upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-26 11:22:52 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Prepare changelog for BIND 9.21.14

Browse source
This commit is contained in:
Michał Kępień 2025-10-18 09:47:28 +02:00
parent a78f847fc8
commit a63db9857c
No known key found for this signature in database
3 changed files with 445 additions and 426 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/arm/changelog.rst
View file

@ -18,6 +18,7 @@ Changelog
development. Regular users should refer to :ref:`Release Notes <relnotes>`
for changes relevant to them.
.. include:: ../changelog/changelog-9.21.14.rst
.. include:: ../changelog/changelog-9.21.13.rst
.. include:: ../changelog/changelog-9.21.12.rst
.. include:: ../changelog/changelog-9.21.11.rst

429
doc/changelog/changelog-9.21.13.rst
View file

@ -12,430 +12,7 @@
BIND 9.21.13
------------
Security Fixes
~~~~~~~~~~~~~~
- [CVE-2025-8677] DNSSEC validation fails if matching but invalid DNSKEY
is found. ``1d851c23529``
Previously, if a matching but cryptographically invalid key was
encountered during DNSSEC validation, the key was skipped and not
counted towards validation failures. :iscman:`named` now treats such
DNSSEC keys as hard failures and the DNSSEC validation fails
immediately, instead of continuing with the next DNSKEYs in the RRset.
ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One
Security and Privacy Laboratory at Nankai University for bringing this
vulnerability to our attention. :gl:`#5343`
- [CVE-2025-40778] Address various spoofing attacks. ``7b95c382dbd``
Previously, several issues could be exploited to poison a DNS cache
with spoofed records for zones which were not DNSSEC-signed or if the
resolver was configured to not do DNSSEC validation. These issues were
assigned CVE-2025-40778 and have now been fixed.
As an additional layer of protection, :iscman:`named` no longer
accepts DNAME records or extraneous NS records in the AUTHORITY
section unless these are received via spoofing-resistant transport
(TCP, UDP with DNS cookies, TSIG, or SIG(0)).
ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin
Duan from Tsinghua University for bringing this vulnerability to our
attention. :gl:`#5414`
- [CVE-2025-40780] Cache-poisoning due to weak pseudo-random number
generator. ``6876753c7cc``
It was discovered during research for an upcoming academic paper that
a xoshiro128\*\* internal state can be recovered by an external 3rd
party, allowing the prediction of UDP ports and DNS IDs in outgoing
queries. This could lead to an attacker spoofing the DNS answers with
great efficiency and poisoning the DNS cache.
The internal random generator has been changed to a cryptographically
secure pseudo-random generator.
ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from
Hebrew University of Jerusalem for bringing this vulnerability to our
attention. :gl:`#5484`
New Features
~~~~~~~~~~~~
- Add extra tokens to the zone file name template. ``b449fa95005``
Extend the `$name`, `$view` and `$type` tokens (expanding into the
zone name, zone's view name and type); the new following tokens are
now also accepted:
- `$name` or `%s` is replaced with the zone name in lower case;
- `$type` or `%t` is replaced with the zone type -- i.e., primary,
secondary, etc);
- `$view` or `%v` is replaced with the view name;
- `$char1` or `%1` is replaced with the first character of the zone
name;
- `$char2` or `%2` is replaced with the second character of the zone
name (or a dot if there is no second character);
- `$char3` or `%3` is replaced with the third character of the zone
name (or a dot if there is no third character);
- `$label1` or `%z` is replaced with the toplevel domain of the zone
(or a dot if it is the root zone);
- `$label2` or `%y` is replaced with the next label under the toplevel
domain (or a dot if there is no next label);
- `$label3` or `%x` is replaced with the next-next label under the
toplevel domain (or a dot if there is no next-next label).
:gl:`#85` :gl:`!10779`
- Add support for synthetic records. ``cefed841046``
Add a query plugin which, in "reverse" mode, enables the server to
build a synthesized response to a PTR query when the PTR record
requested is not found in the zone. The dynamically-built name is
constructed from a static prefix (passed as a plugin parameter), the
IP address (extracted from the query name) and a suffix (also passed
as a plugin parameter). An `allow-synth` address-match list can be
used to limit the network addresses for which the plugin may generate
responses. The plugin can also be used in "forward" mode, to
build synthesized A/AAAA records from names using the same format as
the dynamically-built PTR names. The same parameters are used: the
plugin will react and answer a query if the name matches the
configured prefix and origin, and encodes an IP address that is within
`allow-synth`. :gl:`#1586` :gl:`!10348`
- Support for zone-specific plugins. ``65fa5693572``
Query plugins can now be configured at the `zone` level, as well as
globally or at the `view` level. A plugin's hooks are then called only
while that specific zone's database is being used to answer a query.
This simplifies the implementation of plugins that are only needed for
specific namespaces for which the server is authoritative. It can also
enable quicker responses, since plugins will only be called when they
are needed. :gl:`#5356` :gl:`!10483`
- Add dnssec-policy keys configuration check to named-checkconf.
``23a79b42ea4``
A new option `-k` is added to `named-checkconf` that allows checking
the `dnssec-policy` `keys` configuration against the configured key
stores. If the found key files are not in sync with the given
`dnssec-policy`, the check will fail.
This is useful to run before migrating to `dnssec-policy`. :gl:`#5486`
:gl:`!10907`
Removed Features
~~~~~~~~~~~~~~~~
- Remove randomized RRset ordering. ``014a05a2781``
The rrset-order random doesn't offer uniform distribution of all
permutations and it isn't superior to cyclic order in any way. Make
the random ordering an alias to the cyclic ordering. :gl:`#5513`
:gl:`!10912`
- Remove CHECK_FOR_GLUE_IN_ANSWER. ``7fa4cbedc50``
Macro CHECK_FOR_GLUE_IN_ANSWER is defined in `lib/dns/resolver.c`
only, documented nowhere and not exposed as build configuration. This
is valid at least for 9.21+, 9.20 and 9.18. Furthermore, it doesn't
compile anymore on 9.21+ with -DCHECK_FOR_GLUE_IN_ANSWER=1.
Considering it is very unlikely that anyone build named with this,
remove the code rather than fixing it. :gl:`#5538` :gl:`!11029`
- Remove orphan dns_loadmgr_t type. ``96855b5449f``
dns_loadmgr_t typedef is declared but never defines as well as a
pointer of this type in named_server_t. Removing it. :gl:`!10974`
Feature Changes
~~~~~~~~~~~~~~~
- Add a circular reference between slabtops for type and RRSIG(type)
``a20c8fe74b0``
Previously, the slabtops for "type" and its signature was only loosely
coupled and the headers could expire at different time (both TTL and
LRU based expiry). Add a .related member to the slabtop that allows
us to expire the headers in both related headers and also optimize the
lookups because now both slabtops are looked up at the same time.
:gl:`#3396` :gl:`!10985`
- Refactor view creation/configuration loops in dedicated functions.
``cb0807be2be``
Refactor a bit of `apply_configuration` by extracting (into respective
dedicated function) the logic to build the keystores list, the KASP
list as well as creating the view/zones and configuring those. This is
the next step of MR !10895 and !10901
While the code is extracted, some global variables has been changed
into a function parameters which enable to have a clear view of the
dependency of the function, typically, to know if it depends on local
configuration object or runtime "production" object. The end goal (not
in this MR, but later on) is to move as much as possible
initialization logic outside of the exclusive mode.
As a first step, latest commits move the keystores list, KASP list and
view/zones creation outside of the exclusive mode. (The view/zone
configuration remain in exclusive mode for now, because of a
dependency to the runtime "cachelist". This is the target of a next
MR.
For the record; while moving the keystores list, KASP list and
view/zone creation doesn't have a significant impact on the time the
exclusive mode is taken (from my experiment on a 1M small zones
instance); moving `configure_views` did have a _massive_ impact
(basically, the time spend in the exclusive mode is then non
calculable). Configuring views outside the exclusive mode needs more
work, which will be done in future MRs. :gl:`#4673` :gl:`!10910`
- Add option to always build fuzz binaries. ``54c8252c6e2``
Currently the fuzzer binaries are only built when someone requests a
fuzzer. This might cause us to inadvertently break fuzzing when
changing function signatures. It also deviates with the behaviour we
had with autotools, where the fuzz binaries were built with make test.
This commit splits the -Dfuzzing option into two: fuzzing, and
fuzzing-backend. The fuzzing option controls whether the fuzzing
binaries are built. The fuzzing-backend option controls which backend
to use, and defaults to none. If the value none is used the binaries
are built, but no backend is used or guaranteed, which means that the
binaries might be non-functional. :gl:`#5526` :gl:`!10990`
- Rename cfg_aclconfctx_t variables to aclctx. ``0411142f826``
ACL configuration context variables are inconsistently named as
`actx`, `ac`, or `aclconfctx`, which caused confusion during code
reviews. This commit renames all `cfg_aclconfctx_t` variables to
`aclctx`, which is short, consistent, and unambiguous. :gl:`#5530`
:gl:`!11003`
- Provide more context when registering plugins. ``ac4cf4cce8d``
Add a new type, `ns_pluginregister_ctx_t`, which is passed to
`plugin_register()` in place of the `source` parameter. The source
value is now just part of the structure, which also holds a pointer to
the zone origin if the plugin is loaded at a zone level. This
provides more contextual information, enabling the plugin to make
specific configuration decisions based on the name of the zone for
which it is loaded. It's also flexible if more contextual data
are needed in the future: add a new field to
`ns_pluginregister_ctx_t`, and new plugins can use it without
affecting compatibility with existing plugins. :gl:`#5533`
:gl:`!11019`
- Add option to compile named with static linking and LTO.
``b6971fb7240``
Statically linking lib{isc,dns,ns,cfg,isccc} and enabling LTO shows
over 10% improvements on all almost measurements in perflab. That
said, we can't use Meson's option for LTO since it would result in
every binary being compiled with LTO and a great increase in compile
time.
To work around it, we add a configuration option that enables LTO and
static linking only for the `named` binary. :gl:`!10761`
- Convert slabtop and slabheader to use the cds list. ``7443ff330cc``
This is the first MR in series that aims to reduce the node locking by
replacing the single-linked list of slabtop(s) and slabheader(s) with
CDS linked list. This commit doesn't do anything else beyond
replacing .next and .down links with the cds_list_head. The RCU
semantics will be added later. :gl:`!10944`
- Make the database ownercase modifiable only via addrdataset()
``dbc47312925``
Simplify the implementation around the database ownercase. Remove the
dns_rdataset_setownercase() implementation for the slabheaders and
only allow setting ownercase on rdatalists and rdatasets. The
ownercase in the database can now be set only with
dns_db_addrdataset() by passing rdataset with correctly set ownercase.
:gl:`!10971`
- Minor refactor of dst code. ``f5af3e431b9``
Convert the defines to enums. Initialize the tags more explicitly and
less ugly. :gl:`!11000`
- Rename ns_pluginregister_ctx_t into ns_pluginctx_t. ``029a7152bba``
The type `ns_pluginregister_ctx_t` was initially added to pass plugin
contextual data when the plugin is registered, but this is also now
passed into `plugin_check`. Furthermore, those various data are not
specific to the registration in particular. Rename the type into
`ns_pluginctx_t` for clarity. :gl:`!11035`
- Simplify nchildren count in isc_nm_listenudp. ``722ce92f107``
Slight simplification of the logic to define .nchildren listening UDP
socket. :gl:`!10978`
- Squash the qpcache tree and nsec tries. ``22803b93e3f``
The dns_qpcache already had all the namespace changes needed to put
the normal data and auxiliary NSEC data into a single tree. Remove
the extra nsec QP trie and use the single QP trie for all the cache
data. :gl:`!10975`
- Use lock-free hashtable for storing resolver fetch contexts.
``0ac744ee4de``
Replace the locked hashmap with the lock-free hashtable from the RCU
library and protect the fetch contexts against reuse by replacing the
libisc reference counting with urcu_ref that can soft-fail in
situation where the reference count is already zero. This allows us
to easily skip re-using the fetch context if it is already in process
of being destroyed. :gl:`!10653`
Bug Fixes
~~~~~~~~~
- Use signer name when disabling DNSSEC algorithms. ``7e0318df857``
``disable-algorithms`` could cause DNSSEC validation failures when the
parent zone was signed with the algorithms that were being disabled
for the child zone. This has been fixed; `disable-algorithms` now
works on a whole-of-zone basis.
If the zone's name is at or below the ``disable-algorithms`` name the
algorithm is disabled for that zone, using deepest match when there
are multiple ``disable-algorithms`` clauses. :gl:`#5165` :gl:`!10837`
- Rndc sign during ZSK rollover will now replace signatures.
``6246f9d7cb1``
When performing a ZSK rollover, if the new DNSKEY is omnipresent, the
:option:`rndc sign` command now signs the zone completely with the
successor key, replacing all zone signatures from the predecessor key
with new ones. :gl:`#5483` :gl:`!10867`
- Missing DNSSEC information when CD bit is set in query.
``5fcc063ce9a``
The RRSIGs for glue records were not being cached correctly for CD=1
queries. This has been fixed. :gl:`#5502` :gl:`!10938`
- Fix datarace between unlocking fctx lock and shuttingdown fctx.
``2924f59cb3e``
There was a data race where new fetch response could be added to the
fetch context after we unlock the fetch context and before we shut it
down. This could cause assertion failure when fctx__done() was called
with ISC_R_SUCCESS because there was originally no fetch response, but
new fetch response without associated dataset was added before we had
a chance to shutdown the fetch context. This manifested in the
validated() callback, where cache_rrset() now returns ISC_R_SUCCESS
instead of DNS_R_UNCHANGED when cache was not changed. However the
data race was wrong on a general level.
Add new argument to fctx__done() that allows to call it with
fctx->lock already acquired to prevent these data races. :gl:`#5507`
:gl:`!10961`
- Add chroot check to meson.build. ``f2f2488bbe1``
The meson build procedure was not checking for the existence of the
chroot function. This has been fixed. :gl:`#5519` :gl:`!10973`
- Preserve cache when reload fails and reload the server again.
``33bcff46d30``
Fixes an issue where failing to reconfigure/reload the server would
prevent to preserved the views caches on the subsequent server
reconfiguration/reload. :gl:`#5523` :gl:`!10984`
- Apply_configuration: leave exclusive mode after viewlist cleanup.
``5c53695bf32``
When a re-configuration fails, `apply_configuration` flows jump to a
cleanup label and, at some point, leave the exclusive mode and cleanup
the viewlist. It looks fine as the viewlist is at this point only
locally known (if this is a configuration failure, this is the new
view list, if this is a success, this is the old list which has been
swapped out from the production list during the exclusive mode).
However, the view and zone initialization code enqueues job callbacks,
for instance from `dns_zone_setsigninginterval` (but there are others
cases) which will be called for the new views and zones after the
exclusive mode is over.
Depending where the configuration fails, those views and zones can be
half-configured, for instance a view might have an unfrozen resolver.
Hence, leaving the exclusive mode before cleaning up those views ans
zones will immediately called the previously enqueued callbacks and
lead to this reconfiguration-failure crash stack:
``` isc_assertion_failed dns_resolver_createfetch do_keyfetch
isc__async_cb ... uv_run loop_thread thread_body thread_run
start_thread ... ```
To avoid the problem, the views are now cleaned up before leaving the
exclusive mode (which also clean up the zones and enqueued callbacks).
As context, the bug was introduced by !10910 which moved the creation
(not configuration) of the view outsides of the exclusive mode. This
is a safe move (as at this point, the newly view are only known
locally by `apply_configuration`) but the re-order was wrong regarding
the point where the exclusive mode was ended (before the change, the
exclusive mode as always ended before the new view are detached).
:gl:`!11016`
- Check plugin config before registering. ``0e575d150fd``
In `named_config_parsefile()`, when checking the validity of
`named.conf`, the checking of plugin correctness was deliberately
postponed until the plugin is loaded and registered. However, the
checking was never actually done: the `plugin_register()`
implementation was called, but `plugin_check()` was not.
`ns_plugin_register()` (used by `named`) now calls the check function
before the register function, and aborts if either one fails.
`ns_plugin_check()` (used by `named-checkconf`) calls only the check
function. :gl:`!11031`
- Clean up the dns_db API. ``29fc7850f1e``
Some of the API calls in `dns_db` were obsolete, and have been
removed. Others were more complicated than necessary, and have been
refactored to simplify. :gl:`!10830`
- Do not inline dns_zone_gethooktable. ``e7156fe57ae``
Since !10959 `dns_zone_gethooktable()` is only called once per query,
and the suspicion (from perflab analysis) that this (simple, as just
returning a pointer) call was slowing things down (perhaps because of
code locality reasons?) doesn't matter anymore. So even if !10959
inlined it, it shouldn't matter anymore. :gl:`!10962`
- Fix detection of whether node is active in find_wildcard()
``f717bad1086``
The current code would fail during the write transaction. The first
header would not match the search->serial and the node might be
incorrectly detected as inactive. :gl:`!10972`
- Hookasyncctx renaming. ``6ec65c3d1ad``
The field `ns_hookasync_t` was initially named `hook_actx` and wrongly
renamed `hook_aclctx` during a mass-renaming of various names for the
config acl context into a consistent `aclctx` name (see !11003). Of
course this is wrong as `ns_hookasync_t` has nothing to do with ACL
but about _async_ context. This commit fixes the mistake by renaming
this field `hookasyncctx` :gl:`!11021`
- Minimize zone hooktable lookups. ``89039e0d78e``
Merging !10483 caused a performance regression because the zone
hooktable had to be looked up every time a hook point was reached,
even if no zone plugins were configured. We now look up the zone
hooktable when a zone is attached to the query context, and keep a
pointer to it until the qctx is destroyed. :gl:`!10959`
.. note::
The BIND 9.21.13 release was withdrawn after the discovery of a
regression in a security fix in it during pre-release testing.

441
doc/changelog/changelog-9.21.14.rst Normal file
View file

@ -0,0 +1,441 @@
.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
..
.. SPDX-License-Identifier: MPL-2.0
..
.. This Source Code Form is subject to the terms of the Mozilla Public
.. License, v. 2.0. If a copy of the MPL was not distributed with this
.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
..
.. See the COPYRIGHT file distributed with this work for additional
.. information regarding copyright ownership.
BIND 9.21.14
------------
Security Fixes
~~~~~~~~~~~~~~
- [CVE-2025-8677] DNSSEC validation fails if matching but invalid DNSKEY
is found. ``1d851c23529``
Previously, if a matching but cryptographically invalid key was
encountered during DNSSEC validation, the key was skipped and not
counted towards validation failures. :iscman:`named` now treats such
DNSSEC keys as hard failures and the DNSSEC validation fails
immediately, instead of continuing with the next DNSKEYs in the RRset.
ISC would like to thank Zuyao Xu and Xiang Li from the All-in-One
Security and Privacy Laboratory at Nankai University for bringing this
vulnerability to our attention. :gl:`#5343`
- [CVE-2025-40778] Address various spoofing attacks. ``7b95c382dbd``
Previously, several issues could be exploited to poison a DNS cache
with spoofed records for zones which were not DNSSEC-signed or if the
resolver was configured to not do DNSSEC validation. These issues were
assigned CVE-2025-40778 and have now been fixed.
As an additional layer of protection, :iscman:`named` no longer
accepts DNAME records or extraneous NS records in the AUTHORITY
section unless these are received via spoofing-resistant transport
(TCP, UDP with DNS cookies, TSIG, or SIG(0)).
ISC would like to thank Yuxiao Wu, Yunyi Zhang, Baojun Liu, and Haixin
Duan from Tsinghua University for bringing this vulnerability to our
attention. :gl:`#5414`
- [CVE-2025-40780] Cache-poisoning due to weak pseudo-random number
generator. ``6876753c7cc``
It was discovered during research for an upcoming academic paper that
a xoshiro128\*\* internal state can be recovered by an external 3rd
party, allowing the prediction of UDP ports and DNS IDs in outgoing
queries. This could lead to an attacker spoofing the DNS answers with
great efficiency and poisoning the DNS cache.
The internal random generator has been changed to a cryptographically
secure pseudo-random generator.
ISC would like to thank Prof. Amit Klein and Omer Ben Simhon from
Hebrew University of Jerusalem for bringing this vulnerability to our
attention. :gl:`#5484`
New Features
~~~~~~~~~~~~
- Add extra tokens to the zone file name template. ``b449fa95005``
Extend the `$name`, `$view` and `$type` tokens (expanding into the
zone name, zone's view name and type); the new following tokens are
now also accepted:
- `$name` or `%s` is replaced with the zone name in lower case;
- `$type` or `%t` is replaced with the zone type -- i.e., primary,
secondary, etc);
- `$view` or `%v` is replaced with the view name;
- `$char1` or `%1` is replaced with the first character of the zone
name;
- `$char2` or `%2` is replaced with the second character of the zone
name (or a dot if there is no second character);
- `$char3` or `%3` is replaced with the third character of the zone
name (or a dot if there is no third character);
- `$label1` or `%z` is replaced with the toplevel domain of the zone
(or a dot if it is the root zone);
- `$label2` or `%y` is replaced with the next label under the toplevel
domain (or a dot if there is no next label);
- `$label3` or `%x` is replaced with the next-next label under the
toplevel domain (or a dot if there is no next-next label).
:gl:`#85` :gl:`!10779`
- Add support for synthetic records. ``cefed841046``
Add a query plugin which, in "reverse" mode, enables the server to
build a synthesized response to a PTR query when the PTR record
requested is not found in the zone. The dynamically-built name is
constructed from a static prefix (passed as a plugin parameter), the
IP address (extracted from the query name) and a suffix (also passed
as a plugin parameter). An `allow-synth` address-match list can be
used to limit the network addresses for which the plugin may generate
responses. The plugin can also be used in "forward" mode, to
build synthesized A/AAAA records from names using the same format as
the dynamically-built PTR names. The same parameters are used: the
plugin will react and answer a query if the name matches the
configured prefix and origin, and encodes an IP address that is within
`allow-synth`. :gl:`#1586` :gl:`!10348`
- Support for zone-specific plugins. ``65fa5693572``
Query plugins can now be configured at the `zone` level, as well as
globally or at the `view` level. A plugin's hooks are then called only
while that specific zone's database is being used to answer a query.
This simplifies the implementation of plugins that are only needed for
specific namespaces for which the server is authoritative. It can also
enable quicker responses, since plugins will only be called when they
are needed. :gl:`#5356` :gl:`!10483`
- Add dnssec-policy keys configuration check to named-checkconf.
``23a79b42ea4``
A new option `-k` is added to `named-checkconf` that allows checking
the `dnssec-policy` `keys` configuration against the configured key
stores. If the found key files are not in sync with the given
`dnssec-policy`, the check will fail.
This is useful to run before migrating to `dnssec-policy`. :gl:`#5486`
:gl:`!10907`
Removed Features
~~~~~~~~~~~~~~~~
- Remove randomized RRset ordering. ``014a05a2781``
The rrset-order random doesn't offer uniform distribution of all
permutations and it isn't superior to cyclic order in any way. Make
the random ordering an alias to the cyclic ordering. :gl:`#5513`
:gl:`!10912`
- Remove CHECK_FOR_GLUE_IN_ANSWER. ``7fa4cbedc50``
Macro CHECK_FOR_GLUE_IN_ANSWER is defined in `lib/dns/resolver.c`
only, documented nowhere and not exposed as build configuration. This
is valid at least for 9.21+, 9.20 and 9.18. Furthermore, it doesn't
compile anymore on 9.21+ with -DCHECK_FOR_GLUE_IN_ANSWER=1.
Considering it is very unlikely that anyone build named with this,
remove the code rather than fixing it. :gl:`#5538` :gl:`!11029`
- Remove orphan dns_loadmgr_t type. ``96855b5449f``
dns_loadmgr_t typedef is declared but never defines as well as a
pointer of this type in named_server_t. Removing it. :gl:`!10974`
Feature Changes
~~~~~~~~~~~~~~~
- Add a circular reference between slabtops for type and RRSIG(type)
``a20c8fe74b0``
Previously, the slabtops for "type" and its signature was only loosely
coupled and the headers could expire at different time (both TTL and
LRU based expiry). Add a .related member to the slabtop that allows
us to expire the headers in both related headers and also optimize the
lookups because now both slabtops are looked up at the same time.
:gl:`#3396` :gl:`!10985`
- Refactor view creation/configuration loops in dedicated functions.
``cb0807be2be``
Refactor a bit of `apply_configuration` by extracting (into respective
dedicated function) the logic to build the keystores list, the KASP
list as well as creating the view/zones and configuring those. This is
the next step of MR !10895 and !10901
While the code is extracted, some global variables has been changed
into a function parameters which enable to have a clear view of the
dependency of the function, typically, to know if it depends on local
configuration object or runtime "production" object. The end goal (not
in this MR, but later on) is to move as much as possible
initialization logic outside of the exclusive mode.
As a first step, latest commits move the keystores list, KASP list and
view/zones creation outside of the exclusive mode. (The view/zone
configuration remain in exclusive mode for now, because of a
dependency to the runtime "cachelist". This is the target of a next
MR.
For the record; while moving the keystores list, KASP list and
view/zone creation doesn't have a significant impact on the time the
exclusive mode is taken (from my experiment on a 1M small zones
instance); moving `configure_views` did have a _massive_ impact
(basically, the time spend in the exclusive mode is then non
calculable). Configuring views outside the exclusive mode needs more
work, which will be done in future MRs. :gl:`#4673` :gl:`!10910`
- Add option to always build fuzz binaries. ``54c8252c6e2``
Currently the fuzzer binaries are only built when someone requests a
fuzzer. This might cause us to inadvertently break fuzzing when
changing function signatures. It also deviates with the behaviour we
had with autotools, where the fuzz binaries were built with make test.
This commit splits the -Dfuzzing option into two: fuzzing, and
fuzzing-backend. The fuzzing option controls whether the fuzzing
binaries are built. The fuzzing-backend option controls which backend
to use, and defaults to none. If the value none is used the binaries
are built, but no backend is used or guaranteed, which means that the
binaries might be non-functional. :gl:`#5526` :gl:`!10990`
- Rename cfg_aclconfctx_t variables to aclctx. ``0411142f826``
ACL configuration context variables are inconsistently named as
`actx`, `ac`, or `aclconfctx`, which caused confusion during code
reviews. This commit renames all `cfg_aclconfctx_t` variables to
`aclctx`, which is short, consistent, and unambiguous. :gl:`#5530`
:gl:`!11003`
- Provide more context when registering plugins. ``ac4cf4cce8d``
Add a new type, `ns_pluginregister_ctx_t`, which is passed to
`plugin_register()` in place of the `source` parameter. The source
value is now just part of the structure, which also holds a pointer to
the zone origin if the plugin is loaded at a zone level. This
provides more contextual information, enabling the plugin to make
specific configuration decisions based on the name of the zone for
which it is loaded. It's also flexible if more contextual data
are needed in the future: add a new field to
`ns_pluginregister_ctx_t`, and new plugins can use it without
affecting compatibility with existing plugins. :gl:`#5533`
:gl:`!11019`
- Add option to compile named with static linking and LTO.
``b6971fb7240``
Statically linking lib{isc,dns,ns,cfg,isccc} and enabling LTO shows
over 10% improvements on all almost measurements in perflab. That
said, we can't use Meson's option for LTO since it would result in
every binary being compiled with LTO and a great increase in compile
time.
To work around it, we add a configuration option that enables LTO and
static linking only for the `named` binary. :gl:`!10761`
- Convert slabtop and slabheader to use the cds list. ``7443ff330cc``
This is the first MR in series that aims to reduce the node locking by
replacing the single-linked list of slabtop(s) and slabheader(s) with
CDS linked list. This commit doesn't do anything else beyond
replacing .next and .down links with the cds_list_head. The RCU
semantics will be added later. :gl:`!10944`
- Make the database ownercase modifiable only via addrdataset()
``dbc47312925``
Simplify the implementation around the database ownercase. Remove the
dns_rdataset_setownercase() implementation for the slabheaders and
only allow setting ownercase on rdatalists and rdatasets. The
ownercase in the database can now be set only with
dns_db_addrdataset() by passing rdataset with correctly set ownercase.
:gl:`!10971`
- Minor refactor of dst code. ``f5af3e431b9``
Convert the defines to enums. Initialize the tags more explicitly and
less ugly. :gl:`!11000`
- Rename ns_pluginregister_ctx_t into ns_pluginctx_t. ``029a7152bba``
The type `ns_pluginregister_ctx_t` was initially added to pass plugin
contextual data when the plugin is registered, but this is also now
passed into `plugin_check`. Furthermore, those various data are not
specific to the registration in particular. Rename the type into
`ns_pluginctx_t` for clarity. :gl:`!11035`
- Simplify nchildren count in isc_nm_listenudp. ``722ce92f107``
Slight simplification of the logic to define .nchildren listening UDP
socket. :gl:`!10978`
- Squash the qpcache tree and nsec tries. ``22803b93e3f``
The dns_qpcache already had all the namespace changes needed to put
the normal data and auxiliary NSEC data into a single tree. Remove
the extra nsec QP trie and use the single QP trie for all the cache
data. :gl:`!10975`
- Use lock-free hashtable for storing resolver fetch contexts.
``0ac744ee4de``
Replace the locked hashmap with the lock-free hashtable from the RCU
library and protect the fetch contexts against reuse by replacing the
libisc reference counting with urcu_ref that can soft-fail in
situation where the reference count is already zero. This allows us
to easily skip re-using the fetch context if it is already in process
of being destroyed. :gl:`!10653`
Bug Fixes
~~~~~~~~~
- Use signer name when disabling DNSSEC algorithms. ``7e0318df857``
``disable-algorithms`` could cause DNSSEC validation failures when the
parent zone was signed with the algorithms that were being disabled
for the child zone. This has been fixed; `disable-algorithms` now
works on a whole-of-zone basis.
If the zone's name is at or below the ``disable-algorithms`` name the
algorithm is disabled for that zone, using deepest match when there
are multiple ``disable-algorithms`` clauses. :gl:`#5165` :gl:`!10837`
- Rndc sign during ZSK rollover will now replace signatures.
``6246f9d7cb1``
When performing a ZSK rollover, if the new DNSKEY is omnipresent, the
:option:`rndc sign` command now signs the zone completely with the
successor key, replacing all zone signatures from the predecessor key
with new ones. :gl:`#5483` :gl:`!10867`
- Missing DNSSEC information when CD bit is set in query.
``5fcc063ce9a``
The RRSIGs for glue records were not being cached correctly for CD=1
queries. This has been fixed. :gl:`#5502` :gl:`!10938`
- Fix datarace between unlocking fctx lock and shuttingdown fctx.
``2924f59cb3e``
There was a data race where new fetch response could be added to the
fetch context after we unlock the fetch context and before we shut it
down. This could cause assertion failure when fctx__done() was called
with ISC_R_SUCCESS because there was originally no fetch response, but
new fetch response without associated dataset was added before we had
a chance to shutdown the fetch context. This manifested in the
validated() callback, where cache_rrset() now returns ISC_R_SUCCESS
instead of DNS_R_UNCHANGED when cache was not changed. However the
data race was wrong on a general level.
Add new argument to fctx__done() that allows to call it with
fctx->lock already acquired to prevent these data races. :gl:`#5507`
:gl:`!10961`
- Add chroot check to meson.build. ``f2f2488bbe1``
The meson build procedure was not checking for the existence of the
chroot function. This has been fixed. :gl:`#5519` :gl:`!10973`
- Preserve cache when reload fails and reload the server again.
``33bcff46d30``
Fixes an issue where failing to reconfigure/reload the server would
prevent to preserved the views caches on the subsequent server
reconfiguration/reload. :gl:`#5523` :gl:`!10984`
- Apply_configuration: leave exclusive mode after viewlist cleanup.
``5c53695bf32``
When a re-configuration fails, `apply_configuration` flows jump to a
cleanup label and, at some point, leave the exclusive mode and cleanup
the viewlist. It looks fine as the viewlist is at this point only
locally known (if this is a configuration failure, this is the new
view list, if this is a success, this is the old list which has been
swapped out from the production list during the exclusive mode).
However, the view and zone initialization code enqueues job callbacks,
for instance from `dns_zone_setsigninginterval` (but there are others
cases) which will be called for the new views and zones after the
exclusive mode is over.
Depending where the configuration fails, those views and zones can be
half-configured, for instance a view might have an unfrozen resolver.
Hence, leaving the exclusive mode before cleaning up those views ans
zones will immediately called the previously enqueued callbacks and
lead to this reconfiguration-failure crash stack:
``` isc_assertion_failed dns_resolver_createfetch do_keyfetch
isc__async_cb ... uv_run loop_thread thread_body thread_run
start_thread ... ```
To avoid the problem, the views are now cleaned up before leaving the
exclusive mode (which also clean up the zones and enqueued callbacks).
As context, the bug was introduced by !10910 which moved the creation
(not configuration) of the view outsides of the exclusive mode. This
is a safe move (as at this point, the newly view are only known
locally by `apply_configuration`) but the re-order was wrong regarding
the point where the exclusive mode was ended (before the change, the
exclusive mode as always ended before the new view are detached).
:gl:`!11016`
- Check plugin config before registering. ``0e575d150fd``
In `named_config_parsefile()`, when checking the validity of
`named.conf`, the checking of plugin correctness was deliberately
postponed until the plugin is loaded and registered. However, the
checking was never actually done: the `plugin_register()`
implementation was called, but `plugin_check()` was not.
`ns_plugin_register()` (used by `named`) now calls the check function
before the register function, and aborts if either one fails.
`ns_plugin_check()` (used by `named-checkconf`) calls only the check
function. :gl:`!11031`
- Clean up the dns_db API. ``29fc7850f1e``
Some of the API calls in `dns_db` were obsolete, and have been
removed. Others were more complicated than necessary, and have been
refactored to simplify. :gl:`!10830`
- Do not inline dns_zone_gethooktable. ``e7156fe57ae``
Since !10959 `dns_zone_gethooktable()` is only called once per query,
and the suspicion (from perflab analysis) that this (simple, as just
returning a pointer) call was slowing things down (perhaps because of
code locality reasons?) doesn't matter anymore. So even if !10959
inlined it, it shouldn't matter anymore. :gl:`!10962`
- Fix detection of whether node is active in find_wildcard()
``f717bad1086``
The current code would fail during the write transaction. The first
header would not match the search->serial and the node might be
incorrectly detected as inactive. :gl:`!10972`
- Hookasyncctx renaming. ``6ec65c3d1ad``
The field `ns_hookasync_t` was initially named `hook_actx` and wrongly
renamed `hook_aclctx` during a mass-renaming of various names for the
config acl context into a consistent `aclctx` name (see !11003). Of
course this is wrong as `ns_hookasync_t` has nothing to do with ACL
but about _async_ context. This commit fixes the mistake by renaming
this field `hookasyncctx` :gl:`!11021`
- Minimize zone hooktable lookups. ``89039e0d78e``
Merging !10483 caused a performance regression because the zone
hooktable had to be looked up every time a hook point was reached,
even if no zone plugins were configured. We now look up the zone
hooktable when a zone is attached to the query context, and keep a
pointer to it until the qctx is destroyed. :gl:`!10959`