Commit graph

12595 commits

Author SHA1 Message Date
Mark Andrews
eded3efb79 Ensure tree lock is always held when dns_rbt_fullnamefromnode is called 2020-05-29 14:17:39 -07:00
Evan Hunt
db9d10e3c1 pass the nodename to add32() instead of calling dns_rbt_fullnamefromnode()
in addition to being more efficient, this prevents a possible crash by
looking up the node name before the tree sructure can be changed when
cleaning up dead nodes in addrdataset().
2020-05-29 14:17:36 -07:00
Witold Kręcicki
7ef756f639 Clear sock->magic to 0 when destroying a netmgr socket 2020-05-29 19:18:58 +00:00
Witold Kręcicki
a8807d9a7b Add missing isc_mutex_destroy and isc_conditional_destroy calls.
While harmless on Linux, missing isc_{mutex,conditional}_destroy
causes a memory leak on *BSD. Missing calls were added.
2020-05-29 19:18:58 +00:00
Ondřej Surý
bf60e445ed Stop using AC_C_FLEXIBLE_ARRAY_MEMBER, support for it is part of C99 2020-05-28 11:28:44 +02:00
Ondřej Surý
fe04426778 Define WIN32_LEAN_AND_MEAN globally instead of anecdotically 2020-05-28 11:28:44 +02:00
Ondřej Surý
4c23724c97 Move the dependencies from sln to vcxproj files 2020-05-28 08:08:30 +02:00
Ondřej Surý
5bd2037b4e Fix the missing thread_local define on Windows 2020-05-28 08:07:57 +02:00
Ondřej Surý
009bb594a2 Make win32util/Configure aligned with autoconf-style 2020-05-28 08:07:57 +02:00
Ondřej Surý
bfd87e453d Restore the GSSAPI compilation on Windows (but we should really switch to SSPI/Kerberos) 2020-05-28 08:07:57 +02:00
Ondřej Surý
8c4ee37dab Add ltdl.h shim for Windows 2020-05-28 08:07:57 +02:00
Evan Hunt
249184e03e add a quick-and-dirty method of debugging a single query
when built with "configure --enable-singletrace", named will produce
detailed query logging at the highest debug level for any query with
query ID zero.

this enables monitoring of the progress of a single query by specifying
the QID using "dig +qid=0". the "client" logging category should be set
to a low severity level to suppress logging of other queries. (the
chance of another query using QID=0 at the same time is only 1 in 2^16.)

"--enable-singletrace" turns on "--enable-querytrace" as well, so if the
logging severity is not lowered, all other queries will be logged
verbosely as well. compiling with either of these options will impair
query performance; they should only be turned on when testing or
troubleshooting.
2020-05-26 00:47:18 -07:00
Evan Hunt
57e54c46e4 change "expr == false" to "!expr" in conditionals 2020-05-25 16:09:57 -07:00
Evan Hunt
68a1c9d679 change 'expr == true' to 'expr' in conditionals 2020-05-25 16:09:57 -07:00
Michał Kępień
fb123df2b2 Improve the "hint" variable comment
Replace an existing comment with a more verbose explanation of when the
"hint" variable is set in resquery_send() and how its value affects the
advertised UDP buffer size in outgoing queries.
2020-05-25 14:34:56 +02:00
Michał Kępień
d27f96cc98 Ensure server-specific "edns-udp-size" is obeyed
If "edns-udp-size" is set in a "server" block matching the queried
server, it is accounted for in the process of determining the advertised
UDP buffer size, but its value may still be overridden before the query
is sent.  This behavior contradicts the ARM which claims that when set,
the server-specific "edns-udp-size" value is used for all EDNS queries
sent to a given server.

Furthermore, calling dns_peer_getudpsize() with the "udpsize" variable
as an argument makes the code hard to follow as that call may either
update the value of "udpsize" or leave it untouched.

Ensure the code matches the documentation by moving the
dns_peer_getudpsize() call below all other blocks of code potentially
affecting the advertised UDP buffer size, which is where it was located
when server-specific "edns-udp-size" support was first implemented [1].
Improve code readability by calling dns_peer_getudpsize() with a helper
variable instead of "udpsize".

[1] see commit 1c153afce5
2020-05-25 14:34:56 +02:00
Michał Kępień
d7583e7926 Restore semantic meaning of DNS_FETCHOPT_EDNS512
When the DNS_FETCHOPT_EDNS512 flag was first introduced [1], it enforced
advertising a 512-byte UDP buffer size in an outgoing query.  Ever since
EDNS processing code got updated [2], that flag has still been set upon
detection of certain query timeout patterns, but it has no longer been
affecting the calculations of the advertised UDP buffer size in outgoing
queries.  Restore original semantic meaning of DNS_FETCHOPT_EDNS512 by
ensuring the advertised UDP buffer size is set to 512 bytes when that
flag is set.  Update existing comments and add new ones to improve code
readability.

[1] see commit 08c9026166
[2] see commit 8e15d5eb3a
2020-05-25 14:34:56 +02:00
Michał Kępień
949d9a3ea4 Remove fctx->reason and a misleading log message
The following message:

    success resolving '<name>' (in '<domain>'?) after reducing the advertised EDNS UDP packet size to 512 octets

can currently be logged even if the EDNS UDP buffer size advertised in
queries sent to a given server had already been set to 512 octets before
the fetch context was created (e.g. due to the server responding
intermittently).  In other words, this log message may be misleading as
lowering the advertised EDNS UDP buffer size may not be the actual cause
of <name> being successfully resolved.  Remove the log message in
question to prevent confusion.

As this log message is the only existing user of the "reason" field in
struct fetchctx, remove that field as well, along with all the code
related to it.
2020-05-25 14:34:56 +02:00
Michal Nowak
bfa6ecb796
Provide unit test driver
This adds a unit test driver for BIND with Automake.  It runs the unit
test program provided as its sole command line argument and then looks
for a core dump generated by that test program.  If one is found, the
driver prints the backtrace into the test log.
2020-05-21 12:13:01 +02:00
Mark Andrews
3012e1ad9b Extend loop count by 1 to account for non-exact timing in usleep(). 2020-05-21 10:00:13 +10:00
Witold Kręcicki
0eec2594b9 Fix possible deadlock in unix/socket.c
In process_fd we lock sock->lock and then internal_accept locks mgr->lock,
in isc_sockmgr_render* functions we lock mgr->lock and then lock sock->lock,
that can cause a deadlock when accessing stats. Unlock sock->lock early in
all the internal_{send,recv,connect,accept} functions instead of late
in process_fd.
2020-05-20 09:57:25 +02:00
Mark Andrews
266faa3399 Count queries to the root and TLD servers as well 2020-05-19 12:30:29 +02:00
Mark Andrews
3ee5ea2fdb Reduce the number of fetches we make when looking up addresses
If there are more that 5 NS record for a zone only perform a
maximum of 4 address lookups for all the name servers.  This
limits the amount of remote lookup performed for server
addresses at each level for a given query.
2020-05-19 12:30:29 +02:00
Mark Andrews
2d95c81452 Only look at tsig.error in responses 2020-05-19 12:29:21 +02:00
Mark Andrews
c7cdc47cc5 move provide-ixfr testing after the serial has been checked 2020-05-14 16:37:34 +10:00
Witold Kręcicki
f4260dc0c5 Fix 'error: ‘%s’ directive argument is null [-Werror=format-overflow=]' in assertions.c 2020-05-13 11:02:23 +02:00
Witold Kręcicki
2f252a1068 Clean quota callback after calling it 2020-05-13 08:45:27 +02:00
Witold Kręcicki
60629e5b0b Redesigned TCP accepting: one listen/accept loop, passing the connected socket.
Instead of using bind() and passing the listening socket to the children
threads using uv_export/uv_import use one thread that does the accepting,
and then passes the connected socket using uv_export/uv_import to a random
worker. The previous solution had thundering herd problems (all workers
waking up on one connection and trying to accept()), this one avoids this
and is simpler.
The tcp clients quota is simplified with isc_quota_attach_cb - a callback
is issued when the quota is available.
2020-05-13 08:45:27 +02:00
Mark Andrews
919a9ece25 enforce record count maximums 2020-05-13 15:35:28 +10:00
Mark Andrews
79de6edde8 allow grant rules to be retrieved 2020-05-13 15:35:28 +10:00
Mark Andrews
361ec726cb allow per type record counts to be specified 2020-05-13 15:35:28 +10:00
Evan Hunt
7192edf9c2 don't bother checking for empty nodes when searching the NSEC3 tree
this avoids a time-wasting search that could occur during an
IXFR that replaced an NSEC3 chain.
2020-05-12 12:35:29 -07:00
Mark Andrews
1c8f9d06e2 Also print out valid printable utf8 2020-05-12 22:01:54 +10:00
Mark Andrews
b144ae1bb0 Report Extended DNS Error codes 2020-05-12 22:01:54 +10:00
Diego Fronza
f2bf7beeb6 Added new logging category rpz-passthru
It is now possible to use the new logging category "rpz-passthru"
to redirect RPZ passthru activity to a dedicate logging channel.
2020-05-07 11:44:48 -03:00
Evan Hunt
f8d753d452 initialize sockaddrdscp to prevent spurious output from 'named-checkconf -p' 2020-05-05 12:48:31 -07:00
Evan Hunt
b89decfcc9 replace fputs() with fprintf() 2020-05-04 09:14:58 +02:00
Witold Kręcicki
fa02f6438b Don't set UDP recv/send buffer sizes - use system defaults (unless explicitly defined) 2020-05-01 17:04:00 +02:00
Ondřej Surý
09ba47b067 Use SO_REUSEPORT only on Linux, use SO_REUSEPORT_LB on FreeBSD
The SO_REUSEPORT socket option on Linux means something else on BSD
based systems.  On FreeBSD there's 1:1 option SO_REUSEPORT_LB, so we can
use that.
2020-05-01 15:20:55 +02:00
Aaron Thompson
6a9f20d031 Add engine support to OpenSSL EdDSA implementation. 2020-05-01 14:11:08 +02:00
Aaron Thompson
f9685b29f9 Use OpenSSL raw key functions for EdDSA keys. 2020-05-01 14:11:08 +02:00
Ondřej Surý
064d8b7a6d Simplify error handling 2020-05-01 10:36:45 +02:00
Ondřej Surý
aff61535c2 Add initial support for ECDSA keys via OpenSSL PKCS#11 engine 2020-05-01 10:36:45 +02:00
Mark Andrews
a66c6fc883 Mimic nzf_append from bin/named/server.c
nzf_append is conditionally compiled and this is intended to
catch error introduced by changes to the called functions on all
systems before the changes are run through the CI.
2020-05-01 06:51:05 +10:00
Mark Andrews
b02081d423 Escape double quote when printing quoted string.
When we were printing quoted string, the double quotes where unescaped
leading to prematurely ending the quoted string.
2020-05-01 06:51:05 +10:00
Aaron Thompson
2e6b7a56cc Update EdDSA implementation to PKCS#11 v3.0.
Per Current Mechanisms 2.3.5, the curve name is DER-encoded in the
EC_PARAMS attribute, and the public key value is DER-encoded in the
EC_POINT attribute.
2020-04-30 18:40:45 +02:00
Aaron Thompson
9b87fe1051 Fix EdDSA key sizes (key_size is in bits). 2020-04-30 18:40:45 +02:00
Witold Kręcicki
83049ceabf Don't free udp recv buffer if UV_UDP_MMSG_CHUNK is set 2020-04-30 17:30:37 +02:00
Ondřej Surý
d5356a40ff Use UV_UDP_RECVMMSG to enable mmsg support in libuv if available 2020-04-30 17:30:37 +02:00
Ondřej Surý
c86ebeebd2 As libltdl is convenience library, link it just into libisc 2020-04-30 15:33:44 +02:00