2
0
mirror of https://gitlab.isc.org/isc-projects/bind9 synced 2025-08-31 14:35:26 +00:00
Commit Graph

35552 Commits

Author SHA1 Message Date
Matthijs Mekking
fd5e39cc76 Fix typo in DNSSEC guide parental-agents example
The example will not load because of the typo, the comma should be a
semicolon.
2022-02-22 11:48:28 +01:00
Michał Kępień
39730a503d Merge branch 'michal/handle-fctx-in-FCTXTRACE-macro-stubs' into 'main'
Add "UNUSED(fctx);" to FCTXTRACE*() macro stubs

See merge request isc-projects/bind9!5867
2022-02-21 09:53:26 +00:00
Michał Kępień
b645e28167 Add "UNUSED(fctx);" to FCTXTRACE*() macro stubs
Commit b6d40b3c4e removed most uses of the
'fctx' variable from the rctx_dispfail() function: it is now only needed
by the FCTXTRACE3() macro.  However, when --enable-querytrace is not in
effect, that macro evaluates to a list of UNUSED() macros that does not
include "UNUSED(fctx);".  This triggers the following compilation
warning when building without --enable-querytrace:

    resolver.c: In function 'rctx_dispfail':
    resolver.c:7888:21: warning: unused variable 'fctx' [-Wunused-variable]
     7888 |         fetchctx_t *fctx = rctx->fctx;
          |                     ^~~~

Fix by adding "UNUSED(fctx);" lines to all FCTXTRACE*() macros.  This is
safe to do because all of those macros use the 'fctx' local variable, so
there is no danger of introducing new errors caused by use of undeclared
identifiers.
2022-02-21 10:50:38 +01:00
Ondřej Surý
d0c2113693 Merge branch '3140-make-keep-response-order-obsolete' into 'main'
Declare the keep-response-order obsolete

Closes #3140

See merge request isc-projects/bind9!5852
2022-02-18 21:37:39 +00:00
Ondřej Surý
f216eb0d64 Add CHANGES and release note for [GL #3140] 2022-02-18 09:16:03 +01:00
Ondřej Surý
ddd5b0ff89 Downgrade -Wstringop-overread from error to warning
Due to a bug in gcc-11, the build fails when AddressSanitizer is
enabled.  Downgrading the -Wstringop-overread to just a warning in the
gcc:asan build allows the code to compile.
2022-02-18 09:16:03 +01:00
Ondřej Surý
30fda4cb52 Remove the keep-response-order system test
Remove the keep-response-order from the system test and cleanup the
pipelined system test to be shell check clean and use the helper
functions.
2022-02-18 09:16:03 +01:00
Ondřej Surý
d01562f22b Remove the keep-response-order ACL map
The keep-response-order option has been obsoleted, and in this commit,
remove the keep-response-order ACL map rendering the option no-op, the
call the isc_nm_sequential() and the now unused isc_nm_sequential()
function itself.
2022-02-18 09:16:03 +01:00
Ondřej Surý
30f4bdb17e Declare the keep-response-order obsolete
The keep-response-order option has been introduced when TCP pipelining
has been introduced to BIND 9 as a failsafe for possibly non-compliant
clients.

Declare the keep-response-order obsolete as all DNS clients should
either support out-of-order processing or don't send more DNS queries
until the DNS response for the previous one has been received.
2022-02-17 16:49:56 -08:00
Evan Hunt
b215018067 Merge branch '3141-remove-the-artificial-stream-clients-limit' into 'main'
Remove the limit on the number of simultaneous TCP queries

Closes #3141

See merge request isc-projects/bind9!5851
2022-02-18 00:40:45 +00:00
Ondřej Surý
2bcf5a5315 Add CHANGES and release note for [GL #3141] 2022-02-17 16:20:42 -08:00
Ondřej Surý
4f5b4662b6 Remove the limit on the number of simultaneous TCP queries
There was an artificial limit of 23 on the number of simultaneous
pipelined queries in the single TCP connection.  The new network
managers is capable of handling "unlimited" (limited only by the TCP
read buffer size ) queries similar to "unlimited" handling of the DNS
queries receive over UDP.

Don't limit the number of TCP queries that we can process within a
single TCP read callback.
2022-02-17 16:19:12 -08:00
Ondřej Surý
306a3c0803 Merge branch '1897-fix-max-transfer-timeouts' into 'main'
Reimplement the max-transfer-time-out and max-transfer-idle-out

Closes #1897

See merge request isc-projects/bind9!5850
2022-02-17 21:01:24 +00:00
Ondřej Surý
987ad32fac Add CHANGES and release note for [GL #1897] 2022-02-17 21:38:37 +01:00
Ondřej Surý
8fed1b6461 Add XFR max-transfer-time-out and max-tranfer-idle-out system tests
Extend the timeouts system test to ensure that the maximum outgoing
transfer time (max-transfer-time-out) and maximum outgoing transfer idle
time (max-transfer-idle-out) works as expected.  This is done by
lowering the limits to 5/1 minutes and testing that the connection has
been dropped while sleeping between the individual XFR messages.
2022-02-17 21:38:17 +01:00
Ondřej Surý
8643bbab84 Reimplement the max-transfer-time-out and max-transfer-idle-out
While refactoring the libns to use the new network manager, the
max-transfer-*-out options were not implemented and they were turned
non-operational.

Reimplement the max-transfer-idle-out functionality using the write
timer and max-transfer-time-out using the new isc_nm_timer API.
2022-02-17 21:38:17 +01:00
Ondřej Surý
037549c405 Remove unused client->shutdown and client->shutdown_arg
While refactoring the lib/ns/xfrout.c, it was discovered that .shutdown
and .shutdown_arg members of ns_client_t structure are unused.

Remove the unused members and associated code that was using in it in
the ns_xfrout.
2022-02-17 21:38:17 +01:00
Ondřej Surý
3c7b04d015 Add network manager based timer API
This commits adds API that allows to create arbitrary timers associated
with the network manager handles.
2022-02-17 21:38:17 +01:00
Evan Hunt
63f3ad3e3c Merge branch '2486-verify-journals' into 'main'
make dnssec-verify and dnssec-signzone read journal files

Closes #2486

See merge request isc-projects/bind9!5801
2022-02-17 20:28:12 +00:00
Evan Hunt
53bc8905ab CHANGES and release note for [GL #2486] 2022-02-17 12:03:18 -08:00
Evan Hunt
08c2728ed1 add a test for dnssec-signzone -J
generate a journal file, and load it in dnssec-signzone.
2022-02-17 12:03:05 -08:00
Evan Hunt
4d2f5754af add a test for dnssec-verify -J
generate a journal file and confirm that dnssec-verify is able
to load it.
2022-02-17 12:03:05 -08:00
Evan Hunt
d2597e3496 support $INCLUDE in makejournal
bin/tests/system/makejournal needs to ignore DNS_R_SEENINCLUDE
when calling dns_db_load(), otherwise it cannot generate a journal
for a zone file with a $INCLUDE statement.
2022-02-17 12:03:05 -08:00
Evan Hunt
c3fd94cd4d make dnssec-verify and dnssec-signzone read journal files
add a -J option to dnssec-verify and dnssec-signzone to read
a specified journal file when loading a zone.
2022-02-17 12:03:01 -08:00
Ondřej Surý
08026c7ded Merge branch '3149-drop-TCP-connection-when-garbage-is-received' into 'main'
Reset the TCP connection when garbage is received

Closes #3149

See merge request isc-projects/bind9!5849
2022-02-17 20:01:08 +00:00
Ondřej Surý
9f1c439335 Add CHANGES and release note for [GL #3149] 2022-02-17 20:39:55 +01:00
Ondřej Surý
ebfdb50ac7 Add TCP garbage system test
Test if the TCP connection gets reset when garbage instead of DNS
message is sent.

I'm only happy when it rains
Pour some misery down on me
- Garbage
2022-02-17 20:39:55 +01:00
Ondřej Surý
4716c56ebb Reset the TCP connection when garbage is received
When invalid DNS message is received, there was a handling mechanism for
DoH that would be called to return proper HTTP response.

Reuse this mechanism and reset the TCP connection when the client is
blackholed, DNS message is completely bogus or the ns_client receives
response instead of query.
2022-02-17 20:39:55 +01:00
Ondřej Surý
0697288b9d Merge branch '3133-tcp-error-handling' into 'main'
correct TCP error condition handling in dispatch

Closes #3133

See merge request isc-projects/bind9!5810
2022-02-17 10:41:14 +00:00
Evan Hunt
1b25b76921 Add CHANGES note for [GL #3133] 2022-02-17 10:02:38 +01:00
Evan Hunt
b6d40b3c4e correct TCP error handling in dispatch and resolver
- certain TCP result codes, including ISC_R_EOF and
  ISC_R_CONNECTIONRESET, were being mapped to ISC_R_SHUTTINGDOWN
  before calling the response handler in tcp_recv_cancelall().
  the result codes should be passed through to the response handler
  without being changed.

- the response handlers, resquery_response() and req_response(), had
  code to return immediately if encountering ISC_R_EOF, but this is
  not the correct behavior; that should only happen in the case of
  ISC_R_CANCELED when it was the caller that canceled the operation

- ISC_R_CONNECTIONRESET was not being caught in rctx_dispfail().

- removed code in rctx_dispfail() to retry queries without EDNS
  when receiving ISC_R_EOF; this is now treated the same as any
  other connection failure.
2022-02-17 09:59:12 +01:00
Ondřej Surý
ae4cd57ed5 Merge branch '3132-add-send-timeout' into 'main'
Add timeout when writing TCP data

Closes #3132

See merge request isc-projects/bind9!5848
2022-02-17 08:45:17 +00:00
Ondřej Surý
0c35bda762 Add CHANGES and release note for [GL #3132] 2022-02-17 09:07:43 +01:00
Ondřej Surý
ee359d6ffa Update writetimeout to be T_IDLE in netmgr_test.c
Use the isc_nmhandle_setwritetimeout() function in the netmgr unit test
to allow more time for writing and reading the responses because some of
the intervals that are used in the unit tests are really small leaving a
little room for any delays.
2022-02-17 09:06:58 +01:00
Ondřej Surý
a89d9e0fa6 Add isc_nmhandle_setwritetimeout() function
In some situations (unit test and forthcoming XFR timeouts MR), we need
to modify the write timeout independently of the read timeout.  Add a
isc_nmhandle_setwritetimeout() function that could be called before
isc_nm_send() to specify a custom write timeout interval.
2022-02-17 09:06:58 +01:00
Ondřej Surý
b735182ae0 Add TCP write timeout system test
Extend the timeouts system test that bursts the queries for large TXT
record and never read any responses back filling up the server TCP write
buffer.  The test should work with the default wmem_max value on
Linux (208k).
2022-02-17 09:06:58 +01:00
Ondřej Surý
408b362169 Add TCP, TCPDNS and TLSDNS write timer
When the outgoing TCP write buffers are full because the other party is
not reading the data, the uv_write() could wait indefinitely on the
uv_loop and never calling the callback.  Add a new write timer that uses
the `tcp-idle-timeout` value to interrupt the TCP connection when we are
not able to send data for defined period of time.
2022-02-17 09:06:58 +01:00
Ondřej Surý
cd3b58622c Add uv_tcp_close_reset compat
The uv_tcp_close_reset() function was added in libuv 1.32.0 and since we
support older libuv releases, we have to add a shim uv_tcp_close_reset()
implementation loosely based on libuv.
2022-02-17 09:06:58 +01:00
Ondřej Surý
45a73c113f Rename sock->timer to sock->read_timer
Before adding the write timer, we have to remove the generic sock->timer
to sock->read_timer.  We don't touch the function names to limit the
impact of the refactoring.
2022-02-17 09:06:58 +01:00
Evan Hunt
92338f2e29 Merge branch '3157-blackhole-request' into 'main'
negative match on the 'blackhole' ACL could be treated as positive

Closes #3157

See merge request isc-projects/bind9!5853
2022-02-17 06:19:51 +00:00
Evan Hunt
04361b0ad5 CHANGES and release note for [GL #3157] 2022-02-16 19:05:56 -08:00
Evan Hunt
4444b168db negative 'blackhole' ACL match could be treated as positive
There was a bug in the checking of the "blackhole" ACL in
dns_request_create*(), causing an address to be treated as included
in the ACL if it was explicitly *excluded*. Thus, leaving "blackhole"
unset had no effect, but setting it to "none" would cause any
destination addresses to be rejected for dns_request purposes. This
would cause zone transfer requests and SOA queries to fail, among
other things.

The bug has been fixed, and "blackhole { none; };" was added to the
xfer system test as a regression test.
2022-02-16 19:05:06 -08:00
Michał Kępień
5fbbc312a7 Merge branch '3139-log-the-result-of-each-resolver-priming-attempt' into 'main'
Log the result of each resolver priming attempt

Closes #3139

See merge request isc-projects/bind9!5812
2022-02-16 12:27:18 +00:00
Michał Kępień
39df399d9f Add CHANGES entry for [GL #3139] 2022-02-16 13:26:12 +01:00
Michał Kępień
f286c845b0 Log the result of each resolver priming attempt
When a resolver priming attempt completes, the following message is
currently logged:

    resolver priming query complete

This message is identical for both successful and failed priming
attempts.  Consider the following log excerpts:

  - successful priming attempt:

        10-Feb-2022 11:33:11.272 all zones loaded
        10-Feb-2022 11:33:11.272 running
        10-Feb-2022 11:33:19.722 resolver priming query complete

  - failed priming attempt:

        10-Feb-2022 11:33:29.978 all zones loaded
        10-Feb-2022 11:33:29.978 running
        10-Feb-2022 11:33:38.432 timed out resolving '_.org/A/IN': 2001:500:9f::42#53
        10-Feb-2022 11:33:38.522 timed out resolving './NS/IN': 2001:500:9f::42#53
        10-Feb-2022 11:33:42.132 timed out resolving '_.org/A/IN': 2001:500:12::d0d#53
        10-Feb-2022 11:33:42.285 timed out resolving './NS/IN': 2001:500:12::d0d#53
        10-Feb-2022 11:33:44.685 resolver priming query complete

Include the result of each priming attempt in the relevant log message
to give the administrator better insight into named's resolver priming
process.
2022-02-16 13:26:12 +01:00
Ondřej Surý
1e7d666bf5 Merge branch 'ondrej/add-UV_RUNTIME_CHECK-macro' into 'main'
Add UV_RUNTIME_CHECK() macro to print uv_strerror()

See merge request isc-projects/bind9!5838
2022-02-16 10:45:32 +00:00
Ondřej Surý
62bd5cb08c Add semantic patch to keep UV_RUNTIME_CHECK in sync
The UV_RUNTIME_CHECK() macro requires to keep the function name in sync
like this:

    r = func(...);
    UV_RUNTIME_CHECK(func, r);

Add semantic patch to keep the function name and return variable in sync
with the previous line.
2022-02-16 11:16:57 +01:00
Ondřej Surý
8715be1e4b Use UV_RUNTIME_CHECK() as appropriate
Replace the RUNTIME_CHECK() calls for libuv API calls with
UV_RUNTIME_CHECK() to get more detailed error message when
something fails and should not.
2022-02-16 11:16:57 +01:00
Ondřej Surý
62e15bb06d Add UV_RUNTIME_CHECK() macro to print uv_strerror()
When libuv functions fail, they return correct return value that could
be useful for more detailed debugging.  Currently, we usually just check
whether the return value is 0 and invoke assertion error if it doesn't
throwing away the details why the call has failed.  Unfortunately, this
often happen on more exotic platforms.

Add a UV_RUNTIME_CHECK() macro that can be used to print more detailed
error message (via uv_strerror() before ending the execution of the
program abruptly with the assertion.
2022-02-16 11:16:57 +01:00
Ondřej Surý
f4ae230d41 Merge branch 'ondrej/remove-dns_timer-API' into 'main'
Remove unused dns_timer API

See merge request isc-projects/bind9!5818
2022-02-16 09:51:36 +00:00