Add isctest.kasp.Key.into_ta() method which convert the key into DS /
DNSKEY trust anchor for BIND config. Add a shared template
trusted.conf.j2 which can be linked to in tests to create the trust
anchor configuration from trust anchor data returned from bootstrap()
function.
This is basically a python replacement for the keyfile_to_static_ds (and
friends) from the conf.sh shell framework.
Merge branch 'nicki/pytest-add-trust-anchor-template' into 'main'
See merge request isc-projects/bind9!11201
Add isctest.kasp.Key.into_ta() method which convert the key into DS /
DNSKEY trust anchor for BIND config. Add a shared template
trusted.conf.j2 which can be linked to in tests to create the trust
anchor configuration from trust anchor data returned from bootstrap()
function.
This is basically a python replacement for the keyfile_to_static_ds (and
friends) from the conf.sh shell framework.
Previously, a DNSKEY string from keyfile was returned. This made the
function brittle for further processing, as the string would have to be
split up, concatenated, and TTL could be missing, making string indices
context-dependent.
Parse the DNSKEY rrset into a proper dnspython object and return it.
This makes the output more predictable and reliable, as all the
neccessary parsing is done by dnspython.
Link-time optimization requires close coordination between the compiler
and the linker, so not all combinations of compiler and linker support
it.
Previously, when compiling with Clang, we checked only for lld. With
this commit, we expand the list of supported linkers we check for.
Closes#5536
Merge branch '5536-more-supported-linker-ids' into 'main'
See merge request isc-projects/bind9!11022
Meson boolean options are usually configured with enabled/disabled
instead of on/off. Make things more consistent with other meson options
by renaming -Dnamed-lto=off to -Dnamed-lto=disabled.
Link-time optimization requires close coordination between the compiler
and the linker, so not all combinations of compiler and linker support
it.
Previously, when compiling with Clang, we checked only for lld. With
this commit, we expand the list of supported linkers we check for.
Restore usage of malloc_usable_size()/malloc_size(), but this time only
for memory accounting and statistics purposes. This should reduce the
memory footprint in case of compilation without jemalloc as we don't
have to keep track of the allocated memory size ourselves.
Merge branch 'ondrej/use-malloc_usable_size-when-available' into 'main'
See merge request isc-projects/bind9!11271
Restore usage of malloc_usable_size()/malloc_size(), but this time only
for memory accounting and statistics purposes. This should reduce the
memory footprint in case of compilation without jemalloc as we don't
have to keep track of the allocated memory size ourselves.
Instead of having our own implementation of memory junk filling, rely on
the jemalloc opt.junk feature (set with MALLOC_CONF="junk:true").
Merge branch 'ondrej/remove-memfill' into 'main'
See merge request isc-projects/bind9!11270
Since the filling memory with junk patterns have been removed from ISC
memory context in favor of jemalloc opt.junk option, enable the jemalloc
behaviour by default in the GitLab CI.
As the fetch context reference counting was converted to userspace RCU
reference counting, the ability to debug the reference counting was
lost. Restore the debugging by adding the optional compile-time enabled
debugging output again.
Merge branch 'ondrej/add-tracing-to-fctx-reference-counting' into 'main'
See merge request isc-projects/bind9!11230
As the fetch context reference counting was converted to userspace RCU
reference counting, the ability to debug the reference counting was
lost. Restore the debugging by adding the optional compile-time enabled
debugging output again.
The qctx_destroy() only needs to be called on allocated memory and
qctx_deinit() needs to be called always. Also remove .allocated member
from the query_ctx_t structure.
Merge branch 'ondrej/add-qctx-deinit' into 'main'
See merge request isc-projects/bind9!11273
The qctx_destroy() only needs to be called on allocated memory and
qctx_deinit() needs to be called always. Also remove .allocated member
from the query_ctx_t structure.
The .delegating flag was only set, but never used in the dns_qpcache.
Remove it completely together with the code that was locking the node
to set the flag if the added type was DNAME.
Merge branch 'ondrej/remove-delegating-from-qpcache' into 'main'
See merge request isc-projects/bind9!10980
The .delegating flag was only set, but never used in the dns_qpcache.
Remove it completely together with the code that was locking the node
to set the flag if the added type was DNAME.
Upstream has removed the atomics implementation of CMM_LOAD_SHARED and
CMM_STORE_SHARED as these can be used also with non-stdatomics types.
As we only use the CMM api with stdatomics types, we can restore the
previous behaviour to prevent ThreadSanitizer warnings.
Closes#5660
Merge branch '5660-use-atomics-for-CMM-api-with-thread-sanitizer' into 'main'
See merge request isc-projects/bind9!11288
Upstream has removed the atomics implementation of CMM_LOAD_SHARED and
CMM_STORE_SHARED as these can be used also with non-stdatomics types.
As we only use the CMM api with stdatomics types, we can restore the
previous behaviour to prevent ThreadSanitizer warnings.
There are multiple reasons for the increased amount of differences we've
been seeing lately and for the raise of the threshold:
1. Recent hardening against cache poisoning (CVE-2025-40778) have
uncovered a few edge cases where the domain can't be properly
resolved with the new protections in place, but those are issues with
upstream configuration and DNS setup.
2. The same hardening magnified some behaviour differences between 9.21
and older versions. Some misconfigured domains, which can be resolved
with BIND 9.20 and older are no longer resolvable in 9.21+. This can
be again attributed to upstream DNS misconfiguration. See #5649.
3. A change in the respdiff CI job to include timeouts in the
comparison, or rather, increasing the timeouts to resolve the
previously timed out queries, which are typically failures. With the
previous job configuration, those were omitted from comparison,
because they were timeouts. Now, there should be no timeouts, but
there is a slight increase in the amount of differences for the
threshold evaluation.
This job is testing the current BIND implementation against the latest
released version. Unless there has been a behaviour change, there should
be no difference.
In practice, there is a small number of differences caused by upstream
discrepencies. Some of those cause "upstream unstable" answers which are
excluded from the results, but statistically, some of those will end up
being detected as differences on the resolver under test.
Currently, there seems to be about 300 upstream unstable answers with
typically around 50-60 differences. Setting the threshold to 0.1 should
be stable enough to pass if there are no changes, yet sensitive enough
to detect even fairly small changes to behaviour.
Disable test that fails for months on this platform.
Closes#5448
Merge branch '5448-disable-doh-unit-test-on-el8' into 'main'
See merge request isc-projects/bind9!11276
Change d5e4684b3d accidentally caused
ns_statscounter_edns0out to no longer be incremented. This has been
corrected.
Closes#5654
Merge branch '5654-restore-recording-ns_statscounter_edns0out' into 'main'
See merge request isc-projects/bind9!11267
When a zone is re-transferred, but the zone journal on an inline-signing secondary is out of sync, the zone could fall back to using NSEC records instead of NSEC3. This has been fixed.
Closes#5527
Merge branch '5527-retransfer-nsec3-bug' into 'main'
See merge request isc-projects/bind9!11226
When synchronizing the secure database, we skip DNSSEC records that
BIND 9 maintains with inline-signing. We should also skip private
RDATA type records that are used to track the current state of a
zone-signing process.
If the primary has been updated, but the secondary has not been
notified, the journal will go out of date. An 'rndc retransfer' causes
the zone to force an AXFR, removing and rebuilding zone and journal
files.
This test reproduces a bug that in such scenario, an NSEC3 signed zone
falls back to NSEC.
The "no root hints for view X" message must not be shown for the default
_bind/CH view. However, it is shown since 27c4f68dcc (part of effective
configuration changes).
The reason is that since 27c4f68dcc, `configure_views()` now processes
a single list of views, which contains both builtin and user views as
they are both part of the effective configuration. The changes omit the
(now removed, since 6b5f714e53) `need_hints` bool that was disabling the
warning for the builtin view (_bind/CH).
This disable that log again when configuring _bind/CH view.
Merge branch 'colin/nohintswarn-bindchaos' into 'main'
See merge request isc-projects/bind9!11264
The "no root hints for view X" message must not be shown for the default
_bind/CH view. However, it is shown since 27c4f68dcc (part of effective
configuration changes).
The reason is that since 27c4f68dcc, `configure_views()` now processes
a single list of views, which contains both builtin and user views as
they are both part of the effective configuration. Those changes omitted
the `need_hints` bool that disabled the warning for the builtin view.
This commit silences the log message again.
The new `dns_message_ednsinit()` and `dns_message_ednsaddopt()` functions
allow EDNS options to be added to a message one at a time; it is no
longer necessary to construct a full array of EDNS options and set
them all at once.
This allows us to simplify EDNS option handling code, and in the
future it wlil allow plugins to add EDNS options to existing
messages.
Merge branch 'each-refactor-message-edns' into 'main'
See merge request isc-projects/bind9!11261
now that the EDNS state is stored within dns_message_t, it's no longer
necessary to have a public API call to build an opt rdataset; we can
just have dns_message_setopt() build the opt record internally.
The new dns_message_ednsinit() and dns_message_ednsaddopt() functions
allow EDNS options to be added to a message one at a time; it is no
longer necessary to construct a full array of EDNS options and set
them all at once.
This allows us to simplify EDNS option handling code, and in the
future it wlil allow plugins to add EDNS options to existing
messages.
To check if the key managing for a zone is done, we check a log message.
On some machines, with many zones this may take some time.
Increate the timeout to a minute. Note that most zones will continue
their test case much faster, but with many zones there may be some
straggling.
When all zones are configured, regardless of whether the test module
actually uses them, it makes debugging the logs needlessly more
complicated, as there is a bunch of stuff going on that is completely
unrelated to the test.
Define a list of tested zones in each test module and only render the
named.conf with those zones defined.
This converts two test cases:
1. A zone that previously failed to load is now fixed. Make sure the
zone is signed correctly with the right NSEC3 parameters.
2. Test case to ensure the salt is the same after a restart, i.e. no
re-salting takes place. Previously we only tested with salt length
0, this commit adds a test case for salt length 8 as well.
