ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2024-02-05T12:41:51Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/1267Applications list filters by text when it's not supposed to2024-02-05T12:41:51ZPiotrek ZadrogaApplications list filters by text when it's not supposed toSteps to reproduce:
- Pagination must occur in Apps list (Kea or Bind, no difference here)
- filter by something that doesn't exist => zero results returned by filter
- navigate to different view
- go back to Apps list
- issue happens: ...Steps to reproduce:
- Pagination must occur in Apps list (Kea or Bind, no difference here)
- filter by something that doesn't exist => zero results returned by filter
- navigate to different view
- go back to Apps list
- issue happens: filtering is still applied (this may happen after going to other page in pagination)
Filter text input is empty
![image](/uploads/f31a9377bd6b13070ffed208f409d005/image.png)
But in the request to API the filter is still on, hence empty apps list
![image](/uploads/1a15084a115c187268dc639575b8c40e/image.png)
Bind apps (no results AND BTW also wrong breadcrumb :disappointed: ):
![image](/uploads/c69b858a310bedea7c7dcf2c26ce7544/image.png)
![image](/uploads/6b49eff412c3e718be21a2869a555869/image.png)1.15Piotrek ZadrogaPiotrek Zadrogahttps://gitlab.isc.org/isc-projects/bind9/-/issues/4500Log the change that generated "not exact" when applying a diff.2024-01-04T16:56:21ZMark AndrewsLog the change that generated "not exact" when applying a diff.Provide more information a "not exact" response is detected. Log name, class, type and operation being attempted.Provide more information a "not exact" response is detected. Log name, class, type and operation being attempted.January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)https://gitlab.isc.org/isc-projects/bind9/-/issues/4499The question about named_server_flushcache2023-12-19T12:39:09ZchengyechunThe question about named_server_flushcache
After analyzing the execution process of the rndc flush command based on the 9.19 branch, I found that the two judgment conditions in the 11813 line of the named_server_flushcache function cannot be met at the same time.
Scenario 1: If ...
After analyzing the execution process of the rndc flush command based on the 9.19 branch, I found that the two judgment conditions in the 11813 line of the named_server_flushcache function cannot be met at the same time.
Scenario 1: If the rdnc flush [view] parameter view is transferred, ptr is not empty and the first condition is met. However, needflush corresponding to the view is set to True in the 11781 branch, and the second condition is not met.
Scenario 2: If the view parameter is not transferred in rdnc flush [view], ptr is empty and the first condition cannot be met. In this case, the second condition is short-circuited in the 11813 line. Therefore, 11814 cannot be executed.
To sum up, I think the code in the 11813 line may be faulty. I hope to maintain the code for review. Thank you.https://gitlab.isc.org/isc-projects/bind9/-/issues/4498[GL #4494] followup: regression test was too strict2024-01-04T16:58:18ZMark Andrews[GL #4494] followup: regression test was too strictThe delta which records the addition of the private record for the NSEC3 to NSEC conversion can sometimes not be the first delta. Update the system test to handle it in a later delta.
https://gitlab.isc.org/isc-projects/bind9/-/jobs/38...The delta which records the addition of the private record for the NSEC3 to NSEC conversion can sometimes not be the first delta. Update the system test to handle it in a later delta.
https://gitlab.isc.org/isc-projects/bind9/-/jobs/3883570January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)https://gitlab.isc.org/isc-projects/bind9/-/issues/4497Kindly mute the 'trust-anchor-telemetry' experimental warning.2023-12-18T14:15:22ZJakub MocKindly mute the 'trust-anchor-telemetry' experimental warning.<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential by clicking the checkbox at the bottom!
-->
### Summary
<!-- Concisely summarize the bug encountered. -->
Kindly mute the 'trust-anchor-telemetry' experimental warning.
### BIND version affected
<!--
Make sure you are testing with the **latest** supported version of BIND
for a given branch. Many bugs have been fixed over time!
See https://kb.isc.org/docs/supported-platforms for the current list.
The latest source is available from https://www.isc.org/download/#BIND
Paste the output of `named -V` here.
-->
```
BIND 9.18.20 (Extended Support Version) <id:>
running on FreeBSD amd64 13.2-RELEASE-p7 FreeBSD 13.2-RELEASE-p7 stable/23.7-n254871-d5ec322cffc SMP
built by make with '--disable-linux-caps' '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-dlopen=yes' '--with-libxml2' '--with-openssl=/usr/local' '--enable-dnsrps' '--with-readline=libedit' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-querytrace' '--enable-tcp-fastopen' '--prefix=/usr/local' '--mandir=/usr/local/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd13.2' 'build_alias=amd64-portbld-freebsd13.2' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -Wl,-rpath,/usr/local/lib -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf' 'PKG_CONFIG_LIBDIR=/usr/obj/usr/ports/dns/bind918/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig' 'READLINE_CFLAGS=-L/usr/local/lib'
compiled by CLANG FreeBSD Clang 14.0.5 (https://github.com/llvm/llvm-project.git llvmorg-14.0.5-0-gc12386ae247c)
compiled with OpenSSL version: OpenSSL 1.1.1w 11 Sep 2023
linked to OpenSSL version: OpenSSL 1.1.1w 11 Sep 2023
compiled with libuv version: 1.47.0
linked to libuv version: 1.47.0
compiled with libnghttp2 version: 1.58.0
linked to libnghttp2 version: 1.58.0
compiled with libxml2 version: 2.10.4
linked to libxml2 version: 21004
compiled with json-c version: 0.17
linked to json-c version: 0.17
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): no
default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
DNSSEC root key: /usr/local/etc/namedb/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
<!--
This is extremely important! Be precise and use itemized lists, please.
Even if a default configuration is affected, please include the full configuration
files _you were testing with_.
Example:
1. Use _attached_ configuration file
2. Start BIND server with command: `named -g -c named.conf ...`
3. Simulate legitimate clients using command `dnsperf -S1 -d legit-queries ...`
4. Simulate attack traffic using command `dnsperf -S1 -d attack-queries ...`
-->
1. Use _attached_ configuration file and start BIND server
### What is the current *bug* behavior?
<!-- What actually happens. -->
So this "experimental" features has been introduced about 5 years ago. Yet, after all that time, one or two warning lines are logged to syslog with `LOG_WARNING` severity, depending on whether you foolishly tried to mute the annoying hardcoded warning with the `trust-anchor-telemetry no;` option [as suggested in KB](https://kb.isc.org/docs/aa-01528). The hardcoded warning is annoying, doubling the pointless noise when you try to disable the feature - and, if fact, with a configuration that completely ignores DNSSEC since BIND is only used here to filter out AAAA for certain domains to avoid geolocation with IPv6 tunnels with certain domains - is just inexplicable.
### What is the expected *correct* behavior?
<!-- What you should see instead. -->
Do not log pointless warnings to syslog.
### Relevant configuration files
<!-- Paste any relevant configuration files here - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential issue, it is advisable to
obscure key secrets; this can be done automatically by using
`named-checkconf -px`. -->
```
acl "Allow_ACL" {
127.0.0.0/8;
};
controls {
inet 127.0.0.1 port 9530 allow {
127.0.0.1/32;
} keys {
"rndc-key";
};
};
logging {
channel "default_log" {
file "/var/log/named/named.log" versions 3 size 5242880;
print-time yes;
print-severity yes;
print-category yes;
};
channel "query_log" {
file "/var/log/named/query.log" versions 3 size 5242880;
print-time yes;
};
channel "rpz_log" {
file "/var/log/named/rpz.log" versions 3 size 5242880;
print-time yes;
};
category "default" {
"default_log";
};
category "general" {
"default_log";
};
category "queries" {
"query_log";
};
category "rpz" {
"rpz_log";
};
category "lame-servers" {
"null";
};
};
options {
directory "/usr/local/etc/namedb/working";
dump-file "/var/dump/named_dump.db";
listen-on port 53530 {
127.0.0.1/32;
};
listen-on-v6 port 53530 {
::1/128;
};
pid-file "/var/run/named/pid";
statistics-file "/var/stats/named.stats";
allow-recursion {
"Allow_ACL";
};
dnssec-validation no;
max-cache-size 80%;
recursion yes;
allow-query {
"Allow_ACL";
};
};
key "rndc-key" {
algorithm "hmac-sha256";
secret "????????????????????????????????????????????";
};
plugin query "/usr/local/lib/bind/filter-aaaa.so" {
filter-aaaa-on-v4 break-dnssec;
filter-aaaa-on-v6 break-dnssec;
};
zone "." {
type hint;
file "/usr/local/etc/namedb/named.root";
};
zone "localhost" {
type primary;
file "/usr/local/etc/namedb/primary/localhost-forward.db";
};
zone "127.in-addr.arpa" {
type primary;
file "/usr/local/etc/namedb/primary/localhost-reverse.db";
};
zone "0.ip6.arpa" {
type primary;
file "/usr/local/etc/namedb/primary/localhost-reverse.db";
};
```
### Relevant logs
<!-- Paste any relevant logs here - please use code blocks (```) to format console
output, logs, and code, as it's very hard to read otherwise. -->
```
<28>1 2023-12-18T08:21:44+01:00 gw.example.com named 57351 - [meta sequenceId="31"] /usr/local/etc/namedb/named.conf:27: option 'trust-anchor-telemetry' is experimental and subject to change in the future
<28>1 2023-12-18T08:21:44+01:00 gw.example.com named 57351 - [meta sequenceId="30"] config.c: option 'trust-anchor-telemetry' is experimental and subject to change in the future
```January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)https://gitlab.isc.org/isc-projects/kea/-/issues/3193fix use after free when using botan2024-02-23T18:44:19ZRazvan Becheriufix use after free when using botan```plaintext
WARNING: ThreadSanitizer: heap-use-after-free (pid=73943)
Atomic write of size 4 at 0x7b0800000e68 by main thread:
#0 boost::detail::atomic_decrement(unsigned int*) /usr/include/boost/smart_ptr/detail/sp_counted_base_g...```plaintext
WARNING: ThreadSanitizer: heap-use-after-free (pid=73943)
Atomic write of size 4 at 0x7b0800000e68 by main thread:
#0 boost::detail::atomic_decrement(unsigned int*) /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:40 (libkea-cryptolink.so.48+0x8a2c)
#1 boost::detail::sp_counted_base::release() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:118 (libkea-cryptolink.so.48+0x8a2c)
#2 boost::detail::shared_count::~shared_count() /usr/include/boost/smart_ptr/detail/shared_count.hpp:432 (libkea-cryptolink.so.48+0x8a2c)
#3 boost::shared_ptr<isc::cryptolink::RNG>::~shared_ptr() /usr/include/boost/smart_ptr/shared_ptr.hpp:335 (libkea-cryptolink.so.48+0x8a2c)
#4 boost::shared_ptr<isc::cryptolink::RNG>::reset() /usr/include/boost/smart_ptr/shared_ptr.hpp:687 (libkea-cryptolink.so.48+0x8a2c)
#5 operator() /home/razvan/isc/git/kea-work/src/lib/cryptolink/botan_link.cc:74 (libkea-cryptolink.so.48+0x8a2c)
#6 _FUN /home/razvan/isc/git/kea-work/src/lib/cryptolink/botan_link.cc:74 (libkea-cryptolink.so.48+0x8a2c)
#7 cxa_at_exit_wrapper ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:389 (libtsan.so.2+0x2e813)
Previous write of size 8 at 0x7b0800000e68 by main thread:
#0 operator delete(void*, unsigned long) ../../../../src/libsanitizer/tsan/tsan_new_delete.cpp:150 (libtsan.so.2+0x8cef5)
#1 boost::detail::sp_counted_impl_p<isc::cryptolink::RNGImpl>::~sp_counted_impl_p() /usr/include/boost/smart_ptr/detail/sp_counted_impl.hpp:64 (libkea-cryptolink.so.48+0x914e)
#2 boost::detail::sp_counted_base::destroy() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:99 (libkea-cryptolink.so.48+0x8c27)
#3 boost::detail::sp_counted_base::weak_release() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:134 (libkea-cryptolink.so.48+0x8c27)
#4 boost::detail::sp_counted_base::release() /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:121 (libkea-cryptolink.so.48+0x8c27)
#5 boost::detail::shared_count::~shared_count() /usr/include/boost/smart_ptr/detail/shared_count.hpp:432 (libkea-cryptolink.so.48+0x8c27)
#6 boost::shared_ptr<isc::cryptolink::RNG>::~shared_ptr() /usr/include/boost/smart_ptr/shared_ptr.hpp:335 (libkea-cryptolink.so.48+0x8c27)
#7 isc::cryptolink::CryptoLink::~CryptoLink() /home/razvan/isc/git/kea-work/src/lib/cryptolink/botan_link.cc:27 (libkea-cryptolink.so.48+0x8c27)
#8 cxa_at_exit_wrapper ../../../../src/libsanitizer/tsan/tsan_interceptors_posix.cpp:389 (libtsan.so.2+0x2e813)
SUMMARY: ThreadSanitizer: heap-use-after-free /usr/include/boost/smart_ptr/detail/sp_counted_base_gcc_atomic.hpp:40 in boost::detail::atomic_decrement(unsigned int*)
==================
ThreadSanitizer: reported 1 warnings
```kea2.5.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4496Segfault in journal_seek()2023-12-20T16:32:05ZMichal NowakSegfault in journal_seek()I was running the `checkds` system test from isc-projects/bind9!8357 (based on the `main` branch) in a tight loop to make sure I fixed https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8357#note_424109 and after a few iterations...I was running the `checkds` system test from isc-projects/bind9!8357 (based on the `main` branch) in a tight loop to make sure I fixed https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8357#note_424109 and after a few iterations I found ns10 segfaulted in the journal code:
```
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:Core was generated by `/home/newman/isc/ws/bind9/bin/named/.libs/named -D checkds_tmp_1tlf7zdq-ns10 -m'.
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:Program terminated with signal SIGSEGV, Segmentation fault.
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#0 0x00007fb1f684c29c in __fseeko (fp=0xdededededededede, offset=offset@entry=0, whence=whence@entry=0) at fseeko.c:39
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:Downloading source file /usr/src/debug/glibc-2.38-14.fc39.x86_64/libio/fseeko.c...
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:39 _IO_acquire_lock (fp);
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:[Current thread is 1 (Thread 0x7fb1ddff4680 (LWP 1169410))]
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#0 0x00007fb1f684c29c in __fseeko (fp=0xdededededededede, offset=offset@entry=0, whence=whence@entry=0) at fseeko.c:39
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#1 0x00007fb1f7ad1139 in isc_stdio_seek (f=<optimized out>, offset=offset@entry=0, whence=whence@entry=0) at stdio.c:51
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#2 0x00007fb1f786c8e9 in journal_seek (j=0x7fb1efbc0e00, offset=0) at journal.c:419
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#3 0x00007fb1f786f9e0 in dns_journal_commit (j=0x7fb1efbc0e00) at journal.c:1393
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#4 0x00007fb1f794c489 in ixfr_end_transaction (xfr=<optimized out>) at xfrin.c:496
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#5 ixfr_end_transaction (xfr=0x7fb1efb01a00) at xfrin.c:490
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#6 ixfr_apply_one (data=0x7fb1efa15f50, xfr=0x7fb1efb01a00) at xfrin.c:521
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#7 ixfr_apply (arg=0x7fb1efa0b020) at xfrin.c:561
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#8 0x00007fb1f7ad88eb in isc__work_cb (req=<optimized out>) at work.c:30
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#9 0x00007fb1f756fd89 in worker (arg=0x0) at /usr/src/debug/libuv-1.47.0-3.fc39.x86_64/src/threadpool.c:122
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#10 0x00007fb1f6857897 in start_thread (arg=<optimized out>) at pthread_create.c:444
2023-12-15 12:29:49 INFO:checkds D:/home/newman/isc/ws/bind9/bin/tests/system/checkds_tmp_1tlf7zdq:#11 0x00007fb1f68de6fc in clone3 () at ../sysdeps/unix/sysv/linux/x86_64/clone3.S:78
```
Complete `ns10/` directory: [ns10.tar.xz](/uploads/8f6dacca772eafb8fa09e3abe0f7967f/ns10.tar.xz)
[pytest.log.txt](/uploads/85266e1f2ee308d200b0da1d6b19efdd/pytest.log.txt)January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)https://gitlab.isc.org/isc-projects/bind9/-/issues/4495Conversion from NSEC3 to NSEC removes the NSEC3PARAM too early2024-02-23T11:40:30ZMark AndrewsConversion from NSEC3 to NSEC removes the NSEC3PARAM too earlyThe NSEC3PARAM was being removed immediately by `dns_nsec3param_deletechains` rather than waiting for the NSEC chain to be generated then removing it as part of the clean up. This could result in named returning unsigned answers which w...The NSEC3PARAM was being removed immediately by `dns_nsec3param_deletechains` rather than waiting for the NSEC chain to be generated then removing it as part of the clean up. This could result in named returning unsigned answers which would not validate as secure. This state was transitory being corrected when the NSEC chain completed building.January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)https://gitlab.isc.org/isc-projects/bind9/-/issues/4494add_sigs was using the wrong time in kasp mode2023-12-20T01:13:44ZMark Andrewsadd_sigs was using the wrong time in kasp mode`add_sigs` in lib/dns/zone.c and lib/dns/update.c with `kasp` was using `inception` as a proxy for `now`.
This resulted in RRSIGs not being generated for new keys. It could also result in the wrong keys being used.
I was fixing the `ns...`add_sigs` in lib/dns/zone.c and lib/dns/update.c with `kasp` was using `inception` as a proxy for `now`.
This resulted in RRSIGs not being generated for new keys. It could also result in the wrong keys being used.
I was fixing the `nsec3-to-nsec` test in `autosign` to actually convert from NSEC3 to NSEC and noted that the
change was not signed when it should have been as the zone was signed in the setup phase.
```
14-Dec-2023 18:07:01.331 del nsec3-to-nsec.example. 300 IN SOA mname1. . 2009102722 20 20 1814400 3600
14-Dec-2023 18:07:01.331 del nsec3-to-nsec.example. 0 IN NSEC3PARAM 1 0 0 BEEF
14-Dec-2023 18:07:01.331 add nsec3-to-nsec.example. 300 IN SOA mname1. . 2009102723 20 20 1814400 3600
14-Dec-2023 18:07:01.331 add nsec3-to-nsec.example. 0 IN TYPE65534 \# 8 000140000002BEEF
```
There are other issues that need to be address with this but lets clear this one first.January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/kea/-/issues/3191fix asiolink using botan2023-12-15T20:08:50ZRazvan Becheriufix asiolink using botankea2.5.5Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4493ThreadSanitizer: data race xfrin.c:1555:2 in xfrin_send_request2023-12-18T08:44:34ZArаm SаrgsyаnThreadSanitizer: data race xfrin.c:1555:2 in xfrin_send_requestIn https://gitlab.isc.org/isc-projects/bind9/-/jobs/3873145 there are multiple data races reported between `atomic_init`s in `xfrin_send_request` and atomic reads initiated from the statistics channel.
```
==================
WARNING: Th...In https://gitlab.isc.org/isc-projects/bind9/-/jobs/3873145 there are multiple data races reported between `atomic_init`s in `xfrin_send_request` and atomic reads initiated from the statistics channel.
```
==================
WARNING: ThreadSanitizer: data race (pid=385819)
Write of size 4 at 0x7b7400022a64 by thread T2:
#0 xfrin_send_request /builds/isc-projects/bind9/lib/dns/xfrin.c:1555:2 (libdns-9.19.20-dev.so+0x1f7b2e) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_connect_done /builds/isc-projects/bind9/lib/dns/xfrin.c:1363:11 (libdns-9.19.20-dev.so+0x1f7b2e)
#2 tcp_connected /builds/isc-projects/bind9/lib/dns/dispatch.c:1851:3 (libdns-9.19.20-dev.so+0x63ad2) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 streamdns_call_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:275:2 (libisc-9.19.20-dev.so+0x2ea89) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 streamdns_transport_connected /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:348:2 (libisc-9.19.20-dev.so+0x2ea89)
#5 isc___nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1825:2 (libisc-9.19.20-dev.so+0x1f65a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#6 isc__nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1840:3 (libisc-9.19.20-dev.so+0x1f65a)
#7 tcp_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:211:2 (libisc-9.19.20-dev.so+0x35c14) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__stream_connect /usr/src/libuv-v1.47.0/src/unix/stream.c:1278:5 (libuv.so.1+0x24315) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Previous atomic read of size 4 at 0x7b7400022a64 by main thread:
#0 dns_xfrin_getstats /builds/isc-projects/bind9/lib/dns/xfrin.c:1016:2 (libdns-9.19.20-dev.so+0x1f6029) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_jsonrender /builds/isc-projects/bind9/bin/named/statschannel.c:2735:3 (named+0x150aeb) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#2 dns_zt_apply /builds/isc-projects/bind9/lib/dns/zt.c:524:12 (libdns-9.19.20-dev.so+0x254308) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 generatejson /builds/isc-projects/bind9/bin/named/statschannel.c:3021:5 (named+0x14dd6c) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#4 render_json /builds/isc-projects/bind9/bin/named/statschannel.c:3351:11 (named+0x14dd6c)
#5 render_json_xfrins /builds/isc-projects/bind9/bin/named/statschannel.c:3421:10 (named+0x14a40a) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#6 prepare_response /builds/isc-projects/bind9/lib/isc/httpd.c:790:12 (libisc-9.19.20-dev.so+0x4fab7) (BuildId: d2abce56422ade191082159bc906918b88117875)
#7 httpd_request /builds/isc-projects/bind9/lib/isc/httpd.c:944:2 (libisc-9.19.20-dev.so+0x4fab7)
#8 isc___nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1854:2 (libisc-9.19.20-dev.so+0x204d0) (BuildId: d2abce56422ade191082159bc906918b88117875)
#9 isc__nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1869:3 (libisc-9.19.20-dev.so+0x204d0)
#10 isc__nm_tcp_read_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:773:2 (libisc-9.19.20-dev.so+0x34b0d) (BuildId: d2abce56422ade191082159bc906918b88117875)
#11 uv__read /usr/src/libuv-v1.47.0/src/unix/stream.c:1143:7 (libuv.so.1+0x23d89) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#12 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76157) (BuildId: d2abce56422ade191082159bc906918b88117875)
#13 isc_thread_main /builds/isc-projects/bind9/lib/isc/thread.c:116:2 (libisc-9.19.20-dev.so+0x76157)
#14 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:454:2 (libisc-9.19.20-dev.so+0x5cbf2) (BuildId: d2abce56422ade191082159bc906918b88117875)
#15 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
Location is heap block of size 2440 at 0x7b7400022600 allocated by thread T2:
#0 malloc <null> (named+0x74bbc) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 mallocx /builds/isc-projects/bind9/lib/isc/./jemalloc_shim.h:67:14 (libisc-9.19.20-dev.so+0x60180) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 mem_get /builds/isc-projects/bind9/lib/isc/mem.c:303:8 (libisc-9.19.20-dev.so+0x60180)
#3 isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:675:8 (libisc-9.19.20-dev.so+0x600ca) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:1154:8 (libdns-9.19.20-dev.so+0x1f51d6) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#5 dns_xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:903:2 (libdns-9.19.20-dev.so+0x1f51d6)
#6 got_transfer_quota /builds/isc-projects/bind9/lib/dns/zone.c:17878:11 (libdns-9.19.20-dev.so+0x22c620) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#7 isc__async_cb /builds/isc-projects/bind9/lib/isc/async.c:111:3 (libisc-9.19.20-dev.so+0x4027a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__async_io /usr/src/libuv-v1.47.0/src/unix/async.c:176:5 (libuv.so.1+0x11f3c) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Thread T2 'isc-loop-0002' (tid=385839, running) created by main thread at:
#0 pthread_create <null> (named+0x7679b) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/thread.c:139:8 (libisc-9.19.20-dev.so+0x76277) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:448:3 (libisc-9.19.20-dev.so+0x5cb79) (BuildId: d2abce56422ade191082159bc906918b88117875)
#3 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
SUMMARY: ThreadSanitizer: data race /builds/isc-projects/bind9/lib/dns/xfrin.c:1555:2 in xfrin_send_request
==================
==================
WARNING: ThreadSanitizer: data race (pid=385819)
Write of size 4 at 0x7b7400022a68 by thread T2:
#0 xfrin_send_request /builds/isc-projects/bind9/lib/dns/xfrin.c:1556:2 (libdns-9.19.20-dev.so+0x1f7b44) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_connect_done /builds/isc-projects/bind9/lib/dns/xfrin.c:1363:11 (libdns-9.19.20-dev.so+0x1f7b44)
#2 tcp_connected /builds/isc-projects/bind9/lib/dns/dispatch.c:1851:3 (libdns-9.19.20-dev.so+0x63ad2) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 streamdns_call_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:275:2 (libisc-9.19.20-dev.so+0x2ea89) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 streamdns_transport_connected /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:348:2 (libisc-9.19.20-dev.so+0x2ea89)
#5 isc___nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1825:2 (libisc-9.19.20-dev.so+0x1f65a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#6 isc__nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1840:3 (libisc-9.19.20-dev.so+0x1f65a)
#7 tcp_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:211:2 (libisc-9.19.20-dev.so+0x35c14) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__stream_connect /usr/src/libuv-v1.47.0/src/unix/stream.c:1278:5 (libuv.so.1+0x24315) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Previous atomic read of size 4 at 0x7b7400022a68 by main thread:
#0 dns_xfrin_getstats /builds/isc-projects/bind9/lib/dns/xfrin.c:1017:2 (libdns-9.19.20-dev.so+0x1f604d) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_jsonrender /builds/isc-projects/bind9/bin/named/statschannel.c:2735:3 (named+0x150aeb) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#2 dns_zt_apply /builds/isc-projects/bind9/lib/dns/zt.c:524:12 (libdns-9.19.20-dev.so+0x254308) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 generatejson /builds/isc-projects/bind9/bin/named/statschannel.c:3021:5 (named+0x14dd6c) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#4 render_json /builds/isc-projects/bind9/bin/named/statschannel.c:3351:11 (named+0x14dd6c)
#5 render_json_xfrins /builds/isc-projects/bind9/bin/named/statschannel.c:3421:10 (named+0x14a40a) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#6 prepare_response /builds/isc-projects/bind9/lib/isc/httpd.c:790:12 (libisc-9.19.20-dev.so+0x4fab7) (BuildId: d2abce56422ade191082159bc906918b88117875)
#7 httpd_request /builds/isc-projects/bind9/lib/isc/httpd.c:944:2 (libisc-9.19.20-dev.so+0x4fab7)
#8 isc___nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1854:2 (libisc-9.19.20-dev.so+0x204d0) (BuildId: d2abce56422ade191082159bc906918b88117875)
#9 isc__nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1869:3 (libisc-9.19.20-dev.so+0x204d0)
#10 isc__nm_tcp_read_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:773:2 (libisc-9.19.20-dev.so+0x34b0d) (BuildId: d2abce56422ade191082159bc906918b88117875)
#11 uv__read /usr/src/libuv-v1.47.0/src/unix/stream.c:1143:7 (libuv.so.1+0x23d89) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#12 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76157) (BuildId: d2abce56422ade191082159bc906918b88117875)
#13 isc_thread_main /builds/isc-projects/bind9/lib/isc/thread.c:116:2 (libisc-9.19.20-dev.so+0x76157)
#14 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:454:2 (libisc-9.19.20-dev.so+0x5cbf2) (BuildId: d2abce56422ade191082159bc906918b88117875)
#15 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
Location is heap block of size 2440 at 0x7b7400022600 allocated by thread T2:
#0 malloc <null> (named+0x74bbc) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 mallocx /builds/isc-projects/bind9/lib/isc/./jemalloc_shim.h:67:14 (libisc-9.19.20-dev.so+0x60180) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 mem_get /builds/isc-projects/bind9/lib/isc/mem.c:303:8 (libisc-9.19.20-dev.so+0x60180)
#3 isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:675:8 (libisc-9.19.20-dev.so+0x600ca) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:1154:8 (libdns-9.19.20-dev.so+0x1f51d6) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#5 dns_xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:903:2 (libdns-9.19.20-dev.so+0x1f51d6)
#6 got_transfer_quota /builds/isc-projects/bind9/lib/dns/zone.c:17878:11 (libdns-9.19.20-dev.so+0x22c620) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#7 isc__async_cb /builds/isc-projects/bind9/lib/isc/async.c:111:3 (libisc-9.19.20-dev.so+0x4027a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__async_io /usr/src/libuv-v1.47.0/src/unix/async.c:176:5 (libuv.so.1+0x11f3c) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Thread T2 'isc-loop-0002' (tid=385839, running) created by main thread at:
#0 pthread_create <null> (named+0x7679b) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/thread.c:139:8 (libisc-9.19.20-dev.so+0x76277) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:448:3 (libisc-9.19.20-dev.so+0x5cb79) (BuildId: d2abce56422ade191082159bc906918b88117875)
#3 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
SUMMARY: ThreadSanitizer: data race /builds/isc-projects/bind9/lib/dns/xfrin.c:1556:2 in xfrin_send_request
==================
==================
WARNING: ThreadSanitizer: data race (pid=385819)
Write of size 8 at 0x7b7400022a70 by thread T2:
#0 xfrin_send_request /builds/isc-projects/bind9/lib/dns/xfrin.c:1557:2 (libdns-9.19.20-dev.so+0x1f7b5a) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_connect_done /builds/isc-projects/bind9/lib/dns/xfrin.c:1363:11 (libdns-9.19.20-dev.so+0x1f7b5a)
#2 tcp_connected /builds/isc-projects/bind9/lib/dns/dispatch.c:1851:3 (libdns-9.19.20-dev.so+0x63ad2) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 streamdns_call_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:275:2 (libisc-9.19.20-dev.so+0x2ea89) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 streamdns_transport_connected /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:348:2 (libisc-9.19.20-dev.so+0x2ea89)
#5 isc___nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1825:2 (libisc-9.19.20-dev.so+0x1f65a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#6 isc__nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1840:3 (libisc-9.19.20-dev.so+0x1f65a)
#7 tcp_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:211:2 (libisc-9.19.20-dev.so+0x35c14) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__stream_connect /usr/src/libuv-v1.47.0/src/unix/stream.c:1278:5 (libuv.so.1+0x24315) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Previous atomic read of size 8 at 0x7b7400022a70 by main thread:
#0 dns_xfrin_getstats /builds/isc-projects/bind9/lib/dns/xfrin.c:1018:2 (libdns-9.19.20-dev.so+0x1f6070) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_jsonrender /builds/isc-projects/bind9/bin/named/statschannel.c:2735:3 (named+0x150aeb) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#2 dns_zt_apply /builds/isc-projects/bind9/lib/dns/zt.c:524:12 (libdns-9.19.20-dev.so+0x254308) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 generatejson /builds/isc-projects/bind9/bin/named/statschannel.c:3021:5 (named+0x14dd6c) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#4 render_json /builds/isc-projects/bind9/bin/named/statschannel.c:3351:11 (named+0x14dd6c)
#5 render_json_xfrins /builds/isc-projects/bind9/bin/named/statschannel.c:3421:10 (named+0x14a40a) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#6 prepare_response /builds/isc-projects/bind9/lib/isc/httpd.c:790:12 (libisc-9.19.20-dev.so+0x4fab7) (BuildId: d2abce56422ade191082159bc906918b88117875)
#7 httpd_request /builds/isc-projects/bind9/lib/isc/httpd.c:944:2 (libisc-9.19.20-dev.so+0x4fab7)
#8 isc___nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1854:2 (libisc-9.19.20-dev.so+0x204d0) (BuildId: d2abce56422ade191082159bc906918b88117875)
#9 isc__nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1869:3 (libisc-9.19.20-dev.so+0x204d0)
#10 isc__nm_tcp_read_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:773:2 (libisc-9.19.20-dev.so+0x34b0d) (BuildId: d2abce56422ade191082159bc906918b88117875)
#11 uv__read /usr/src/libuv-v1.47.0/src/unix/stream.c:1143:7 (libuv.so.1+0x23d89) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#12 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76157) (BuildId: d2abce56422ade191082159bc906918b88117875)
#13 isc_thread_main /builds/isc-projects/bind9/lib/isc/thread.c:116:2 (libisc-9.19.20-dev.so+0x76157)
#14 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:454:2 (libisc-9.19.20-dev.so+0x5cbf2) (BuildId: d2abce56422ade191082159bc906918b88117875)
#15 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
Location is heap block of size 2440 at 0x7b7400022600 allocated by thread T2:
#0 malloc <null> (named+0x74bbc) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 mallocx /builds/isc-projects/bind9/lib/isc/./jemalloc_shim.h:67:14 (libisc-9.19.20-dev.so+0x60180) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 mem_get /builds/isc-projects/bind9/lib/isc/mem.c:303:8 (libisc-9.19.20-dev.so+0x60180)
#3 isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:675:8 (libisc-9.19.20-dev.so+0x600ca) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:1154:8 (libdns-9.19.20-dev.so+0x1f51d6) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#5 dns_xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:903:2 (libdns-9.19.20-dev.so+0x1f51d6)
#6 got_transfer_quota /builds/isc-projects/bind9/lib/dns/zone.c:17878:11 (libdns-9.19.20-dev.so+0x22c620) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#7 isc__async_cb /builds/isc-projects/bind9/lib/isc/async.c:111:3 (libisc-9.19.20-dev.so+0x4027a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__async_io /usr/src/libuv-v1.47.0/src/unix/async.c:176:5 (libuv.so.1+0x11f3c) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Thread T2 'isc-loop-0002' (tid=385839, running) created by main thread at:
#0 pthread_create <null> (named+0x7679b) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/thread.c:139:8 (libisc-9.19.20-dev.so+0x76277) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:448:3 (libisc-9.19.20-dev.so+0x5cb79) (BuildId: d2abce56422ade191082159bc906918b88117875)
#3 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
SUMMARY: ThreadSanitizer: data race /builds/isc-projects/bind9/lib/dns/xfrin.c:1557:2 in xfrin_send_request
==================
==================
WARNING: ThreadSanitizer: data race (pid=385819)
Write of size 8 at 0x7b7400022a78 by thread T2:
#0 xfrin_send_request /builds/isc-projects/bind9/lib/dns/xfrin.c:1558:27 (libdns-9.19.20-dev.so+0x1f7b7c) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_connect_done /builds/isc-projects/bind9/lib/dns/xfrin.c:1363:11 (libdns-9.19.20-dev.so+0x1f7b7c)
#2 tcp_connected /builds/isc-projects/bind9/lib/dns/dispatch.c:1851:3 (libdns-9.19.20-dev.so+0x63ad2) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 streamdns_call_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:275:2 (libisc-9.19.20-dev.so+0x2ea89) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 streamdns_transport_connected /builds/isc-projects/bind9/lib/isc/netmgr/streamdns.c:348:2 (libisc-9.19.20-dev.so+0x2ea89)
#5 isc___nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1825:2 (libisc-9.19.20-dev.so+0x1f65a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#6 isc__nm_connectcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1840:3 (libisc-9.19.20-dev.so+0x1f65a)
#7 tcp_connect_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:211:2 (libisc-9.19.20-dev.so+0x35c14) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__stream_connect /usr/src/libuv-v1.47.0/src/unix/stream.c:1278:5 (libuv.so.1+0x24315) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Previous atomic read of size 8 at 0x7b7400022a78 by main thread:
#0 dns_xfrin_getstarttime /builds/isc-projects/bind9/lib/dns/xfrin.c:955:10 (libdns-9.19.20-dev.so+0x1f5db5) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#1 xfrin_jsonrender /builds/isc-projects/bind9/bin/named/statschannel.c:2719:35 (named+0x150a5a) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#2 dns_zt_apply /builds/isc-projects/bind9/lib/dns/zt.c:524:12 (libdns-9.19.20-dev.so+0x254308) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#3 generatejson /builds/isc-projects/bind9/bin/named/statschannel.c:3021:5 (named+0x14dd6c) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#4 render_json /builds/isc-projects/bind9/bin/named/statschannel.c:3351:11 (named+0x14dd6c)
#5 render_json_xfrins /builds/isc-projects/bind9/bin/named/statschannel.c:3421:10 (named+0x14a40a) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#6 prepare_response /builds/isc-projects/bind9/lib/isc/httpd.c:790:12 (libisc-9.19.20-dev.so+0x4fab7) (BuildId: d2abce56422ade191082159bc906918b88117875)
#7 httpd_request /builds/isc-projects/bind9/lib/isc/httpd.c:944:2 (libisc-9.19.20-dev.so+0x4fab7)
#8 isc___nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1854:2 (libisc-9.19.20-dev.so+0x204d0) (BuildId: d2abce56422ade191082159bc906918b88117875)
#9 isc__nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1869:3 (libisc-9.19.20-dev.so+0x204d0)
#10 isc__nm_tcp_read_cb /builds/isc-projects/bind9/lib/isc/netmgr/tcp.c:773:2 (libisc-9.19.20-dev.so+0x34b0d) (BuildId: d2abce56422ade191082159bc906918b88117875)
#11 uv__read /usr/src/libuv-v1.47.0/src/unix/stream.c:1143:7 (libuv.so.1+0x23d89) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#12 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76157) (BuildId: d2abce56422ade191082159bc906918b88117875)
#13 isc_thread_main /builds/isc-projects/bind9/lib/isc/thread.c:116:2 (libisc-9.19.20-dev.so+0x76157)
#14 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:454:2 (libisc-9.19.20-dev.so+0x5cbf2) (BuildId: d2abce56422ade191082159bc906918b88117875)
#15 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
Location is heap block of size 2440 at 0x7b7400022600 allocated by thread T2:
#0 malloc <null> (named+0x74bbc) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 mallocx /builds/isc-projects/bind9/lib/isc/./jemalloc_shim.h:67:14 (libisc-9.19.20-dev.so+0x60180) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 mem_get /builds/isc-projects/bind9/lib/isc/mem.c:303:8 (libisc-9.19.20-dev.so+0x60180)
#3 isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:675:8 (libisc-9.19.20-dev.so+0x600ca) (BuildId: d2abce56422ade191082159bc906918b88117875)
#4 xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:1154:8 (libdns-9.19.20-dev.so+0x1f51d6) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#5 dns_xfrin_create /builds/isc-projects/bind9/lib/dns/xfrin.c:903:2 (libdns-9.19.20-dev.so+0x1f51d6)
#6 got_transfer_quota /builds/isc-projects/bind9/lib/dns/zone.c:17878:11 (libdns-9.19.20-dev.so+0x22c620) (BuildId: bab2735a59e6298892dc0108d4f46c7950d0e6bf)
#7 isc__async_cb /builds/isc-projects/bind9/lib/isc/async.c:111:3 (libisc-9.19.20-dev.so+0x4027a) (BuildId: d2abce56422ade191082159bc906918b88117875)
#8 uv__async_io /usr/src/libuv-v1.47.0/src/unix/async.c:176:5 (libuv.so.1+0x11f3c) (BuildId: 32453d368d146743ff5ec25a0074aa9dace64c7c)
#9 thread_body /builds/isc-projects/bind9/lib/isc/thread.c:85:8 (libisc-9.19.20-dev.so+0x76420) (BuildId: d2abce56422ade191082159bc906918b88117875)
#10 thread_run /builds/isc-projects/bind9/lib/isc/thread.c:100:14 (libisc-9.19.20-dev.so+0x76420)
Thread T2 'isc-loop-0002' (tid=385839, running) created by main thread at:
#0 pthread_create <null> (named+0x7679b) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/thread.c:139:8 (libisc-9.19.20-dev.so+0x76277) (BuildId: d2abce56422ade191082159bc906918b88117875)
#2 isc_loopmgr_run /builds/isc-projects/bind9/lib/isc/loop.c:448:3 (libisc-9.19.20-dev.so+0x5cb79) (BuildId: d2abce56422ade191082159bc906918b88117875)
#3 main /builds/isc-projects/bind9/bin/named/main.c:1574:2 (named+0x10ef71) (BuildId: d5303820077a5b152a0a5e70881da5cdadd80ee3)
SUMMARY: ThreadSanitizer: data race /builds/isc-projects/bind9/lib/dns/xfrin.c:1558:27 in xfrin_send_request
==================
ThreadSanitizer: reported 4 warnings
```January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4492QNAME Minimization Implementation Inquiry2023-12-14T15:40:17ZJonathan MagnussonQNAME Minimization Implementation InquiryHi,
I am conducting some research measurements on QNAME Minimization implementations of popular open-source resolvers in light of
RFC 9156, having replaced RFC 7816.
While running some tests I noticed that Bind in the past has been usi...Hi,
I am conducting some research measurements on QNAME Minimization implementations of popular open-source resolvers in light of
RFC 9156, having replaced RFC 7816.
While running some tests I noticed that Bind in the past has been using the NS RR and minimized queries to the sixth label before
sending the FQDN. Today this implementation has been replaced and Bind is using the A RR and minimize to the seventh label.
Observing incoming queries at a SLD authoritative name server, we see that Bind starts its minimization process by sending
a query with four labels instead of the expected three. I am very curious about this oddity. What causes this? Is it by design?
Appreciate any insight into Bind's QNAME Minimization implementation.https://gitlab.isc.org/isc-projects/bind9/-/issues/4491Use RCU instead of rwlock in isc_log unit2024-02-09T10:56:23ZOndřej SurýUse RCU instead of rwlock in isc_log unitWhile adding some extra logging for debugging purposes, I've noticed that the RWLOCK in isc_log unit can be replaces with RCU. I think this would be a nice introductory issue for @aydin.While adding some extra logging for debugging purposes, I've noticed that the RWLOCK in isc_log unit can be replaces with RCU. I think this would be a nice introductory issue for @aydin.March 2024 (9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.22)Aydın MercanAydın Mercanhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4490Zone file got updated via named process unexpected2023-12-14T08:41:00Zdonghua liuZone file got updated via named process unexpectedI have a bind9 service running on the server, and some views configured, but I found a zone file got updated unexpect when I made some resolve changes.
Here is parts of the original contents of the updated zone file.
```
$TTL 86400 ...I have a bind9 service running on the server, and some views configured, but I found a zone file got updated unexpect when I made some resolve changes.
Here is parts of the original contents of the updated zone file.
```
$TTL 86400 ; 1 day
@ IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. (
2019091901 ; serial number
10800 ; Refresh interval, every 3 hours
3600 ; Retry interval, every 30 minutes
604800 ; Expire after 1 week
86400 ) ; Minimum TTL of 1 day
$INCLUDE /etc/named.data/db.ynu.edu.cn.common
; RR of type A
;
lb-http-jz IN A 113.55.14.52
;
vpn1 10800 IN A 192.168.208.3
ynucdn 600 IN A 202.203.208.4
......
```
And this is the auto updated parts of that file.
```
$ORIGIN .
$TTL 86400 ; 1 day
ynu.edu.cn IN SOA pridns.ynu.edu.cn. root.pridns.ynu.edu.cn. (
2019091903 ; serial
10800 ; refresh (3 hours)
3600 ; retry (1 hour)
604800 ; expire (1 week)
86400 ; minimum (1 day)
)
$ORIGIN ynu.edu.cn.
100 CNAME lb-http
65031141 CNAME www.itc
$ORIGIN 65031141.ynu.edu.cn.
ip-watcher A 113.55.13.114
kibana CNAME lb-http.ynu.edu.cn.
portainer CNAME lb-http.ynu.edu.cn.
$ORIGIN ynu.edu.cn.
_cdnauth TXT "2023060823081361d03c617f075ac05df69f6309bd9aa6"
access A 113.55.0.80
......
```
The update contents contain some `$ORIGIN` seems to produced via `named` process.
The related pieces of named.conf configurations is:
```
......
view "INTRANET"{
match-clients { INTRANET_ACL;};
recursion yes;
include "/etc/named.common.zones.conf";
zone "ynu.edu.cn" in {
type master;
file "db.ynu.edu.cn.intranet";
};
};
......
```
And I found some general logs maybe provide some clues.
```
14-Dec-2023 14:39:25.460 general: debug 1: zone_timer: zone ynu.edu.cn/IN/INTRANET: enter
14-Dec-2023 14:39:25.460 general: debug 1: zone_maintenance: zone ynu.edu.cn/IN/INTRANET: enter
14-Dec-2023 14:39:25.460 general: debug 1: zone_dump: zone ynu.edu.cn/IN/INTRANET: enter
14-Dec-2023 14:39:25.460 general: debug 1: zone_settimer: zone ynu.edu.cn/IN/INTRANET: enter
14-Dec-2023 14:39:25.460 general: debug 1: zone_gotwritehandle: zone ynu.edu.cn/IN/INTRANET: enter
14-Dec-2023 14:39:25.460 general: debug 1: dumptostreaminc(0x7efe0d938010) new nodes -> 212
14-Dec-2023 14:39:25.461 general: debug 1: dumptostreaminc(0x7efe0d938010) new nodes -> 310
14-Dec-2023 14:39:25.464 general: debug 1: dump_done: zone ynu.edu.cn/IN/INTRANET: enter
```
I did not configure master/slave mode of bind9. And I serached the sources of bind9, but failed to find some keywords like [`zone_timer`][1] or [`zone_gotwritehandle`][2].
I have stucked on this strange problem for a few days.
[1]: https://github.com/search?q=repo%3Aisc-projects%2Fbind9%20zone_timer&type=code
[2]: https://github.com/search?q=repo%3Aisc-projects%2Fbind9%20zone_gotwritehandle&type=codehttps://gitlab.isc.org/isc-projects/kea/-/issues/3190heap-use-after-free and invalid vptr on Mgrs after IOThreadPool IOService/oth...2024-03-13T12:10:37ZAndrei Pavelandrei@isc.orgheap-use-after-free and invalid vptr on Mgrs after IOThreadPool IOService/other-non-main-thread IOservice distructionReplication steps:
1. Start `kea-dhcp4` built with address sanitizer and UB sanitizer with this configuration:
```plaintext
{
"Dhcp4": {
"hooks-libraries": [
{
"library": "/opt/kea/lib/kea/hooks/li...Replication steps:
1. Start `kea-dhcp4` built with address sanitizer and UB sanitizer with this configuration:
```plaintext
{
"Dhcp4": {
"hooks-libraries": [
{
"library": "/opt/kea/lib/kea/hooks/libdhcp_ping_check.so",
"parameters": {
}
}
]
}
}
```
2. `kill -SIGINT $(pidof kea-dhcp4)` or `clrl-C` in the terminal.
3a. If Kea is built with code prior to merging of issue 3019, then you should observe this warning: https://gitlab.isc.org/isc-projects/kea/-/issues/3190#note_423820
3b. If Kea is built after merging of issue 3019, then you might observe a different warning:
```plaintext
INFO PING_CHECK_MGR_STOPPED channel operations have stopped
/usr/include/boost/asio/basic_deadline_timer.hpp:351:41: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/basic_deadline_timer.hpp:351:41 in
/usr/include/boost/asio/detail/io_object_impl.hpp:97:15: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/io_object_impl.hpp:97:15 in
/usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5: runtime error: member call on address 0x60b000015ac0 which does not point to an object of type 'boost::asio::detail::deadline_timer_service<boost::asio::time_traits<boost::posix_time::ptime>>'
0x60b000015ac0: note: object has invalid vptr
00 00 00 00 00 0d 00 00 00 00 00 00 a8 6d b5 51 38 7f 00 00 00 00 00 00 00 00 00 00 10 5e 05 00
^~~~~~~~~~~~~~~~~~~~~~~
invalid vptr
SUMMARY: UndefinedBehaviorSanitizer: undefined-behavior /usr/include/boost/asio/detail/deadline_timer_service.hpp:100:5 in
INFO PING_CHECK_UNLOAD Ping Check hooks library has been unloaded
```kea2.5.7Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/stork/-/issues/1264CodeQL: Python issues2024-02-02T11:56:23ZTomek MrugalskiCodeQL: Python issuesCodeQL reports [13 issues in the Python](https://github.com/isc-projects/stork/security/code-scanning?query=is%3Aopen+branch%3Amaster+language%3Apython) code. 3 of them are errors, 1 warning, remaining are notes related to tests. Neverth...CodeQL reports [13 issues in the Python](https://github.com/isc-projects/stork/security/code-scanning?query=is%3Aopen+branch%3Amaster+language%3Apython) code. 3 of them are errors, 1 warning, remaining are notes related to tests. Nevertheless it's useful to address them, so the security report on github is cleaner and has less noise.1.15Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/4488Memory/reference leak in lib/dns/zone.c:zone_sign2024-01-04T17:01:47ZMark AndrewsMemory/reference leak in lib/dns/zone.c:zone_signWhen fixing #4466 named was reporting a memory leak on shutdown. This was traced to a misplaced `continue` in `sign_zone` resulting in `dst_key's` not being freed.When fixing #4466 named was reporting a memory leak on shutdown. This was traced to a misplaced `continue` in `sign_zone` resulting in `dst_key's` not being freed.January 2024 (9.16.46, 9.16.46-S1, 9.18.22, 9.18.22-S1, 9.19.20) (❗RECALLED❗)https://gitlab.isc.org/isc-projects/kea-quick-config/-/issues/57forgot release notes for [#14]2023-12-12T21:48:58ZDarren Ankneyforgot release notes for [#14]add the missing release notesadd the missing release notes0.3Darren AnkneyDarren Ankneyhttps://gitlab.isc.org/isc-projects/stork/-/issues/1263isc-stork-server consumes all memory on Debian 122024-01-24T16:02:01ZRoman Haefeliisc-stork-server consumes all memory on Debian 12---
name: isc-stork-server suspected to leak memory
about: it consumes all available memory on Debian 12
---
When running isc-stork-server > 1.11 on Debian 12, CPU usage of the process `/usr/bin/stork-server` jumps to 100% and the memor...---
name: isc-stork-server suspected to leak memory
about: it consumes all available memory on Debian 12
---
When running isc-stork-server > 1.11 on Debian 12, CPU usage of the process `/usr/bin/stork-server` jumps to 100% and the memory consumption steadily increases after displaying the "DHCP" -> "Subnets" Page in the frontend. After 1-2 minutes, all available memory is consumed by the `/usr/bin/stork-server` process and the frontend becomes laggy and starts printing errors. This problem appears with the versions:
- 1.12
- 1.13
- 1.14
but not with:
- 1.11
**To Reproduce**
Steps to reproduce the behavior:
1. Install isc-stork-server 1.14
2. Visit the page "DHCP" -> "Subnets"
3. Observe memory usage of `/usr/bin/stork-server`
4. When it reaches maximum usage, frontend becomes unresponsive
**Expected behavior**
The `/usr/bin/stork-server` should consume a sane amount of memory and the frontend should stay responsive.
**Environment:**
- Kea version: 2.2.1
- Stork: 1.14
- OS:
- Debian 12 amd64 for Kea and stork-agent (VM)
- Debian 12 amd64 for stork-server (separate system) with 8 GB RAM and 2 CPU cores (VM)
- Database for stork-server:
- PostgreSQL 15 (Debian 12 amd64)
- Kea configuration:
- Subnets in configuration (1384 subnets)
- Host reservations in configuration
- Leases stored in memfile
- Kea hooks loaded:
- libdhcp_lease_cmds.so
- libdhcp_host_cmds.so
- libdhcp_stat_cmds.so
- libdhcp_ha.so
- Kea setup: 3 Kea instances in HA configuration with roles:
- primary
- secondary
- backup
**Additional Information**
Stork server configuration `server.env`:
```
### database settings
### the address of a PostgreSQL database
STORK_DATABASE_HOST=ddi-db-prod.example.org
### the port of a PostgreSQL database
# STORK_DATABASE_PORT=
### the name of a database
STORK_DATABASE_NAME=stork
### the username for connecting to the database
STORK_DATABASE_USER_NAME=stork
### the SSL mode for connecting to the database
### possible values: disable, require, verify-ca, or verify-full
STORK_DATABASE_SSLMODE=require
### the location of the SSL certificate used by the server to connect to the database
# STORK_DATABASE_SSLCERT=
### the location of the SSL key used by the server to connect to the database
# STORK_DATABASE_SSLKEY=
### the location of the root certificate file used to verify the database server's certificate
# STORK_DATABASE_SSLROOTCERT=
### the password for the username connecting to the database
### empty password is set to avoid prompting a user for database password
STORK_DATABASE_PASSWORD=secretpassword
### REST API settings
### the IP address on which the server listens
STORK_REST_HOST=0.0.0.0
### the port number on which the server listens
STORK_REST_PORT=8443
### the file with a certificate to use for secure connections
STORK_REST_TLS_CERTIFICATE=/etc/ssl/localcerts/dhcp-mon-prod.example.org.crt
### the file with a private key to use for secure connections
STORK_REST_TLS_PRIVATE_KEY=/etc/ssl/localcerts/dhcp-mon-prod.example.org.key
### the certificate authority file used for mutual TLS authentication
# STORK_REST_TLS_CA_CERTIFICATE=
### the directory with static files served in the UI
STORK_REST_STATIC_FILES_DIR=/usr/share/stork/www
### enable Prometheus /metrics HTTP endpoint for exporting metrics from
### the server to Prometheus. It is recommended to secure this endpoint
### (e.g. using HTTP proxy).
STORK_SERVER_ENABLE_METRICS=false
### Logging parameters
### Set logging level. Supported values are: DEBUG, INFO, WARN, ERROR
STORK_LOG_LEVEL=WARN
### disable output colorization
CLICOLOR=false
```
Kea-DHCP4 configuration `kea-dhcp4.conf` (leaving out subnets and reservations):
```
{
"Dhcp4": {
"cache-max-age": 120,
"cache-threshold": 0.5,
"control-socket": {
"socket-name": "/tmp/kea4-ctrl-socket",
"socket-type": "unix"
},
"ddns-generated-prefix": "",
"ddns-override-client-update": false,
"ddns-override-no-update": false,
"ddns-qualifying-suffix": "example.org.",
"ddns-replace-client-name": "never",
"ddns-send-updates": true,
"ddns-update-on-renew": true,
"ddns-use-conflict-resolution": true,
"decline-probation-period": 3600,
"dhcp-ddns": {
"enable-updates": true,
"max-queue-size": 1024,
"ncr-format": "JSON",
"ncr-protocol": "UDP",
"server-ip": "127.0.0.1",
"server-port": 53001
},
"hooks-libraries": [
{
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_lease_cmds.so"
},
{
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_host_cmds.so"
},
{
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_stat_cmds.so"
},
{
"library": "/usr/lib/x86_64-linux-gnu/kea/hooks/libdhcp_ha.so",
"parameters": {
"high-availability": [
{
"cert-file": "/etc/ssl/localcerts/dhcp-pri1-prod.example.org.crt",
"delayed-updates-limit": 100,
"heartbeat-delay": 1000,
"key-file": "/etc/ssl/localcerts/dhcp-pri1-prod.example.org.key",
"max-ack-delay": 5000,
"max-response-delay": 4000,
"max-unacked-clients": 0,
"mode": "load-balancing",
"multi-threading": {
"enable-multi-threading": true,
"http-client-threads": 0,
"http-dedicated-listener": true,
"http-listener-threads": 0
},
"peers": [
{
"auto-failover": true,
"name": "dhcp-pri1-prod.example.org",
"role": "primary",
"url": "https://10.158.0.68:8001/"
},
{
"auto-failover": true,
"name": "dhcp-sec1-prod.example.org",
"role": "secondary",
"url": "https://10.158.0.168:8001/"
},
{
"auto-failover": true,
"name": "dhcp-bac1-prod.example.org",
"role": "backup",
"url": "https://10.158.0.169:8001/"
}
],
"require-client-certs": true,
"send-lease-updates": true,
"sync-leases": true,
"this-server-name": "dhcp-pri1-prod.example.org",
"trust-anchor": "/usr/share/ca-certificates/root_ad-example.org.2018.crt"
}
]
}
}
],
"hostname-char-replacement": "",
"hostname-char-set": "",
"interfaces-config": {
"interfaces": [
"eth0"
]
},
"lease-database": {
"name": "/var/lib/kea/kea-leases4.csv",
"type": "memfile"
},
"loggers": [
{
"debuglevel": 99,
"name": "*",
"severity": "DEBUG"
},
{
"debuglevel": 99,
"name": "kea-dhcp4.commands",
"severity": "DEBUG"
}
],
"multi-threading": {
"enable-multi-threading": true,
"packet-queue-size": 64,
"thread-pool-size": 0
},
"option-data": [
{
"always-send": false,
"data": "10.158.0.153, 10.158.1.53",
"name": "domain-name-servers"
},
{
"always-send": false,
"data": "example.org",
"name": "domain-name"
},
{
"always-send": false,
"data": "example.org",
"name": "domain-search"
},
{
"always-send": false,
"data": "10.144.128.12",
"name": "cisco-autoinstall"
}
],
"option-def": [
{
"array": false,
"code": 150,
"name": "cisco-autoinstall",
"type": "ipv4-address"
}
],
"rebind-timer": 2000,
"renew-timer": 1000,
"reservations-global": true,
"reservations-in-subnet": true,
"reservations-out-of-pool": false,
"valid-lifetime": 4000
}
}
```1.15Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1262stork-tool can't connect to Postgres with unix socket2023-12-12T14:31:05Zmikygeestork-tool can't connect to Postgres with unix socketHello,
I execute this command line but I get this error.
```
# ./backend/cmd/stork-tool/stork-tool db-init --db-host=/tmp/.s.PGSQL.5432 --db-name storkdatabase --db-user storkuser --db-password storkpassword
INFO[2023-12-12 03:09:44] ...Hello,
I execute this command line but I get this error.
```
# ./backend/cmd/stork-tool/stork-tool db-init --db-host=/tmp/.s.PGSQL.5432 --db-name storkdatabase --db-user storkuser --db-password storkpassword
INFO[2023-12-12 03:09:44] main.go:134 SQL queries tracing set to none
INFO[2023-12-12 03:09:44] connection.go:90 Checking connection to database
WARN[2023-12-12 03:09:44] connection.go:122 Problem connecting to db, trying again in 2 seconds, 1/10 error="unable to connect to the database using provided settings: dial tcp: lookup /tmp/.s.PGSQL.5432: no such host"
```
So I try to use a unix socket but stork says "dial tcp"
On this page
https://stork.readthedocs.io/en/latest/man/stork-tool.8.html
I see
```
--db-host=
Specifies the name of the host, IP address **or a socket path for the database connection**. The default value depends on the system.
```