2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 22:15:20 +00:00
Commit Graph

43012 Commits

Author SHA1 Message Date
Matthijs Mekking
d9f90b7fd7 Allow for lifetime not set in state file
When migrating to dnssec-policy, keys that do not match will not have
a lifetime set. Adjust the test code to allow for that. Setting '-'
in a key properties string signals lifetime is expected not to be set.

(cherry picked from commit 89e90c30f8)
2025-08-19 14:10:24 +00:00
Matthijs Mekking
8e538518f4 Update set_expected_keytimes for migrate case
If we are migrating keys, we should take the existing key timing
metadata to initialise the state values. These tests will only setup
keys with Publish/Activate/SyncPublish times, because the Retire and
Remove timings will still need to be adjusted to the DNSSEC policy.

(cherry picked from commit 1a8cbf11fe)
2025-08-19 14:10:24 +00:00
Ondřej Surý
0c2c477c31 [9.20] chg: dev: Update clang-format style with options added in newer versions
Add and apply InsertBraces statement to add missing curly braces around one-line statements and use ControlStatementsExceptControlMacros for SpaceBeforeParens to remove space between foreach macro and the brace, e.g. `FOREACH (x) {` becomes `FOREACH(x) {`.

Backport of MR !10863

Merge branch 'backport-ondrej/update-clang-format-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10864
2025-08-19 09:06:14 +02:00
Ondřej Surý
87c926ade7 Ignore clang-format reformatting commits
(cherry picked from commit 255f484f49)
2025-08-19 08:09:02 +02:00
Ondřej Surý
8f8fb10232 Use ControlStatementsExceptControlMacros for SpaceBeforeParens
> Put a space before opening parentheses only after control statement
> keywords (for/if/while...) except this option doesn’t apply to ForEach
> and If macros. This is useful in projects where ForEach/If macros are
> treated as function calls instead of control statements.

(cherry picked from commit 42496f3f4a)
2025-08-19 08:08:23 +02:00
Ondřej Surý
58791b5cfe Add and apply InsertBraces statement
> Insert braces after control statements (if, else, for, do, and while)
> in C++ unless the control statements are inside macro definitions or
> the braces would enclose preprocessor directives.

(cherry picked from commit d051e1e8f8)
2025-08-19 08:07:41 +02:00
Nicki Křížek
dcfcafde49 [9.20] fix: ci: Update DNS Shotgun parameters for an updated dataset
We've switched to an updated dataset for shotgun jobs. The change in
underlying traffic caused the more sensitive doh-get (and partially dot)
jobs to overload the resolver, making the jobs unstable and unreliable,
due to an increased number of timeouts.

Readjust the load parameters slightly to avoid exceeding ~2 % of
timeouts in the cold cache scenario to stabilize the job results.

Backport of MR !10841

Merge branch 'backport-nicki/ci-shotgun-load-new-dataset-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10856
2025-08-14 23:58:11 +02:00
Nicki Křížek
27c25ee56c Update DNS Shotgun parameters for an updated dataset
We've switched to an updated dataset for shotgun jobs. The change in
underlying traffic caused the more sensitive doh-get (and partially dot)
jobs to overload the resolver, making the jobs unstable and unreliable,
due to an increased number of timeouts.

Readjust the load parameters slightly to avoid exceeding ~2 % of
timeouts in the cold cache scenario to stabilize the job results.

(cherry picked from commit 338389b3eb)
2025-08-14 23:18:06 +02:00
Mark Andrews
a64df9729b [9.20] fix: dev: Use DNS_RDATACOMMON_INIT to hide branch differences
Initialization of the common members of rdata type structures varies across branches. Standardize it by using the `DNS_RDATACOMMON_INIT` macro for all types, so that new types are more likely to use it, and hence backport more cleanly.

Closes #5467

Merge branch '5467-use-dns_rdatacommon_init-to-hide-branch-differences-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10834
2025-08-15 06:59:05 +10:00
Mark Andrews
afb019f3f0 Use DNS_RDATACOMMON_INIT to hide branch differences
Initialization of the common members of rdata type structures varies
across branches. Standardize it by using the DNS_RDATACOMMON_INIT
macro for all types, so that new types are more likely to use it,
and hence backport more cleanly.
2025-08-15 06:22:47 +10:00
Michal Nowak
6befa85bd1 [9.20] fix: ci: Set more lenient respdiff limits
After !9950, respdiff's maximal disagreement percentage needs to be
adjusted as target disagreements between the tested version of the
"main" branch and the reference one jumped for the respdiff,
respdiff:asan, and respdiff:tsan jobs from on average 0.07% to 0.16% and
from 0.12% to 0.17% for the respdiff-third-party job.

In !9950, we concluded setting MAX_DISAGREEMENTS_PERCENTAGE to double
the average disagreement percentage works fine in the CI.

(cherry picked from commit 9acc0c8543)

Backport of MR !10293

Merge branch 'backport-mnowak/more-lenient-respdiff-limits-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10847
2025-08-14 16:14:16 +02:00
Michal Nowak
0e90fdfe95 Set more lenient respdiff limits
After !9950, respdiff's maximal disagreement percentage needs to be
adjusted as target disagreements between the tested version of the
"main" branch and the reference one jumped for the respdiff,
respdiff:asan, and respdiff:tsan jobs from on average 0.07% to 0.16% and
from 0.12% to 0.17% for the respdiff-third-party job.

In !9950, we concluded setting MAX_DISAGREEMENTS_PERCENTAGE to double
the average disagreement percentage works fine in the CI.

(cherry picked from commit 9acc0c8543)
2025-08-14 16:12:06 +02:00
Andoni Duarte
57322af3ea chg: doc: Set up version for BIND 9.20.13
Merge branch 'andoni/set-up-version-for-bind-9.20.13' into 'bind-9.20'

See merge request isc-projects/bind9!10853
2025-08-14 11:07:11 +00:00
Andoni Duarte Pintado
37365f42b9 Update BIND version to 9.20.13-dev 2025-08-14 12:27:25 +02:00
Štěpán Balážik
0938b13ecd [9.20] fix: test: Fix the .hypothesis directory to bin/tests/system/.hypothesis
Previously the location of the .hypothesis directory would depend on the
current working directory when running pytest.

Set the HYPOTHESIS_STORAGE_DIRECTORY explicitly.

Closes #5424

Backport of MR !10825

Merge branch 'backport-5424-hypothesis-artifacts-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10828
2025-08-06 12:32:01 +00:00
Štěpán Balážik
dd6023ed4d Fix the .hypothesis directory to bin/tests/system/.hypothesis
Previously the location of the .hypothesis directory would depend on the
current working directory when running pytest.

Set the HYPOTHESIS_STORAGE_DIRECTORY explicitly.

(cherry picked from commit a4e74ab8cd)
2025-08-06 11:58:06 +00:00
Evan Hunt
4793397ad5 [9.20] new: test: Update filter-aaaa test
Renamed the `filter-aaaa` system test to `filters`, converted it to python, and added test cases to exercise the `filter-a` plugin as well.

Backport of MR !10730

Merge branch 'backport-each-test-filter-a-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10832
2025-08-06 07:47:46 +00:00
Nicki Křížek
bd33597ab3 Use full path for shared test code imports in rollover tests
Previously, symlinks and relative directory imports were used in test
modules. This caused a name clash when a shared code module "common.py"
was introduced for a different test. To avoid the issue, use full paths
in imports.

(cherry picked from commit e49c467efb)
2025-08-06 00:23:23 -07:00
Nicki Křížek
f7d4213605 Split up and parametrize filters tests
Move tests which use different configuration to dedicated modules to
avoid possible interference with other tests.

Parametrize the test cases to have a dedicated test for each server
configuration.

Turn the check_filter() comments into log messages to help with
debugging.

(cherry picked from commit cbebeacec1)
2025-08-06 00:23:23 -07:00
Evan Hunt
d7a7dc06e9 rename filter-aaaa to filters
since the test now covers both plugins, the filter-aaaa name is
misleading.

(cherry picked from commit 28a3706ec5)
2025-08-06 00:23:11 -07:00
Evan Hunt
80cc68235d add filter-a tests
add test cases to exercise the filter-a plugin.

(cherry picked from commit 1c5363cf99)
2025-08-06 00:05:09 -07:00
Evan Hunt
a4e426d6c8 reduce code duplication in filter-aaaa test
cut down the number of identical lines in the filter-aaaa test:
- replace identical test cases with small check functions
  (check_aaaa_only, check_any, check_nodata, etc).
- group those together into large check functions (check_filter,
  check_filter_other_family) that have options for recursive and
  break_dnssec, then run those for each combination of options
  on servers connfigured with filter-aaaa-on-v4 and filter-aaaa-on-v6.

(cherry picked from commit 58fe984c95)
2025-08-06 00:05:09 -07:00
Evan Hunt
681e61817b convert filter-aaaa test to python
use pytest for the filter-aaaa test.

In order to implement this, isctest.mark can now test whether IPv6 is
configured by calling testsock6.pl.

(cherry picked from commit b234c6d954)
2025-08-06 00:04:39 -07:00
Mark Andrews
f440fe712d [9.20] new: usr: Support for parsing the DSYNC record has been added
Closes #5440

Backport of MR !10776

Merge branch 'backport-5440-add-dsync-record-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10820
2025-08-06 15:17:57 +10:00
Mark Andrews
ae6704b4fb Add tests for DSYNC
(cherry picked from commit 53c8c5233a)
2025-08-06 13:47:33 +10:00
Mark Andrews
34c9dde184 Add support for parsing and displaying DSYNC rdata type
(cherry picked from commit c47615094e)
2025-08-06 13:47:33 +10:00
Mark Andrews
ce6078d2b9 Add support for parsing DSYNC scheme mnemonics
Adds dns_dsyncscheme_fromtext, dns_dsyncscheme_totext and
dns_dsyncscheme_format.  Adds type dns_dsyncscheme_t.

(cherry picked from commit 6e1311c624)
2025-08-06 13:13:34 +10:00
Alessio Podda
9a046cbed5 [9.20] chg: dev: Adaptive memory allocation strategy for qp-tries
qp-tries allocate their nodes (twigs) in chunks to reduce allocator pressure and improve memory locality. The choice of chunk size presents a tradeoff: larger chunks benefit qp-tries with many values (as seen in large zones and resolvers) but waste memory in smaller use cases.

Previously, our fixed chunk size of 2^10 twigs meant that even an empty qp-trie would consume 12KB of memory, while reducing this size would negatively impact resolver performance.

This MR implements an adaptive chunking strategy that tracks the size of the most recently allocated chunk and doubles the chunk size for each new allocation until reaching a predefined maximum.

This approach effectively balances memory efficiency for small tries while maintaining the performance benefits of larger chunk sizes for bigger data structures.

Backport of MR !10245

Closes #5445

Merge branch '5445-qp-small-alloc' into 'bind-9.20'

See merge request isc-projects/bind9!10804
2025-08-05 11:22:45 +00:00
Alessio Podda
2705e13339 Tune min and max chunk size
Before implementing adaptive chunk sizing, it was necessary to ensure
that a chunk could hold up to 48 twigs, but the new logic will size-up
new chunks to ensure that the current allocation can succeed.

We exploit the new logic in two ways:
 - We make the minimum chunk size smaller than the old limit of 2^6,
   reducing memory consumption.
 - We make the maximum chunk size larger, as it has been observed that
   it improves resolver performance.

(cherry picked from commit d7064c9b88)
2025-08-05 12:48:19 +02:00
alessio
d21f63884a Adaptive memory allocation strategy for qp-tries
qp-tries allocate their nodes (twigs) in chunks to reduce allocator
pressure and improve memory locality. The choice of chunk size presents
a tradeoff: larger chunks benefit qp-tries with many values (as seen
in large zones and resolvers) but waste memory in smaller use cases.

Previously, our fixed chunk size of 2^10 twigs meant that even an
empty qp-trie would consume 12KB of memory, while reducing this size
would negatively impact resolver performance.

This commit implements an adaptive chunking strategy that:
 - Tracks the size of the most recently allocated chunk.
 - Doubles the chunk size for each new allocation until reaching a
   predefined maximum.

This approach effectively balances memory efficiency for small tries
while maintaining the performance benefits of larger chunk sizes for
bigger data structures.

This commit also splits the callback freeing qpmultis into two
phases, one that frees the underlying qptree, and one that reclaims
the qpmulti memory. In order to prevent races between the qpmulti
destructor and chunk garbage collection jobs, the second phase is
protected by reference counting.

(cherry picked from commit 70b1777d8a)
2025-08-05 12:48:19 +02:00
Matthijs Mekking
39ad2016c1 [9.20] fix: usr: Add RPZ extended DNS error for zones with a CNAME override policy configured
When the zone is configured with a CNAME override policy, or the response policy zone contains a wildcard CNAME, the extended DNS error code was not added. This has been fixed.

Closes #5342

Backport of MR !10777

Merge branch 'backport-5342-rpz-cname-override-ede-not-added-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10819
2025-08-05 10:45:54 +00:00
Matthijs Mekking
1936303158 Add ede for zone with rpz cname override policy
When the zone is configured with a CNAME override policy, also add the
configured EDE code.

When the zone is contains a wildcard CNAME, also add the configured
EDE code.

(cherry picked from commit 2f70a0ef12)
2025-08-05 12:13:15 +02:00
Matthijs Mekking
7b9c524a5b Test adding ede with rpz cname override policy
When the zone is configured with a CNAME override policy, the EDE code
is not added as expected. Add a test case based on the issue in GitLab
(#5342).

When the zone contains a wildcard CNAME, the EDE code is not added as
expected. Also add a test case for this.

(cherry picked from commit 4ef00f97d6)
2025-08-05 12:13:15 +02:00
Mark Andrews
3b98c7cc9d [9.20] fix: usr: Prevent spurious validation failures
Under rare circumstances, validation could fail if multiple clients simultaneously iterated the same set of signatures.

References #3014

Backport of MR !5578

Merge branch 'backport-3014-validator-c-check_signer-fails-to-call-dns_rdataset_clone-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10815
2025-08-02 00:12:01 +10:00
Mark Andrews
f78430bb74 validator.c:check_signer now clones val->sigrdataset
Spurious validation failures were traced back to check_signer looping
over val->sigrdataset directly.  Cloning val->sigrdataset prevents
check_signer from interacting with callers that are also looping
over val->sigrdataset.

(cherry picked from commit 8aa130f253)
2025-08-01 21:56:33 +10:00
Petr Špaček
056d41166a [9.20] chg: ci: Log packages, test AlmaLinux 9
Backport of MR !10799

Merge branch 'backport-pspacek/ci-platforms-and-logging-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10806
2025-07-31 12:21:25 +00:00
Petr Špaček
6659c84f72 Log all installed system packages and Python libraries before build
(cherry picked from commit e702e09143)
2025-07-31 12:21:18 +00:00
Petr Špaček
8dcdf15de4 Run MR pipelines also on AlmaLinux 9
Turns out Python version there is older than elsewhere.

(cherry picked from commit 8c71989a45)
2025-07-31 12:21:18 +00:00
Michal Nowak
20b189178a [9.20] fix: ci: Revert "Capture scripts for Coverity Scan analysis"
This reverts commit b4a2674d98.

The --fs-capture-search option is no more. The ability to analyse Python
scripts in Coverity turned out to be questionable anyways.

Closes #5456

Backport of MR !10808

Merge branch 'backport-5456-coverity-scan-drop-fs-capture-search-option-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10810
2025-07-31 13:22:49 +02:00
Michal Nowak
2bfb7cc5b0 Revert "Capture scripts for Coverity Scan analysis"
This reverts commit b4a2674d98.

The --fs-capture-search option is no more. The ability to analyse Python
scripts in Coverity turned out to be questionable anyways.

(cherry picked from commit 310884c259)
2025-07-31 12:51:39 +02:00
Petr Špaček
515aeb828a [9.20] Fix system test compatibility with old Python
Backport of MR !10797

Merge branch 'backport-pspacek/test-compatibility-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10802
2025-07-30 14:38:54 +00:00
Petr Špaček
2dd7144e70 Fix compatibility with Python < 3.10
Dataclass kw_only argument was added only in Python 3.10 but EL9 image
has only 3.9.21.

(cherry picked from commit b0c7f8b598)
2025-07-30 14:36:38 +00:00
Petr Špaček
b19bc50ef0 Fix minimal dnspython version test
Wrong version number was uncovered by Ubuntu 22.04 Jammy which actually
has dnspython 2.1.0.

(cherry picked from commit 6ae224fc9c)
2025-07-30 14:36:38 +00:00
Evan Hunt
4bf7d412ff [9.20] new: test: add helper functions to isctest
added some helper functions in isctest to reduce code repetition
in dnssec-related tests:

- isctest.check.adflag() - checks that a response contains AD=1
- isctest.check.noadflag() - checks that a response contains AD=0

- isctest.check.rdflag() - checks that a response contains RD=1
- isctest.check.nordflag() - checks that a response contains RD=0

- isctest.check.raflag() - checks that a response contains RA=1
- isctest.check.noraflag() - checks that a response contains RA=0

- isctest.check.rr_count_eq() - checks the number of RRsset in a section

- isctest.check.same_data() - checks that two message have the
                              same rcode and data
- isctest.check.same_answer() - checks that two message have the same
                                rcode and answer

- isctest.query.create() - a wrapper for dns.message.make_query() that
                           creates a query message similar to dig +dnssec

Backport of MR !10760

Merge branch 'backport-each-isctest-helpers-9.20' into 'bind-9.20'

See merge request isc-projects/bind9!10793
2025-07-30 00:02:38 +00:00
Evan Hunt
9dcfe0ee1a Use isctest.query.create across system tests
Rather than using the dnspython's facilities and defaults to create the
queries, use the isctest.query.create function in all the cases that
don't require special handling to have consistent defaults.

(cherry picked from commit 64143ea077)
2025-07-29 16:02:32 -07:00
Nicki Křížek
9decbd88a3 Add RA flag checks to isctest.check
(cherry picked from commit f2a4c5dcb0)
2025-07-29 22:58:06 +00:00
Nicki Křížek
a26f1e4f27 Refactor and move query helper to isctest.query.create
Make the query helper function more universal and reusable across our
system tests -- default to using EDNS and sending AD=1.

(cherry picked from commit 989e64b9b0)
2025-07-29 22:58:06 +00:00
Nicki Křížek
070197b884 Unify RR counting in isctest.check helper
Use a common function to count the number of RRs in any section of the
DNS message. For the ADDITIONAL section, stick with the dnspython
convention of not including OPT and TSIG.

(cherry picked from commit efd60348b9)
2025-07-29 22:58:06 +00:00
Nicki Křížek
dc8884d894 Refactor isctest.check.section_equal comparison
Use the same logic as dnspython uses in dns.message.Message.

(cherry picked from commit b24dd20e5a)
2025-07-29 22:58:06 +00:00
Evan Hunt
3a3bcd5aa1 add helper functions to isctest
added some helper functions in isctest to reduce code repetition
in dnssec-related tests:

- isctest.check.adflag() - checks that a response contains AD=1
- isctest.check.noadflag() - checks that a response contains AD=0

- isctest.check.rdflag() - checks that a response contains RD=1
- isctest.check.nordflag() - checks that a response contains RD=0

- isctest.check.answer_count_eq() - checks the answer count is correct
- isctest.check.additional_count_eq() - same for authority count
- isctest.check.authority_count_eq() - same for additional count

- isctest.check.same_data() - check that two message have the
                              same rcode and data
- isctest.check.same_answer() - check that two message have the same
                                rcode and answer

- isctest.dnssec.msg() - a wrapper for dns.message.make_query() that
                         creates a query message similar to dig +dnssec:
                         use_edns=True, want_dnssec=True,
                         and flags are set to (RD|AD) by default, but
                         options exist to disable AD or enable CD.
                         (to generate non-DNSSEC queries, use
                         message.make_query() directly.)

(cherry picked from commit b69097f139)
2025-07-29 22:58:06 +00:00