deletes these records, this fallback will help recover the zone transfer failure automatically; without it, the secondary side would first need to increase the limit, which requires more operational overhead and has its own adverse effect.
Closes#4928
Backport of MR !9333
Merge branch 'backport-fallback-ixfr-to-axfr-on-toomanyrecords-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9471
This change allows fallback from an IXFR failure to AXFR when the
reason is DNS_R_TOOMANYRECORDS. This is because this error condition
could be temporary only in an intermediate version of IXFR
transactions and it's possible that the latest version of the zone
doesn't have that condition. In such a case, the secondary would never
be able to update the zone (even if it could) without this fallback.
This fallback behavior is particularly useful with the recently
introduced max-records-per-type and max-types-per-name options:
the primary may not have these limitations and may temporarily
introduce "too many" records, breaking IXFR. If the primary side
subsequently deletes these records, this fallback will help recover
the zone transfer failure automatically; without it, the secondary
side would first need to increase the limit, which requires more
operational overhead and has its own adverse effect.
This change also fixes a minor glitch that DNS_R_TOOMANYRECORDS wasn't
logged in xfrin_fail.
(cherry picked from commit 7289090683)
The named process could terminate unexpectedly when processing access
control lists (ACLs). This has been fixed.
Closes#4908
Backport of MR !9458
Merge branch 'backport-4908-acl-assertion-failure-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9466
The rcu_xchg_pointer() function can be used outside of a critical
section, and usually must be followed by a synchronize_rcu() or
call_rcu() call to detach from the resource, unless if there are
some guarantees in place because of our own reference counting.
(cherry picked from commit 0367c60759)
This file was initially created for unit testing, but later code was added to generate the file. The static file should have been removed from the git repo.
Closes#4916
Backport of MR !9450
Merge branch 'backport-4916-skr-unit-test-rm-test-file-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9465
This file was initially created for unit testing, but later code was
added to generate the file. The static file should have been removed
from the git repo.
(cherry picked from commit 903534c9a9)
If the ZSK has unlimited lifetime, the timing metadata "Inactive" and "Delete" cannot be found and is treated as an error, preventing the zone to be signed. This has been fixed.
Closes#4914
Backport of MR !9447
Merge branch 'backport-4914-offline-ksk-zsk-lifetime-unlimited-bug-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9453
If the ZSK has lifetime unlimited, the timing metadata "Inactive" and
"Delete" cannot be found and is treated as an error. Fix by allowing
these metadata to not exist.
(cherry picked from commit 5af53a329f)
A very rare assertion failure can be triggered when the incoming transfer is either forcefully shut down or it is finished during printing the details about the statistics channel. This has been fixed.
Closes#4860
Backport of MR !9336
Merge branch 'backport-4860-destroy-xfrin-timers-on-the-loop-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9377
There are few places where we attach/detach from the dns_xfrin object
while running on a different thread than the zone's assigned thread -
xfrin_xmlrender() in the statschannel and dns_zone_stopxfr() to name the
two places where it happens now. In the rare case, when the incoming
transfer completes (or shuts down) in the brief period between the other
thread attaches and detaches from the dns_xfrin, the isc_timer_destroy()
calls would be called by the last thread calling the xfrin_detach().
In the worst case, it would be this other thread causing assertion
failure. Move the isc_timer_destroy() call to xfrin_end() function
which is always called on the right thread and to match this move
isc_timer_create() to xfrin_start() - although this other change makes
no difference.
(cherry picked from commit 3bca3cb5cf)
Administrators may wish to constrain the set of cores that BIND 9 runs on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on other O/S).
If the admin has used taskset, the `named` will now follow to automatically use the given number of CPUs rather than the system wide count.
Closes#4884
Backport of MR !9398
Merge branch 'backport-4884-use-cpuset-to-get-number-of-cpus-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9442
Administrators may wish to constrain the set of cores that BIND 9 runs
on via the 'taskset', 'cpuset' or 'numactl' programs (or equivalent on
other O/S), for example to achieve higher (or more stable) performance
by more closely associating threads with individual NIC rx queues. If
the admin has used taskset, it follows that BIND ought to
automatically use the given number of CPUs rather than the system wide
count.
Co-Authored-By: Ray Bellis <ray@isc.org>
(cherry picked from commit 5a2df8caf5)
Instead of keeping the whole array of test_node_t objects, just keep the
hashvalues and generated the rest of the test_node_t on the fly. The
test still works this way and the file size has been reduced from 2M to
90k.
Closes#4851
Backport of MR !9318
Merge branch 'backport-4851-generate-problematic-isc_hashmap-test-data-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9321
Instead of keeping the whole array of test_node_t objects, just keep the
hashvalues and generated the rest of the test_node_t on the fly. The
test still works this way and the file size has been reduced from 2M to
90k.
(cherry picked from commit 2310c322c0)
find->status is a private field of dns_adbfind_t so it now has an accessor function and has been made atomic.
Closes#4802
Backport of MR !9137
Merge branch 'backport-4802-address-potential-tsan-issue-with-find-status-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9433
Use the fact that the database returns the longest matching part of the requested name to find the required NSEC3 record. If there are multiple versions present in the database we may have to search further.
Closes#4460
Backport of MR !9436
Merge branch 'backport-4460-auth-nsec3-many-labels-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9438
Return partial match from dns_db_find/dns_db_find when requested
to short circuit the closest encloser discover process. Most of the
time this will be the actual closest encloser but may not be when
there yet to be committed / cleaned up versions of the zone with
names below the actual closest encloser.
(cherry picked from commit d42ea08f16)
Delay relinquishing root privileges until the control channel has been configured, for the benefit of systems that require root to use privileged port numbers. This mostly affects systems without fine-grained privilege systems (i.e., other than Linux).
Closes#4793
Backport of MR !9123
Merge branch 'backport-4793-bind-9-19-24-not-listening-to-rndc-port-953-on-localhost-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9444
On systems where root access is needed to configure privileged
ports, we don't want to fully relinquish root privileges until
after the control channel (which typically runs on port 953) has
been established.
named_os_changeuser() now takes a boolean argument 'permanent'.
This allows us to switch the effective userid temporarily with
named_os_changeuser(false) and restore it with named_os_restoreuser(),
before permanently dropping privileges with named_os_changeuser(true).
(cherry picked from commit d57fa148af)
With max-recursion-queries set to 50 the resolver system test was
unstable in the "checking query resolution for a domain with a valid
glueless delegation chain" check as ns1 replied with SERVFAIL.
Closes#4897
Backport of MR !9435
Merge branch 'backport-4897-resolver-ns1-max-recursion-queries-100-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9440
With max-recursion-queries set to 50 the resolver system test was
unstable in the "checking query resolution for a domain with a valid
glueless delegation chain" check as ns1 replied with SERVFAIL.
(cherry picked from commit 8e0244d300)
Move lock earlier in the call sequence to address access without lock report.
```
1559 /*
1560 * Caller must be holding the fctx lock.
1561 */
CID 468796: (#1 of 1): Data race condition (MISSING_LOCK)
1. missing_lock: Accessing fctx->state without holding lock fetchctx.lock. Elsewhere, fetchctx.state is written to with fetchctx.lock held 2 out of 2 times.
1562 REQUIRE(fctx->state == fetchstate_done);
1563
1564 FCTXTRACE("sendevents");
1565
1566 LOCK(&fctx->lock);
1567
```
Closes#4902
Backport of MR !9427
Merge branch 'backport-4902-accessing-fctx-state-without-holding-lock-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9437
fctx->state should be read with the lock held.
1559 /*
1560 * Caller must be holding the fctx lock.
1561 */
CID 468796: (#1 of 1): Data race condition (MISSING_LOCK)
1. missing_lock: Accessing fctx->state without holding lock fetchctx.lock.
Elsewhere, fetchctx.state is written to with fetchctx.lock held 2 out of 2 times.
1562 REQUIRE(fctx->state == fetchstate_done);
1563
1564 FCTXTRACE("sendevents");
1565
1566 LOCK(&fctx->lock);
1567
(cherry picked from commit 43f0b0e8eb)
Backport of MR !9424
Merge branch 'backport-mnowak/avoid-some-artifacts-in-stress-tests-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9428
