ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2022-11-02T15:10:18Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/997Remove commit and rollback methods from lease and host manager APIs.2022-11-02T15:10:18ZFrancis DupontRemove commit and rollback methods from lease and host manager APIs.They are unused so useless. Note they make sense only with transactions which span over more than one service method and such transactions (nor a way to manage them) do not exist.They are unused so useless. Note they make sense only with transactions which span over more than one service method and such transactions (nor a way to manage them) do not exist.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1001configure tweaks2022-02-21T16:09:52ZTomek Mrugalskiconfigure tweaksThere are several things we could tweak in the configure script:
- several help instances show defaults in double brackets `[[default=no]]`, but others show in single brackets `[default=no]` and others as `(default=no)` , e.g. --with-we...There are several things we could tweak in the configure script:
- several help instances show defaults in double brackets `[[default=no]]`, but others show in single brackets `[default=no]` and others as `(default=no)` , e.g. --with-werror.
- unknown (e.g. misspelled) parameters are ignored (e.g. `--with-gtest-sources=..`). There's a warning at the top, but it should either be error or at least made more prominent.
- sphinx-build is being printed twice
- the expression "building docs in PDF" is awkward, should be "building PDF docs"
- there are old checks for __SUNPRO_CC - we don't and won't support Solaris
- with-aix-soname - why do we have option like this?
- the options are split into "optional features" and "optional packages" in seemingly random fashion (perfdhcp, static link and disable-rpath are in packages section, mysql, werror checking and some weird AIX options in "packages")outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1009Provide a standard queue choice for packet queue2019-12-12T16:57:24ZFrancis DupontProvide a standard queue choice for packet queueToday we have only the ring but even with an infinite (0) capacity it is not the same than a queue.
Whether this should stay internal to the dhcp library or available to DHCP server syntaxes is still a subject for discussion.Today we have only the ring but even with an infinite (0) capacity it is not the same than a queue.
Whether this should stay internal to the dhcp library or available to DHCP server syntaxes is still a subject for discussion.outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/1326named-checkconf option to include defaults in output2023-11-02T16:43:59ZBrian Conrynamed-checkconf option to include defaults in outputA customer has requested an option for `named-checkconf` to integrate the full set of defaults into the output.
One of the purpose of this is to make it easier to document (e.g. for an external operations team) all of the configuration ...A customer has requested an option for `named-checkconf` to integrate the full set of defaults into the output.
One of the purpose of this is to make it easier to document (e.g. for an external operations team) all of the configuration options values that are being used by BIND without having to consult the ARM (and make sure that you're looking at the version of the ARM that matches the version of BIND that you're running).
*See also:*
* #2798;Not plannedArtem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/stork/-/issues/90When UI is running, but the server is not, the login error is incorrect2024-02-13T15:24:02ZTomek MrugalskiWhen UI is running, but the server is not, the login error is incorrectHere's something I came up with while playing with Stork on MacOS.
- The UI is running (rake serve_ui)
- The server was NOT running
There's a correct error printed on the console:
```
[HPM] Error occurred while trying to proxy request ...Here's something I came up with while playing with Stork on MacOS.
- The UI is running (rake serve_ui)
- The server was NOT running
There's a correct error printed on the console:
```
[HPM] Error occurred while trying to proxy request /api/version from localhost:4200 to http://localhost:8080 (ECONNREFUSED) (https://nodejs.org/api/errors.html#errors_common_system_errors)
[HPM] Error occurred while trying to proxy request /api/sessions?useremail=sdds&userpassword=sdsd from localhost:4200 to http://localhost:8080 (ECONNREFUSED) (https://nodejs.org/api/errors.html#errors_common_system_errors)
[HPM] Error occurred while trying to proxy request /api/sessions?useremail=admin&userpassword=admin from localhost:4200 to http://localhost:8080 (ECONNREFUSED) (https://nodejs.org/api/errors.html#errors_common_system_errors)
```
However, when trying to log in with known credentials, the UI says the login or password was incorrect. There should be a different error message saying something like "unable to contact Stork server" or similar.backloghttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/35Replace RFC 6966 with RFC 7766 at https://ednscomp.isc.org/ednscomp/2022-12-27T11:59:12ZGhost UserReplace RFC 6966 with RFC 7766 at https://ednscomp.isc.org/ednscomp/https://ednscomp.isc.org/ednscomp/1d4f143106 says
```
EDNS - over TCP Response (edns@512tcp)
dig +vc +nocookie +norec +noad +edns +dnssec +bufsize=512 dnskey zone @server
expect: NOERROR
expect: OPT record with version set to 0
See RFC5...https://ednscomp.isc.org/ednscomp/1d4f143106 says
```
EDNS - over TCP Response (edns@512tcp)
dig +vc +nocookie +norec +noad +edns +dnssec +bufsize=512 dnskey zone @server
expect: NOERROR
expect: OPT record with version set to 0
See RFC5966 and See RFC6891
```
Since RFC5966 is obsoleted by RFC 7766, the latter RFC shall be referenced.https://gitlab.isc.org/isc-projects/kea/-/issues/1012Add a require at least version in config syntax2019-12-12T16:59:48ZFrancis DupontAdd a require at least version in config syntaxThis feature will provide a way to say the configuration file requires at least a specified Kea version. Useful for Keama and Stork, or in general for any tool which builds configuration files.This feature will provide a way to say the configuration file requires at least a specified Kea version. Useful for Keama and Stork, or in general for any tool which builds configuration files.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1018statistic-remove-all removes also total-addresses and similar statistics2022-11-02T15:10:19ZFrancis Dupontstatistic-remove-all removes also total-addresses and similar statisticsNot very consistent but not critical too. Just should be addressed before using stats contexts.Not very consistent but not critical too. Just should be addressed before using stats contexts.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1027Database reconnect settings ignored during startup2023-11-18T09:34:42ZChrisDatabase reconnect settings ignored during startup**Describe the bug**
During startup if the database is unreachable (which is easily possible during boot since there is, understandably, no dependency/ordering on sql servers in the default systemd unit) kea-server will immediately shut...**Describe the bug**
During startup if the database is unreachable (which is easily possible during boot since there is, understandably, no dependency/ordering on sql servers in the default systemd unit) kea-server will immediately shut down despite reconnect settings.
Since there is a chance for the SQL database to be available after kea is being started this can lead to kea not running after boot despite being expected to.
**To Reproduce**
Steps to reproduce the behavior:
1. Configure Kea with mysql leases/reservations including reconnect options ("max-reconnect-tries": 10,"reconnect-wait-time": 1000)
2. Stop and start kea + mysql, kea before mysql
```
service isc-kea-dhcp4-server stop; service mysql stop; service isc-kea-dhcp4-server start; service mysql start; sleep 1; service isc-kea-dhcp4-server status;
```
3. See that no reconnect attempts were made
**Expected behavior**
Kea to use the reconnect options during startup
**Environment:**
- Kea version: 1.6.0
- OS: Ubuntu 18.04 x64
- From ISC Kea repository
- If/which hooks where loaded in: lease-commands, haoutstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1028New classification design.2023-07-31T11:54:22ZFrancis DupontNew classification design.Some proposals for a new classification design:
- replace the list+set by a multi-index
- replace the required-xxx by a more direct add-client-classes.
- add this new add-client-classes to host reservations as an alias of the existing...Some proposals for a new classification design:
- replace the list+set by a multi-index
- replace the required-xxx by a more direct add-client-classes.
- add this new add-client-classes to host reservations as an alias of the existing client-classes (same entry with the same behavior for all objects which add a class to the query)
- complete the list of class evaluation points:
* new points after the deferred unpack, pkt*_receive hook, etc
* make clear in the doc that which a classification point is for:
+ dependency on a packet procession phase (e.g. KNOWN/UNKNOWN)
+ usage for the next packet processing step (e.g. subnet selection, pool guard, output option)
* add an enum (vs a few flags) for the point where a class must be evaluated
* add a meta-data with the value of its enum and make it visible to users
- same rules on dependency (use of member in expression):
* no forward reference (the user class in a member clause must be already defined)
* get the last classification point
* perhaps a new built-in class for instance for the pkt*_receive hook
- document the way to switch from expired-* to this new stuff (but do not develop a tool to translate configurations)
- (next steps?) new uses of classes (e.g. lifetime), new expressions (e.g. in the response vs the query): in almost all cases this means new classification pointsnext-stable-3.0https://gitlab.isc.org/isc-projects/kea/-/issues/1029New built-in client class for incomplete unpacking2020-01-09T16:56:32ZFrancis DupontNew built-in client class for incomplete unpackingCurrent Kea accepts packets which have a not fatal error during unpacking. I believe it was added by @tmark: in such case the SkipRemainingOptionsError exception is thrown and processing continue.
I'd like to put such packets in a new b...Current Kea accepts packets which have a not fatal error during unpacking. I believe it was added by @tmark: in such case the SkipRemainingOptionsError exception is thrown and processing continue.
I'd like to put such packets in a new built-in class so a "not option[xxx].exist" can't be mislead: it will be enough to add "add not member("<new-class-name>')".
This allows too to classify such packets in the DROP class so by configuration accept or drop them.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1030client class added by hooks and expressions2020-01-16T16:36:32ZFrancis Dupontclient class added by hooks and expressionsA client class added by a hook in pkt4_receive can't be used in an expression because the main classification is done before the callout. This means it can be used only directly for subnet selection, e.g. if the hook adds the class "foo"...A client class added by a hook in pkt4_receive can't be used in an expression because the main classification is done before the callout. This means it can be used only directly for subnet selection, e.g. if the hook adds the class "foo" you can guard a subnet by "foo" but not by a class "not-foo" defined by the expression "not member('foo')".
The case of pool guard is more complex because it is possible to move to the host identifier classification point using "KNOWN" or "UNKNOWN" in the expression. Of course it is simpler for required classes which are evaluated late.
This is not beyond repair but if we want to change this IMHO it is better to reconsider the whole classification design as explained in #1028.outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/1400Follow-up from "Tune the performance of the autosign test" - the sig-validity...2019-11-27T07:50:58ZOndřej SurýFollow-up from "Tune the performance of the autosign test" - the sig-validity-intervalThe following discussion from !2601 should be addressed:
- [ ] @michal started a [discussion](https://gitlab.isc.org/isc-projects/bind9/merge_requests/2601#note_92489): (+9 comments)
> I think you might be mistaken here. Accordin...The following discussion from !2601 should be addressed:
- [ ] @michal started a [discussion](https://gitlab.isc.org/isc-projects/bind9/merge_requests/2601#note_92489): (+9 comments)
> I think you might be mistaken here. According to the [ARM][1] (and this is what I seem to be observing in practice) `sig-validity-interval 10 2` means resigning will start in 10 days - 2 *hours*. I think this affects your reasoning?
>
> [1]: https://gitlab.isc.org/isc-projects/bind9/blob/eb21ecf55c12b6682ee47a03112c9c8a92a31ed7/doc/arm/Bv9ARM-book.xml#L8859-8861https://gitlab.isc.org/isc-projects/bind9/-/issues/1405Additional RRs for ILNP RR queries.2019-11-26T18:08:57ZFrancis DupontAdditional RRs for ILNP RR queries.RFC 6742 has some requirements like this one:
> To improve performance, ILNP-aware DNS servers and DNS resolvers MAY
attempt to return all L32, L64, and LP records for the same owner
name of the NID RRset in the Additional sectio...RFC 6742 has some requirements like this one:
> To improve performance, ILNP-aware DNS servers and DNS resolvers MAY
attempt to return all L32, L64, and LP records for the same owner
name of the NID RRset in the Additional section of the response, if
space permits.
(in fact one per new RR)
bind implements the ILNP MRs but not these "Additional Section Processing" requirements.
BTW if it is enough to put some code into additionaldata_xxx() functions in function in the corresponding lib/dns/rdata/generic/foo_yyy.c files I can provide the patch in a MR.https://gitlab.isc.org/isc-projects/bind9/-/issues/1424Default listening configuration is confusing.2022-03-01T09:37:02ZPetr MenšíkDefault listening configuration is confusing.### Description
I tried to revert default listening on IPv6 on RHEL 7, but changed just default config. But it does not change anything. It seems that value is not ever used.
### Request
Comment out default options listen-on {any;}; i...### Description
I tried to revert default listening on IPv6 on RHEL 7, but changed just default config. But it does not change anything. It seems that value is not ever used.
### Request
Comment out default options listen-on {any;}; in default config. Or actually use them and remove custom handling in bin/named/server.c. I think main purpose was different defaults for lwresd. That affects only 9.11. In that version, default values should be commented out in config.c.
That change would make ns_listenlist_default unused and could be removed also.
### Links / references
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bin/named/config.c#L74
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bin/named/server.c#L8917
edit by @bconry: adjusted links/references as they were broken; revised line numbers are approximated from context as the commit when they were created is unknownNot plannedhttps://gitlab.isc.org/isc-projects/stork/-/issues/96improve UX of refreshing on machines page2022-11-16T11:54:51ZMichal Nowikowskiimprove UX of refreshing on machines pagefollow up to: https://gitlab.isc.org/isc-projects/stork/merge_requests/25#note_90061
machines page:
Tomek:
The "refresh" button doesn't work as I would expect. There are two refresh actions here. The one specific for each machine (trip...follow up to: https://gitlab.isc.org/isc-projects/stork/merge_requests/25#note_90061
machines page:
Tomek:
The "refresh" button doesn't work as I would expect. There are two refresh actions here. The one specific for each machine (triple lines button -> refresh) seems to be working. However, when I click Refresh (the one at the top of the list), nothing appears to happen. I assume the list is re-retrieved from the server. However, the status of the machines are not updated.
Michal:
Hmm, this is just refreshing the list, not refreshing state of machines. Refreshing state of machines can be done only individually. I made it this way because 1) I do not see use case for refreshing state of just current list of machines, 2) this might be time consuming ie. machines does not need to response immedately.
So it seems that these 2 kinds of refreshing should be better differentiated in the UI.
Tomek:
Yup. For now I think the way to go is to merge the code as is and open new ticket with UI usability improvement. I'm sure there will be plenty of those. Perhaps we'll deal with them before 1.0 goes out? Maybe we'll dedicate some milestone after 0.8 to usability?backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1039avoiding race conditions when sharing database between processes or threads2021-10-20T10:31:31ZRazvan Becheriuavoiding race conditions when sharing database between processes or threadsthis ticket is intended to clarify the design needed to make 2 servers using the same database function properly.
the main problem is that, by having 2 separate servers or threads, one could insert/delete/update one lease at the same tim...this ticket is intended to clarify the design needed to make 2 servers using the same database function properly.
the main problem is that, by having 2 separate servers or threads, one could insert/delete/update one lease at the same time the other does some similar action.
this ticket is no related to multi-threading but the MT design relies on the fact that the functionality of 2 servers sharing the database is handled properlyoutstandingRazvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1454Revisit the system test for soft fetchlimit2023-11-02T16:43:59ZOndřej SurýRevisit the system test for soft fetchlimit!2705 changed the fetchlimit test to test for the hard limit, because it's hard to test soft limit with multiple event queues, but we ought to have a soft limit tests, so here's the issue for it.!2705 changed the fetchlimit test to test for the hard limit, because it's hard to test soft limit with multiple event queues, but we ought to have a soft limit tests, so here's the issue for it.Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/1045Implement wipe commands for PgSQL and MySQL2020-04-29T10:35:15ZTomek MrugalskiImplement wipe commands for PgSQL and MySQL@fdupont reported that wipe commands for MySQL and PgSQL are not implemented. This is an unfortunate omission.
We need to implement them.
One thing to do is to look at older branches. Perhaps there's some code there. I vaguely recall t...@fdupont reported that wipe commands for MySQL and PgSQL are not implemented. This is an unfortunate omission.
We need to implement them.
One thing to do is to look at older branches. Perhaps there's some code there. I vaguely recall they were being discussed with some code written, but I may be misremembering.outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/104Req 11.2 - Mobile device support2023-12-13T18:40:58ZVicky Riskvicky@isc.orgReq 11.2 - Mobile device supportit would be ideal if we could have a UI that is accessible via mobile devices. This means that we would want most of the display to be responsive, so that elements displayed side by side on the desktop display could be displayed above/be...it would be ideal if we could have a UI that is accessible via mobile devices. This means that we would want most of the display to be responsive, so that elements displayed side by side on the desktop display could be displayed above/beneath each other on a mobile device.
As a user I might want to check into the Stork interface via mobile device occasionally. I would like to be able to easily find and view the most salient information this way, including most significant alerts and status of individual servers. However, I would not want to limit the table width in the desktop version of Stork in order to be able to access the app via mobile device.
We may consider actually not displaying these wide tables on mobile devices to preserve basic usability for mobile users.outstanding