2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-30 05:57:52 +00:00

36356 Commits

Author SHA1 Message Date
Aram Sargsyan
247ae534a0 Add a system test to check catalog zones with non-IN rdata class fail
According to DNS catalog zones draft version 5 document, the CLASS field
of every RR in a catalog zone MUST be IN.

Add a new check in the catz system test to verify that a non-IN class
catalog zone (in this case CH) fails to load.

BIND does not support having a non-IN class RR in an IN class zone, or
non-IN class zone in an IN class view, so to verify that BIND respects
the mentioned restriction we must try to add a non-IN class catalog
zone and check that it didn't succeed.

The `named` configuration files had to be restructured to put all the
zones inside views, which also resulted in some corresponding changes
in the tests.sh script.
2022-04-28 12:40:03 +00:00
Aram Sargsyan
dfd5a01eba Add a new warning message when processing view configuration
When parsing the configuration file, log a warning message in
configure_view() function when encountering a `catalog-zones`
option in a view with non-IN rdata class.
2022-04-28 12:37:30 +00:00
Aram Sargsyan
92d1e1e347 Add CHANGES note for [GL #3224] 2022-04-28 12:37:29 +00:00
Aram Sargsyan
a8228d5f19 Introduce the concept of broken catalog zones
The DNS catalog zones draft version 5 document describes various
situations when a catalog zones must be considered as "broken" and
not be processed.

Implement those checks in catz.c and add corresponding system tests.
2022-04-28 12:36:58 +00:00
Matthijs Mekking
8b506335cc Merge branch '2267-extended-errors-stale-data' into 'main'
Add stale answer extended errors

Closes #2267

See merge request isc-projects/bind9!6148
2022-04-28 09:33:40 +00:00
Matthijs Mekking
a320f4ed04 Add CHANGES and release notes for #2267 2022-04-28 09:58:51 +02:00
Matthijs Mekking
c66b9abc0b Add stale answer extended errors
Add DNS extended errors 3 (Stale Answer) and 19 (Stale NXDOMAIN Answer)
to responses. Add extra text with the reason why the stale answer was
returned.

To test, we need to change the configuration such that for the first
set of tests the stale-refresh-time window does not interfer with the
expected extended errors.
2022-04-28 09:58:25 +02:00
Ondřej Surý
c5beb2b7d0 Merge branch 'ondrej-zone.c-refactor-me-into-__func__' into 'main'
In zone.c, use __func__ instead of hand-crafted me strings

See merge request isc-projects/bind9!6197
2022-04-28 07:28:59 +00:00
Ondřej Surý
196ec365c7 In zone.c, use __func__ instead of hand-crafted me strings
In zone.c, the "me" strings were defined for functions that could be
traced with "ENTER" macro.

Use the __func__ that's defined by the compiler and is less prone to
copy&paste errors.
2022-04-28 09:18:05 +02:00
Evan Hunt
fcb3373269 Merge branch '3272-shutdown-deadlock' into 'main'
prevent a deadlock in the shutdown system test

Closes #3272

See merge request isc-projects/bind9!6205
2022-04-28 06:56:20 +00:00
Evan Hunt
6bcf3e5c31 CHANGES for [GL #3272] 2022-04-27 23:26:09 -07:00
Evan Hunt
5c4cf3fcc4 prevent a deadlock in the shutdown system test
The shutdown test sends 'rdnc status' commands in parallel with
'rndc stop' A new rndc connection arriving will reference the ACL
environment to see whether the client is allowed to connect.
Commit c0995bc380 added a mutex lock to ns_interfacemgr_getaclenv(),
but if the new connection arrives while the interfaces are being
purged during shutdown, that lock is already being held. If the
the connection event slips in ahead of one of the netmgr's "stop
listening" events on a worker thread, a deadlock can occur.

The fix is not to hold the interfacemgr lock while shutting down
interfaces; only while actually traversing the interface list to
identify interfaces needing shutdown.
2022-04-27 23:25:57 -07:00
Mark Andrews
dbafb3bdd0 Merge branch 'marka-placeholder' into 'main'
Add placeholder for !6157

See merge request isc-projects/bind9!6206
2022-04-28 06:07:30 +00:00
Mark Andrews
f651b852f3 Add placeholder for !6157 2022-04-28 16:01:27 +10:00
Evan Hunt
85e362360a Merge branch '2969-refactor-fctx_done' into 'main'
refactor fctx_done() to set fctx to NULL

Closes #2969

See merge request isc-projects/bind9!6188
2022-04-27 20:30:00 +00:00
Evan Hunt
f8c0cabca1 CHANGES for [GL #2969] 2022-04-27 10:54:28 -07:00
Evan Hunt
7b2ea97e46 refactor resume_dsfetch()
clean up resume_dsfetch() so that the fctx reference counting is
saner and easier to follow.
2022-04-27 10:54:28 -07:00
Evan Hunt
d2f407cca3 refactor validated()
minor changes to ensure that fctx reference counting is clear and correct.
2022-04-27 10:54:28 -07:00
Evan Hunt
7c5afebcdc rename maybe_destroy() to maybe_cancel_validators()
the maybe_destroy() function no longer destroys the fctx,
so rename it and update the comments.
2022-04-27 10:54:28 -07:00
Evan Hunt
b4592d02a1 refactor fctx_done() to set fctx to NULL
previously fctx_done() detached the fctx but did not clear the pointer
passed into it from the caller.  in some conditions, when rctx_done()
was reached while waiting for a validator to complete, fctx_done()
could be called twice on the same fetch, causing a double detach.

fctx_done() now clears the fctx pointer, to reduce the chances of
such mistakes.
2022-04-27 10:54:28 -07:00
Artem Boldariev
02177be39b Merge branch '3274-fix-test-server-for-solaris' into 'main'
Rename yield() to the test_server_yield()

Closes #3274

See merge request isc-projects/bind9!6122
2022-04-27 17:05:51 +00:00
Artem Boldariev
6b56dc56c8 Rename yield() to the test_server_yield()
This commit ensures that the test_server binary will build on Solaris,
which has yield() definition within 'unistd.h'.
2022-04-27 19:58:38 +03:00
Arаm Sаrgsyаn
51edc7f5c0 Merge branch '3300-dispatch-udp_recv-handle-deactivated-resp-returning-success' into 'main'
Handle ISC_R_SUCCESS on a deactivated response in udp_recv()

Closes #3300

See merge request isc-projects/bind9!6194
2022-04-27 16:34:34 +00:00
Aram Sargsyan
bbdd139e20 Add CHANGES note for [GL #3300] 2022-04-27 15:53:52 +00:00
Aram Sargsyan
e3a88862c0 Handle ISC_R_SUCCESS on a deactivated response in udp_recv()
There is a possibility for `udp_recv()` to be called with `eresult`
being `ISC_R_SUCCESS`, but nevertheless with already deactivated `resp`,
which can happen when the request has been canceled in the meantime.
2022-04-27 15:53:14 +00:00
Artem Boldariev
f22094d485 Merge branch '3271-tlsdns-call-write-callbacks-after-send' into 'main'
TLSDNS: call send callbacks only after the data was sent

Closes #3271

See merge request isc-projects/bind9!6128
2022-04-27 15:37:04 +00:00
Artem Boldariev
978f97dcdd TLSDNS: call send callbacks after only the data was sent
This commit ensures that write callbacks are getting called only after
the data has been sent via the network.

Without this fix, a situation could appear when a write callback could
get called before the actual encrypted data would have been sent to
the network. Instead, it would get called right after it would have
been passed to the OpenSSL (i.e. encrypted).

Most likely, the issue does not reveal itself often because the
callback call was asynchronous, so in most cases it should have been
called after the data has been sent, but that was not guaranteed by
the code logic.

Also, this commit removes one memory allocation (netievent) from a hot
path, as there is no need to call this callback asynchronously
anymore.
2022-04-27 17:44:23 +03:00
Artem Boldariev
f83f8b065b Merge branch '3285-dig-do-not-hang-on-tlsctx-errors' into 'main'
Dig: do not hang on TLS context creation errors (Resolve #3285)

Closes #3285

See merge request isc-projects/bind9!6131
2022-04-27 14:02:03 +00:00
Artem Boldariev
1ec84f8d8d Update CHANGES [GL #3285]
Mention that dig hanging on TLS context creation errors has been
fixed.
2022-04-27 16:29:00 +03:00
Artem Boldariev
5db2838abb Dig: do not hang on TLS context creation errors
There was a query_detach() call missing in dig, which could lead to
dig hanging on TLS context creation errors. This commit fixes.

The error was introduced because the Strict TLS implementation was
initially made over an older version of the code, where this extra
query_detach() call was not needed.
2022-04-27 16:28:23 +03:00
Petr Špaček
19b9c2ecf7 Merge branch 'pspacek/pin-sphinx-packages-for-rtd' into 'main'
Pin Sphinx related package versions to match ReadTheDocs and our CI

See merge request isc-projects/bind9!6190
2022-04-27 12:34:38 +00:00
Petr Špaček
6088ba3837
Pin Sphinx related package versions to match ReadTheDocs and our CI
This seems to be most appropriate way to ensure consistency between
release tarballs and public presentation on ReadTheDocs.

Previous attempt with removing docutils constraint, which relied on pip
depedency solver to pick the same packages as in CI was flawed. RTD
installs a bit different set of packages so it was inherently
unreliable.

As a result RTD pulled in sphinx-rtd-theme==0.4.3 while CI
had 1.0.0, and this inconsistency caused Table of Contents in Release
Notes to render incorrectly. Previous solution was to downgrade
docutils to < 0.17, but I think we should rather pin exact versions.

For the long history of messing with versions read also
isc-projects/bind9@2a8eda0084
isc-projects/images@d4435b97be
isc-projects/bind9@6a2daddf5b
2022-04-27 14:33:45 +02:00
Tony Finch
4b7d86f5a9 Merge branch 'fanf-rbt-demacro' into 'main'
Reduce rbt macrology

See merge request isc-projects/bind9!6158
2022-04-27 12:05:30 +00:00
Tony Finch
a497858775 CHANGES note for [GL !6158]
[cleanup]	Remove redundant macros in the RBT implementation.
2022-04-27 11:05:53 +01:00
Tony Finch
72b23aafd2 Apply clang-format to rbt.c
Giving the code a proper spring cleaning
2022-04-27 11:05:05 +01:00
Tony Finch
b0bf49726e Clean up a few rbt comments
Avoid HTML entities, and describe what a function does
instead of explaining why it used to be a macro.
2022-04-27 11:05:05 +01:00
Tony Finch
084f146946 Fix style of a function name in rbt.c
Mechanically generated with:

:; spatch --no-show-diff --in-place --sp-file <<END lib/dns/rbt.c
@@ expression node, name; @@
- NODENAME(node, name)
+ node_name(node, name)
@@ parameter list params; @@
  static void
- NODENAME(params)
+ node_name(params)
  { ... }
END
2022-04-27 11:05:05 +01:00
Tony Finch
8adae2d813 Remove redundant rbt macro definitions
After the previous commit, these macros are no longer used.
2022-04-27 11:05:05 +01:00
Tony Finch
bee1c91b0a Remove do-nothing rbt macro calls
Pointer chasing reads better like left->right instead of RIGHT(left)

Mechanically generated with:

:; spatch --no-show-diff --in-place --sp-file <<END lib/dns/rbt.c
@@ expression node; @@
- PARENT(node)
+ node->parent
@@ expression node; @@
- LEFT(node)
+ node->left
@@ expression node; @@
- RIGHT(node)
+ node->right
@@ expression node; @@
- DOWN(node)
+ node->down
@@ expression node; @@
- UPPERNODE(node)
+ node->uppernode
@@ expression node; @@
- DATA(node)
+ node->data
@@ expression node; @@
- IS_EMPTY(node)
+ node->data == NULL
@@ expression node; @@
- HASHNEXT(node)
+ node->hashnext
@@ expression node; @@
- HASHVAL(node)
+ node->hashval
@@ expression node; @@
- COLOR(node)
+ node->color
@@ expression node; @@
- NAMELEN(node)
+ node->namelen
@@ expression node; @@
- OLDNAMELEN(node)
+ node->oldnamelen
@@ expression node; @@
- OFFSETLEN(node)
+ node->offsetlen
@@ expression node; @@
- ATTRS(node)
+ node->attributes
@@ expression node; @@
- IS_ROOT(node)
+ node->is_root
@@ expression node; @@
- FINDCALLBACK(node)
+ node->find_callback
@@ expression node; @@
- DIRTY(node)
+ node->dirty
@@ expression node; @@
- WILD(node)
+ node->wild
@@ expression node; @@
- LOCKNUM(node)
+ node->locknum
@@ expression node; @@
- MAKE_RED(node)
+ node->color = RED
@@ expression node; @@
- MAKE_BLACK(node)
+ node->color = BLACK
END
2022-04-27 11:05:05 +01:00
Ondřej Surý
fcab10a26e Merge branch '3299-fix-AX_PROG_CC_FOR_BUILD-macro' into 'main'
Fix the cached value of ac_cv_c_compiler_gnu

Closes #3299

See merge request isc-projects/bind9!6183
2022-04-26 13:47:11 +00:00
Ondřej Surý
4a9f899b5c Fix the cached value of ac_cv_c_compiler_gnu
There was an error in AX_PROG_CC_FOR_BUILD macro that cached literal
name of the cache variable `saved_ac_cv_c_compiler_gnu` instead of the
value of said variable breaking the consecutive runs of ./configure
script with caching enabled.
2022-04-26 15:45:47 +02:00
Petr Špaček
ba198b1979 Merge branch 'pspacek/rtd-requirements-update' into 'main'
Fix mismatch between docutils version in CI and ReadTheDocs

See merge request isc-projects/bind9!6182
2022-04-26 13:33:12 +00:00
Petr Špaček
2a8eda0084
Fix mismatch between docutils version in CI and ReadTheDocs
Currently our CI images we use to build docs (which subsequently get
into release tarballs) are using docutils 0.17.1, which is latest version
which fulfills Sphinx 4.5.0 requirement for docutils < 0.18.

The old requirement for docutils < 0.17 was causing discrepancy between
the way we build release artifacts and the docs on ReadTheDocs.org which
uses doc/arm/requirements.txt from our repo.

Remove the limit for RDT with hope that it will pull latest permissible
version of docutils.

For the long history of messing with docutils version read also
isc-projects/images@d4435b97be
isc-projects/bind9@6a2daddf5b
2022-04-26 14:28:11 +02:00
Ondřej Surý
31f1eab8be Merge branch '3288-adb-cancelfind-race' into 'main'
lock find when unlinking adbname->finds in dns_adb_cancelfind()

Closes #3288

See merge request isc-projects/bind9!6141
2022-04-26 11:34:44 +00:00
Evan Hunt
a1e9a59e2b lock find when unlinking adbname->finds in dns_adb_cancelfind()
In dns_adb_cancelfind(), we need to release the find lock and
then acquire the bucket and find locks in that order, for
consistency with locking hierarchy elsehwere. Previously we
were only acquiring the bucket lock.

Also rewrote the function for better readability.
2022-04-26 12:59:59 +02:00
Petr Špaček
227b488418 Merge branch '3301-support-sphinx-149' into 'main'
Split negative and positive dig/mdig/delv options to support Sphinx 1.4.9

Closes #3301

See merge request isc-projects/bind9!6175
2022-04-26 10:43:28 +00:00
Petr Špaček
ac0c2378ca
Add hyperlinks to dig/mdig/delv +options 2022-04-26 12:43:13 +02:00
Petr Špaček
0342dddce7
Split negative and positive dig/mdig/delv options to support Sphinx 1.4.9
Man pages for dig/mdig/delv used `.. option:: +[no]bla` to describe two
options at once, and very old Sphinx does not support that [] in option
names.

Solution is to split negative and positive options into `+bla, +nobla`
form. In the end it improves readability because it transforms hard to
read strings with double brackets from
`+[no]subnet=addr[/prefix-length]` to
`+subnet=addr[/prefix-length], +nosubnet`.

As a side-effect it also allows easier linking to dig/mdig/delv options
using their name directly instead of always overriding the link target
to `+[no]bla` form.

Transformation was done using regex:
    s/:: +\[no\]\(.*\)/:: +\1, +no\1
... and manual review around occurences matching regex
    +no.*=

Fixes: #3301
2022-04-26 12:43:09 +02:00
Ondřej Surý
0d90b40bd2 Merge branch '835-use-UV_UDP_LINUX_RECVERR-to-detect-destination-unreachable' into 'main'
Set IP(V6)_RECVERR on connect UDP sockets (via libuv)

Closes #835

See merge request isc-projects/bind9!6171
2022-04-26 10:41:08 +00:00
Ondřej Surý
834a2ddb4e Add CHANGES note for [GL #4251] 2022-04-26 12:22:18 +02:00