ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2021-12-02T02:05:21Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3038refactor peer.c to reduce copy-and-paste needed for new options.2021-12-02T02:05:21ZMark Andrewsrefactor peer.c to reduce copy-and-paste needed for new options.This should reduce copy-paste-replace errors.This should reduce copy-paste-replace errors.Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/2217How to delete unused host reservations2023-04-05T13:27:33ZjujuHow to delete unused host reservationsI made some changes to my host reservations and now have a bunch of them that are not going to be used anymore. I can't figure out how to delete them. I see them in stork but don't have an idea how to permanently remove them. I have an ...I made some changes to my host reservations and now have a bunch of them that are not going to be used anymore. I can't figure out how to delete them. I see them in stork but don't have an idea how to permanently remove them. I have an HA setup with 2 kea servers and store the data in a postgresdb. I searched around but cant find any info on how to clean up the host reservations.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2216Small errors in status-get command documentation2022-01-12T18:09:37ZMarcin GodzinaSmall errors in status-get command documentation16.15.19.5 in Kea documentation lacks **"packet-queue-statistics"** field in example response which is included if "multi-threading-enabled" is true.
For example we can add `"packet-queue-statistics": [ 0.0, 0.0, 0.0 ]` after `"packet-qu...16.15.19.5 in Kea documentation lacks **"packet-queue-statistics"** field in example response which is included if "multi-threading-enabled" is true.
For example we can add `"packet-queue-statistics": [ 0.0, 0.0, 0.0 ]` after `"packet-queue-size": 64`
18.3.13 in Kea documentation lists *thread-pool-size* and *packet-queue-size* being returned only when multi-threading is enabled but omits **packet-queue-statistics** in this list.
Issue applicable to dhcpv4 and dhcpv6kea2.1.2Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/stork/-/issues/637Remove local_subnet and local_host relation with Kea app2022-01-03T20:51:52ZMarcin SiodelskiRemove local_subnet and local_host relation with Kea appIn #473, we changed the schema and created relations between the daemon table and the local_subnet and local_host tables. To reduce the number of changes we still keep the relation with app table, which is now redundant. We should remove...In #473, we changed the schema and created relations between the daemon table and the local_subnet and local_host tables. To reduce the number of changes we still keep the relation with app table, which is now redundant. We should remove this relation and update the queries accordingly.1.1Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/3036clang-format-13 leads to weird layout formatting of function parameters2021-12-01T08:52:54ZMatthijs Mekkingmatthijs@isc.orgclang-format-13 leads to weird layout formatting of function parametersThe following discussion from !5602 should be addressed:
- [ ] @matthijs started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5602#note_251399): (+1 comment)
> Off topic, but is this really the preferr...The following discussion from !5602 should be addressed:
- [ ] @matthijs started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5602#note_251399): (+1 comment)
> Off topic, but is this really the preferred format? Maybe we want to adjust the `clang-format`? @ondrejhttps://gitlab.isc.org/isc-projects/kea/-/issues/2214kea 2.0.0 drop Discover-Offer and Reuqest-ACK2021-12-30T14:27:10ZALOK KUMAR SINGHkea 2.0.0 drop Discover-Offer and Reuqest-ACKI have recently updated my client environment to Kea 2.0.0, in earlier version we faced issues related to packet-parked. Since, I saw that issue is addressed in version 2.0.0, upgraded to it but when performing a load test using perfdhcp...I have recently updated my client environment to Kea 2.0.0, in earlier version we faced issues related to packet-parked. Since, I saw that issue is addressed in version 2.0.0, upgraded to it but when performing a load test using perfdhcp, I see huge drops. Please let me know if I need to make any changes in config or is there any bug with the version?
Also, attaching packet captured while running the test. [haperfdhcp.pcap](/uploads/c972ba0d021b369ca7e47f1391d4a48d/haperfdhcp.pcap)
/usr/local/sbin/perfdhcp -p 60 -r 300
/usr/local/sbin/perfdhcp -I ens192 -r 3000
![Capture1](/uploads/548a2d5439d47924d6533f887234518a/Capture1.PNG)
![capture2](/uploads/65e2478bd4f33e057519572401a5e7dd/capture2.PNG)
[root@xsdclxmdndh001 hscadmin]$ /usr/local/sbin/kea-admin -v
2.0.0
"parked-packet-limit": 128,
Note: I have tried to remove this section, increase value of this section to 128000 but no difference was observed in drop packets. [xs-config-kea-dhcp4.txt](/uploads/3b683cb87474068d478a5bb5ad7af8c6/xs-config-kea-dhcp4.txt)outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/3035BIND with dnssec-policy stops signing when removing the ZSK key files2022-01-06T08:52:05ZThomas AmgartenBIND with dnssec-policy stops signing when removing the ZSK key files### Summary
When removing the ZSK key files from the key-directory and removing also the journal files (.signed.jnl, .jnl, .jbk), then - under certain circumstandes - BIND does create a new ZSK (after restart) but is no more able to sig...### Summary
When removing the ZSK key files from the key-directory and removing also the journal files (.signed.jnl, .jnl, .jbk), then - under certain circumstandes - BIND does create a new ZSK (after restart) but is no more able to sign the RR (neither DNSKEY-RR with the KSK nor TXT-RR with the ZSK).
### BIND version used
9.16.22, self-compiled
### Steps to reproduce
Perhaps this behavior has something to do with "**timings**" or "**timers**", because I needed to wait about one night (for ex. 8h), before I was able to reproduce the issue this morning again.
With this quick-and-dirty helperscript, I can reproduce this issue (after the mentioned timing) always:
```
#!/bin/bash
KEY_ROOT="/chroot/bind/etc/named/keys"
MASTER_DIR="/var/named/master"
[[ $# -lt 1 ]] && { echo -e "specify a zone"; exit 1; }
ZONE=$1
[[ ! -d ${KEY_ROOT}/${ZONE} ]] && { echo -e "key-dir does not exist"; exit 1; }
cd $KEY_ROOT/${ZONE}/
ZSK=$(grep -l "ZSK: yes" * | sed 's,\(.*\)\.state,\1,'g)
echo -e "ZSK found: $ZSK"
systemctl stop named
rm -f $KEY_ROOT/${ZONE}/$ZSK.*
rm -rf $MASTER_DIR/${ZONE}.hosts.*
systemctl start named
```
### What is the current *bug* behavior?
dnssec-policy is no more signing the zone, even if I run "rndc sign example.ch":
```
# No RRSIG for the DNSKEY-RR
$ dig @127.0.0.1 +short +norec +dnssec dnskey example.ch
256 3 13 yzEu6qim1W01nMHAPGhB8nXM2Qb+PTJH0c5+muyy1QjVy4+dldge0Tw6 H0rckR/sNyQOAPzpsChOqqHZhSF32w==
257 3 13 f2m47DhSRftPS7dbCw8u/C2Gnek3XJyf+FpD1gJg1dl2ZXpVVtx7RsJS ML1bq3WHrWz2IRQvW/0rsvB1f3z2WQ==
# Also no RRSIG for the TXT-Record
$ dig @127.0.0.1 +short +norec +dnssec txt example.ch
"v=spf1 -all"
```
#### rndc dnssec -status example.ch
```
$ rndc dnssec -status example.ch
dnssec-policy: thewaytogo-faster
current time: Tue Nov 30 10:09:13 2021
key: 54591 (ECDSAP256SHA256), ZSK
published: yes - since Tue Nov 30 09:59:00 2021
zone signing: no
Next rollover scheduled on Tue Dec 7 07:54:00 2021
- goal: omnipresent
- dnskey: rumoured
- zone rrsig: hidden
key: 56340 (ECDSAP256SHA256), KSK
published: yes - since Mon Nov 29 20:54:22 2021
key signing: yes - since Mon Nov 29 20:54:22 2021
No rollover scheduled
- goal: omnipresent
- dnskey: omnipresent
- ds: omnipresent
- key rrsig: omnipresent
```
#### reloading
Reloading the zone shows (in debug-level 3) the following messages:
```
30-Nov-2021 10:05:26.927 general: info: received control channel command 'reload example.ch'
30-Nov-2021 10:05:26.927 zoneload: debug 1: zone example.ch/IN (unsigned): skipping load: master file older than last load
```
#### restarting
##### The key-files are existing (before and after restart)
```
$ ls -lahF
total 340K
drwxr-xr-x. 2 named named 4.0K 30. Nov 09:59 ./
drwxr-xr-x. 7 named named 308K 29. Nov 16:31 ../
-rw-r--r--. 1 named named 443 30. Nov 10:10 Kexample.ch.+013+54591.key
-rw-------. 1 named named 235 30. Nov 10:10 Kexample.ch.+013+54591.private
-rw-r--r--. 1 named named 541 30. Nov 10:10 Kexample.ch.+013+54591.state
-rw-r--r--. 1 named named 388 30. Nov 10:10 Kexample.ch.+013+56340.key
-rw-------. 1 named named 241 30. Nov 10:10 Kexample.ch.+013+56340.private
-rw-r--r--. 1 named named 675 30. Nov 10:10 Kexample.ch.+013+56340.state
```
```
# ZSK
$ cat Kexample.ch.+013+54591.key Kexample.ch.+013+54591.state
; This is a zone-signing key, keyid 54591, for example.ch.
; Created: 20211130085900 (Tue Nov 30 09:59:00 2021)
; Publish: 20211130085900 (Tue Nov 30 09:59:00 2021)
; Activate: 20211130085900 (Tue Nov 30 09:59:00 2021)
; Inactive: 20211207085900 (Tue Dec 7 09:59:00 2021)
; Delete: 20211217100400 (Fri Dec 17 11:04:00 2021)
example.ch. 3600 IN DNSKEY 256 3 13 yzEu6qim1W01nMHAPGhB8nXM2Qb+PTJH0c5+muyy1QjVy4+dldge0Tw6 H0rckR/sNyQOAPzpsChOqqHZhSF32w==
; This is the state of key 54591, for example.ch.
Algorithm: 13
Length: 256
Lifetime: 604800
KSK: no
ZSK: yes
Generated: 20211130085900 (Tue Nov 30 09:59:00 2021)
Published: 20211130085900 (Tue Nov 30 09:59:00 2021)
Active: 20211130085900 (Tue Nov 30 09:59:00 2021)
Retired: 20211207085900 (Tue Dec 7 09:59:00 2021)
Removed: 20211217100400 (Fri Dec 17 11:04:00 2021)
DNSKEYChange: 20211130085900 (Tue Nov 30 09:59:00 2021)
ZRRSIGChange: 20211130085900 (Tue Nov 30 09:59:00 2021)
DNSKEYState: rumoured
ZRRSIGState: hidden
GoalState: omnipresent
# KSK
$ cat Kexample.ch.+013+56340.key Kexample.ch.+013+56340.state
; This is a key-signing key, keyid 56340, for example.ch.
; Created: 20211129195422 (Mon Nov 29 20:54:22 2021)
; Publish: 20211129195422 (Mon Nov 29 20:54:22 2021)
; Activate: 20211129195422 (Mon Nov 29 20:54:22 2021)
; SyncPublish: 20211129195422 (Mon Nov 29 20:54:22 2021)
example.ch. IN DNSKEY 257 3 13 f2m47DhSRftPS7dbCw8u/C2Gnek3XJyf+FpD1gJg1dl2ZXpVVtx7RsJS ML1bq3WHrWz2IRQvW/0rsvB1f3z2WQ==
; This is the state of key 56340, for example.ch.
Algorithm: 13
Length: 256
Lifetime: 0
KSK: yes
ZSK: no
Generated: 20211129195422 (Mon Nov 29 20:54:22 2021)
Published: 20211129195422 (Mon Nov 29 20:54:22 2021)
Active: 20211129195422 (Mon Nov 29 20:54:22 2021)
DSPublish: 20211129195759 (Mon Nov 29 20:57:59 2021)
DSRemoved: 20211129195739 (Mon Nov 29 20:57:39 2021)
PublishCDS: 20211129195422 (Mon Nov 29 20:54:22 2021)
DNSKEYChange: 20211129205955 (Mon Nov 29 21:59:55 2021)
KRRSIGChange: 20211129205955 (Mon Nov 29 21:59:55 2021)
DSChange: 20211129225759 (Mon Nov 29 23:57:59 2021)
DNSKEYState: omnipresent
KRRSIGState: omnipresent
DSState: omnipresent
GoalState: omnipresent
```
##### Doing the restart shows the following output:
```
30-Nov-2021 10:07:04.657 general: debug 1: zone_dump: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.657 general: debug 1: zone_gotwritehandle: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.659 general: debug 3: zone_shutdown: zone example.ch/IN (signed): shutting down
30-Nov-2021 10:07:04.664 general: debug 3: zone_shutdown: zone example.ch/IN (unsigned): shutting down
30-Nov-2021 10:07:04.664 database: debug 1: calling free_rbtdb(example.ch)
30-Nov-2021 10:07:04.664 database: debug 1: done free_rbtdb(example.ch)
30-Nov-2021 10:07:04.665 general: debug 1: dump_done: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.665 general: debug 1: zone_journal_compact: zone example.ch/IN (signed): target journal size 2358
30-Nov-2021 10:07:04.665 general: debug 3: zone example.ch/IN (signed): dns_journal_compact: success
30-Nov-2021 10:07:04.669 database: debug 1: calling free_rbtdb(example.ch)
30-Nov-2021 10:07:04.669 database: debug 1: done free_rbtdb(example.ch)
30-Nov-2021 10:07:04.743 general: debug 1: zone_timer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.743 general: debug 1: zone_maintenance: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.745 zoneload: debug 1: zone example.ch/IN (unsigned): starting load
30-Nov-2021 10:07:04.745 general: debug 1: zone_startload: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.746 zoneload: debug 2: zone example.ch/IN (unsigned): number of nodes in database: 1
30-Nov-2021 10:07:04.746 zoneload: debug 1: zone example.ch/IN (unsigned): journal empty
30-Nov-2021 10:07:04.746 zoneload: debug 1: zone example.ch/IN (unsigned): loaded; checking validity
30-Nov-2021 10:07:04.746 general: debug 1: dns_zone_verifydb: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.746 general: debug 1: zone_settimer: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.746 zoneload: info: zone example.ch/IN (unsigned): loaded serial 2021113001
30-Nov-2021 10:07:04.746 zoneload: debug 1: zone example.ch/IN (signed): starting load
30-Nov-2021 10:07:04.746 general: debug 1: zone_startload: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.746 zoneload: debug 2: zone example.ch/IN (signed): number of nodes in database: 1
30-Nov-2021 10:07:04.746 zoneload: debug 1: zone example.ch/IN (signed): journal rollforward completed successfully: up to date
30-Nov-2021 10:07:04.746 zoneload: debug 1: zone example.ch/IN (signed): loaded; checking validity
30-Nov-2021 10:07:04.746 general: debug 1: dns_zone_verifydb: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.746 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.746 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.746 zoneload: info: zone example.ch/IN (signed): loaded serial 2021113003
30-Nov-2021 10:07:04.758 general: debug 1: dns_zone_maintenance: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.758 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.758 general: debug 1: dns_zone_maintenance: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.758 general: debug 1: zone_settimer: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.761 general: debug 1: setnsec3param: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.761 general: debug 1: rss_post: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.761 general: debug 1: receive_secure_serial: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.764 general: error: zone example.ch/IN (signed): found no active private keys, unable to generate any signatures
30-Nov-2021 10:07:04.764 general: debug 1: zone_journal: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.769 general: debug 1: zone_needdump: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.769 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.769 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.770 general: debug 1: zone_timer: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.770 general: debug 1: zone_maintenance: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.770 general: debug 1: zone_settimer: zone example.ch/IN (unsigned): enter
30-Nov-2021 10:07:04.771 general: debug 1: zone_timer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.771 general: debug 1: zone_maintenance: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.771 notify: info: zone example.ch/IN (signed): sending notifies (serial 2021113004)
30-Nov-2021 10:07:04.771 dnssec: info: zone example.ch/IN (signed): reconfiguring zone keys
30-Nov-2021 10:07:04.777 dnssec: debug 1: keymgr: keyring: example.ch/ECDSAP256SHA256/54591 (policy thewaytogo-faster)
30-Nov-2021 10:07:04.777 dnssec: debug 1: keymgr: keyring: example.ch/ECDSAP256SHA256/56340 (policy thewaytogo-faster)
30-Nov-2021 10:07:04.777 dnssec: debug 1: keymgr: dnskeys: example.ch/ECDSAP256SHA256/54591 (policy thewaytogo-faster)
30-Nov-2021 10:07:04.777 dnssec: debug 1: keymgr: dnskeys: example.ch/ECDSAP256SHA256/56340 (policy thewaytogo-faster)
30-Nov-2021 10:07:04.777 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/56340 (KSK) matches policy thewaytogo-faster
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/56340 (KSK) is active in policy thewaytogo-faster
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: new successor needed for DNSKEY example.ch/ECDSAP256SHA256/56340 (KSK) (policy thewaytogo-faster) in 2656704072 seconds
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/54591 (ZSK) matches policy thewaytogo-faster
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/54591 (ZSK) is active in policy thewaytogo-faster
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: new successor needed for DNSKEY example.ch/ECDSAP256SHA256/54591 (ZSK) (policy thewaytogo-faster) in 596816 seconds
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: examine ZSK example.ch/ECDSAP256SHA256/54591 type DNSKEY in state RUMOURED
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: can we transition ZSK example.ch/ECDSAP256SHA256/54591 type DNSKEY state RUMOURED to state OMNIPRESENT?
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: dnssec evaluation of ZSK example.ch/ECDSAP256SHA256/54591 record DNSKEY: rule1=(~true or true) rule2=(~true or true) rule3=(~false or false)
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: time says no to ZSK example.ch/ECDSAP256SHA256/54591 type DNSKEY state RUMOURED to state OMNIPRESENT (wait 7016 seconds)
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: examine ZSK example.ch/ECDSAP256SHA256/54591 type ZRRSIG in state HIDDEN
30-Nov-2021 10:07:04.778 dnssec: debug 1: keymgr: can we transition ZSK example.ch/ECDSAP256SHA256/54591 type ZRRSIG state HIDDEN to state RUMOURED?
30-Nov-2021 10:07:04.779 dnssec: debug 1: keymgr: policy says no to ZSK example.ch/ECDSAP256SHA256/54591 type ZRRSIG state HIDDEN to state RUMOURED
30-Nov-2021 10:07:04.779 dnssec: debug 1: keymgr: examine KSK example.ch/ECDSAP256SHA256/56340 type DNSKEY in state OMNIPRESENT
30-Nov-2021 10:07:04.779 dnssec: debug 1: keymgr: KSK example.ch/ECDSAP256SHA256/56340 type DNSKEY in stable state OMNIPRESENT
30-Nov-2021 10:07:04.779 dnssec: debug 1: keymgr: examine KSK example.ch/ECDSAP256SHA256/56340 type KRRSIG in state OMNIPRESENT
30-Nov-2021 10:07:04.779 dnssec: debug 1: keymgr: KSK example.ch/ECDSAP256SHA256/56340 type KRRSIG in stable state OMNIPRESENT
30-Nov-2021 10:07:04.779 dnssec: debug 1: keymgr: examine KSK example.ch/ECDSAP256SHA256/56340 type DS in state OMNIPRESENT
30-Nov-2021 10:07:04.779 dnssec: debug 1: keymgr: KSK example.ch/ECDSAP256SHA256/56340 type DS in stable state OMNIPRESENT
30-Nov-2021 10:07:04.780 general: info: CDS for key example.ch/ECDSAP256SHA256/56340 is now published
30-Nov-2021 10:07:04.780 general: info: CDNSKEY for key example.ch/ECDSAP256SHA256/56340 is now published
30-Nov-2021 10:07:04.782 general: debug 1: zone_journal: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.784 general: debug 1: zone_needdump: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.784 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.784 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.785 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.785 dnssec: debug 3: zone example.ch/IN (signed): next key event in 7016 seconds
30-Nov-2021 10:07:04.785 dnssec: info: zone example.ch/IN (signed): next key event: 30-Nov-2021 12:04:00.771
30-Nov-2021 10:07:04.785 dnssec: debug 3: zone example.ch/IN (signed): zone_rekey done: key 54591/ECDSAP256SHA256
30-Nov-2021 10:07:04.785 dnssec: debug 3: zone example.ch/IN (signed): zone_rekey done: key 56340/ECDSAP256SHA256
30-Nov-2021 10:07:04.785 general: debug 1: zone_sign: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:04.787 dnssec: debug 3: zone example.ch/IN (signed): zone_sign:use kasp -> yes
30-Nov-2021 10:07:04.787 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:09.771 general: debug 1: zone_timer: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:09.771 general: debug 1: zone_maintenance: zone example.ch/IN (signed): enter
30-Nov-2021 10:07:09.771 notify: info: zone example.ch/IN (signed): sending notifies (serial 2021113005)
30-Nov-2021 10:07:09.771 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
```
#### rndc sign example.ch
```
30-Nov-2021 10:10:56.477 general: info: received control channel command 'sign example.ch'
30-Nov-2021 10:10:56.478 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.478 general: debug 1: zone_timer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.478 general: debug 1: zone_maintenance: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.478 dnssec: info: zone example.ch/IN (signed): reconfiguring zone keys
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: keyring: example.ch/ECDSAP256SHA256/54591 (policy thewaytogo-faster)
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: keyring: example.ch/ECDSAP256SHA256/56340 (policy thewaytogo-faster)
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: dnskeys: example.ch/ECDSAP256SHA256/54591 (policy thewaytogo-faster)
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: dnskeys: example.ch/ECDSAP256SHA256/56340 (policy thewaytogo-faster)
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/56340 (KSK) matches policy thewaytogo-faster
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/56340 (KSK) is active in policy thewaytogo-faster
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: new successor needed for DNSKEY example.ch/ECDSAP256SHA256/56340 (KSK) (policy thewaytogo-faster) in 2656703840 seconds
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/54591 (ZSK) matches policy thewaytogo-faster
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: DNSKEY example.ch/ECDSAP256SHA256/54591 (ZSK) is active in policy thewaytogo-faster
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: new successor needed for DNSKEY example.ch/ECDSAP256SHA256/54591 (ZSK) (policy thewaytogo-faster) in 596584 seconds
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: examine ZSK example.ch/ECDSAP256SHA256/54591 type DNSKEY in state RUMOURED
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: can we transition ZSK example.ch/ECDSAP256SHA256/54591 type DNSKEY state RUMOURED to state OMNIPRESENT?
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: dnssec evaluation of ZSK example.ch/ECDSAP256SHA256/54591 record DNSKEY: rule1=(~true or true) rule2=(~true or true) rule3=(~false or false)
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: time says no to ZSK example.ch/ECDSAP256SHA256/54591 type DNSKEY state RUMOURED to state OMNIPRESENT (wait 6784 seconds)
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: examine ZSK example.ch/ECDSAP256SHA256/54591 type ZRRSIG in state HIDDEN
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: can we transition ZSK example.ch/ECDSAP256SHA256/54591 type ZRRSIG state HIDDEN to state RUMOURED?
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: policy says no to ZSK example.ch/ECDSAP256SHA256/54591 type ZRRSIG state HIDDEN to state RUMOURED
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: examine KSK example.ch/ECDSAP256SHA256/56340 type DNSKEY in state OMNIPRESENT
30-Nov-2021 10:10:56.483 dnssec: debug 1: keymgr: KSK example.ch/ECDSAP256SHA256/56340 type DNSKEY in stable state OMNIPRESENT
30-Nov-2021 10:10:56.484 dnssec: debug 1: keymgr: examine KSK example.ch/ECDSAP256SHA256/56340 type KRRSIG in state OMNIPRESENT
30-Nov-2021 10:10:56.484 dnssec: debug 1: keymgr: KSK example.ch/ECDSAP256SHA256/56340 type KRRSIG in stable state OMNIPRESENT
30-Nov-2021 10:10:56.484 dnssec: debug 1: keymgr: examine KSK example.ch/ECDSAP256SHA256/56340 type DS in state OMNIPRESENT
30-Nov-2021 10:10:56.484 dnssec: debug 1: keymgr: KSK example.ch/ECDSAP256SHA256/56340 type DS in stable state OMNIPRESENT
30-Nov-2021 10:10:56.487 general: warning: zone example.ch/IN (signed): Key example.ch/ECDSAP256SHA256/56340 missing or inactive and has no replacement: retaining signatures.
30-Nov-2021 10:10:56.487 general: debug 1: zone_journal: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.490 general: debug 1: zone_needdump: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.490 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.490 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.490 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.490 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.490 dnssec: debug 3: zone example.ch/IN (signed): next key event in 6784 seconds
30-Nov-2021 10:10:56.490 dnssec: info: zone example.ch/IN (signed): next key event: 30-Nov-2021 12:04:00.478
30-Nov-2021 10:10:56.491 dnssec: debug 3: zone example.ch/IN (signed): zone_rekey done: key 54591/ECDSAP256SHA256
30-Nov-2021 10:10:56.491 dnssec: debug 3: zone example.ch/IN (signed): zone_rekey done: key 56340/ECDSAP256SHA256
30-Nov-2021 10:10:56.491 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.491 general: debug 1: zone_timer: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.491 general: debug 1: zone_maintenance: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.491 general: debug 1: zone_sign: zone example.ch/IN (signed): enter
30-Nov-2021 10:10:56.493 dnssec: debug 3: zone example.ch/IN (signed): zone_sign:use kasp -> yes
30-Nov-2021 10:10:56.493 general: debug 1: zone_settimer: zone example.ch/IN (signed): enter
```
### What is the expected *correct* behavior?
Signed zone
### Relevant configuration files
```
# zone configuration
zone "example.ch" {
type master;
file "master/example.ch.hosts";
dnssec-policy thewaytogo-faster;
parental-agents { "ch"; };
key-directory "/etc/named/keys/example.ch";
};
```
```
# dnssec-policy
dnssec-policy "thewaytogo-faster" {
// Signatures
signatures-refresh 5d;
signatures-validity 14d;
signatures-validity-dnskey 14d;
// Keys
dnskey-ttl 3600s;
publish-safety 1h;
retire-safety 1h;
purge-keys 30d;
keys {
ksk lifetime unlimited algorithm ecdsap256sha256;
zsk lifetime 7d algorithm ecdsap256sha256;
};
// Zone properties
zone-propagation-delay 300s;
max-zone-ttl 86400s;
// Parent properties
parent-propagation-delay 1h;
parent-ds-ttl 3600;
};
```January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/3034UDP dispatch can reuse <srcip, srcport, dstip, dstport>2022-03-01T09:47:10ZOndřej SurýUDP dispatch can reuse <srcip, srcport, dstip, dstport>This could possibly lead to the wrong callback receiving the response and dropping it on the floor because of non-matching QID.This could possibly lead to the wrong callback receiving the response and dropping it on the floor because of non-matching QID.Not plannedhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/218Updated bundled Bind9 to 9.11.362022-01-20T10:32:13ZPhilip PrindevilleUpdated bundled Bind9 to 9.11.36**Describe the bug**
DHCP won't build on OpenWRT due to bind/lib/isc/stats.c being broken in 9.11.14.
**To Reproduce**
Steps to reproduce the behavior:
1. Create an OpenWRT build environment (Ubuntu 20 preferred)
2. Tweak feeds/packages...**Describe the bug**
DHCP won't build on OpenWRT due to bind/lib/isc/stats.c being broken in 9.11.14.
**To Reproduce**
Steps to reproduce the behavior:
1. Create an OpenWRT build environment (Ubuntu 20 preferred)
2. Tweak feeds/packages/net/isc-dhcp/Makefile to use `PKG_VERSION:=4.4.2-P2`, `PKG_RELEASE:=1`, and the correct `PKG_HASH` for the tarball.
3. Enable `CONFIG_PACKAGE_isc-dhcp-server-ipv6=y` in your `.config` file.
4. Run `make world`
**Expected behavior**
Everything should build
**Environment:**
- ISC DHCP version: 4.4.2-P2
- OS: Ubuntu 20.04 cross-building OpenWRT `master`
- `CONFIG_PACKAGE_isc-dhcp-server-ipv6=y` enabled
**Additional Information**
Fixed with [fix variable name in conditional block](https://github.com/isc-projects/bind9/commit/261c84d91d1b4581df9f7f0ec031908299de7726) which hit v9_11_15.
**Some initial questions**
- This issue has been brought up on dhcp-workers previously but is unresolved.
**Is your feature request related to a problem? Please describe.**
Unable to build newer releases for OpenWRT (I'm the package owner on that distro).
**Describe the solution you'd like**
I'd like it to be buildable again.
**Describe alternatives you've considered**
None are applicable since they all involve applying patches to a file that gets extracted from a tarball, which isn't supported by the OpenWRT build machinery.
**Additional context**
See discussion on dhcp-workers mailing list.
**Funding its development**
I can contribute support through providing and testing the fix.
**Participating in development**
See previous.
**Contacting you**
See my gitlab account for an email address.
**UPDATE**: The original ticket was to update to 9.11.15, but the changes now update to 9.11.36.4.4.3-beta1Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3032make doc is missing isc-logo.pdf in released archive2022-01-11T14:56:02ZPetr Menšíkmake doc is missing isc-logo.pdf in released archive<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
named 9.17 tarball is missing *doc/arm/isc-logo.pdf*
### BIND version used
```
BIND 9.17.20 (Development Release) <id:642abd5>
running on Linux x86_64 5.13.12-200.fc34.x86_64 #1 SMP Wed Aug 18 13:27:18 UTC 2021
built by make with '--build=x86_64-redhat-linux-gnu' '--host=x86_64-redhat-linux-gnu' '--program-prefix=' '--disable-dependency-tracking' '--prefix=/usr' '--exec-prefix=/usr' '--bindir=/usr/bin' '--sbindir=/usr/sbin' '--sysconfdir=/etc' '--datadir=/usr/share' '--includedir=/usr/include' '--libdir=/usr/lib64' '--libexecdir=/usr/libexec' '--sharedstatedir=/var/lib' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--localstatedir=/var' '--with-pic' '--disable-static' '--includedir=/usr/include/bind9' '--with-tuning=large' '--with-libidn2' '--with-maxminddb' '--with-gssapi=yes' '--with-lmdb=yes' '--with-json-c' '--enable-dnstap' '--with-cmocka' '--enable-fixed-rrset' '--enable-full-report' 'build_alias=x86_64-redhat-linux-gnu' 'host_alias=x86_64-redhat-linux-gnu' 'CC=gcc' 'CFLAGS= -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protection' 'LDFLAGS=-Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld ' 'LT_SYS_LIBRARY_PATH=/usr/lib64:' 'PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'
compiled by GCC 11.2.1 20210728 (Red Hat 11.2.1-1)
compiled with OpenSSL version: OpenSSL 1.1.1l FIPS 24 Aug 2021
linked to OpenSSL version: OpenSSL 1.1.1l FIPS 24 Aug 2021
compiled with libuv version: 1.42.0
linked to libuv version: 1.42.0
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.12
linked to libxml2 version: 20912
compiled with json-c version: 0.14
linked to json-c version: 0.14
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/named.conf
rndc configuration: /etc/rndc.conf
DNSSEC root key: /etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
- Extract archive downloaded from pages
- find -name isc-logo.pdf
- ./configure && make && make doc
### What is the current *bug* behavior?
```
...
Making doc in arm
make[2]: Entering directory '/home/pemensik/fedora/bind/bind-9.17.20/build/doc/arm'
SPHINX html-local
SPHINX pdf-local
SPHINX singlehtml
SPHINX epub
Sphinx error:
logo file 'isc-logo.pdf' does not exist
make[2]: *** [Makefile:722: pdf-local] Error 2
make[2]: *** Waiting for unfinished jobs....
make[2]: Leaving directory '/home/pemensik/fedora/bind/bind-9.17.20/build/doc/arm'
make[1]: *** [Makefile:442: doc-recursive] Error 1
make[1]: Leaving directory '/home/pemensik/fedora/bind/bind-9.17.20/build/doc'
make: *** [Makefile:614: doc-recursive] Error 1
```
### What is the expected *correct* behavior?
Should pass.
### Relevant configuration files
(none needed)
### Relevant logs and/or screenshots
(Paste any relevant logs - please use code blocks (```) to format console
output, logs, and code, as it's very hard to read otherwise.)
### Possible fixes
Fix release scripts to include isc-logo.pdf, just as in 9.16 branch.January 2022 (9.16.25, 9.16.25-S1, 9.17.22)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3031Add support for caching parent and child NSEC and RRSIG at the same name2022-06-01T14:34:00ZMark AndrewsAdd support for caching parent and child NSEC and RRSIG at the same nameThis should improve synth-from-dnssec hit rates as we currently only keep the latest one we learn.
rbtdb will also need to become more selective about the covering NSEC returned. If we have a parental NSEC it is not valid for names tha...This should improve synth-from-dnssec hit rates as we currently only keep the latest one we learn.
rbtdb will also need to become more selective about the covering NSEC returned. If we have a parental NSEC it is not valid for names that are subdomains of the NSEC owner.Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/2212Kea IPv6 build in Docker container: can't initially bind to link-local addres...2022-11-02T15:10:41ZK. M. PetersonKea IPv6 build in Docker container: can't initially bind to link-local address, error isn't clearly actionable**Describe the bug**
Implementing Kea DHCP in a Docker container, initial startup results in dhcp6 "active" but not listening or responsive due to attempt to bind to link-local IPv6 address.
Message: `WARN [kea-dhcp6.dhcpsrv/44.140567...**Describe the bug**
Implementing Kea DHCP in a Docker container, initial startup results in dhcp6 "active" but not listening or responsive due to attempt to bind to link-local IPv6 address.
Message: `WARN [kea-dhcp6.dhcpsrv/44.140567258032256] DHCPSRV_OPEN_SOCKET_FAIL failed to open socket: Failed to open link-local socket on interface eth0: Failed to bind socket 12 to fe80::b47a:f100:1fa6:671e/port=547: Cannot assign requested address`
The only way to automate a test for this state is to process the log. The dhcp6 process continues to run but is not operational. A `keactrl stop dhcp6; keactrl start dhcp6` seems to fix the issue.
**To Reproduce**
Steps to reproduce the behavior:
1. Configuration including dhcpv6; starting with `keactrl start`. Interface eth0 defined in configuration.
2. DHCPv4 server starts normally. DHCP6 server starts, fails.
**Expected behavior**
Two levels of difficulty: first, why does this error occur (possibly related to issues/321?). Second, the process does not die, making it difficult to detect. Process is "started" even though:
`2021-11-29 01:02:22.946 WARN [kea-dhcp6.dhcp6/44.140564753819776] DHCP6_MULTI_THREADING_INFO enabled: no, number of threads: 0, queue size: 0
2021-11-29 01:02:22.946 INFO [kea-dhcp6.dhcp6/44.140564753819776] DHCP6_STARTED Kea DHCPv6 server version 2.0.0 started`
**Environment:**
- Kea version: 2.0.0 general distribution.
- OS: CentOS 7, docker container
- No changes made to default configure script.
**Additional Information**
Build [Dockerfile](/uploads/ecedc999141e92f6cb5c104daa228bb8/Dockerfile)
Build/run [docker-compose.yml](/uploads/c252d2371cbeb2a1d7b708ffebf8259b/docker-compose.yml)
Sanitized/excerpted [kea-dhcp6.conf](/uploads/2763097189c8f38cde2432506ec004e5/kea-dhcp6.conf)
Init script in container [init_kea](/uploads/b1531b73332d70a7dc932835dd0bf7a8/init_kea)
**Contacting you**
I'm not primarily a dev, so I've perhaps left something out; contact kmp@kmpeterson.com or associated github address. I do have a (horrible, as you can see) workaround for this, not high priority. Thanks!backloghttps://gitlab.isc.org/isc-projects/dhcp/-/issues/217dhcrelay -6 doesn't parse -u correct when the interface name starts with t2021-11-27T00:16:10ZDaniel Loughlindhcrelay -6 doesn't parse -u correct when the interface name starts with tThe upper or -u parameter is to be formatted according to the man page: -u 2001:1:1::1%interfacename
However if the interface name begins with a t, for example -u 2001:1:1::1%team0
the %t is interpreted incorrectly resulting in the err...The upper or -u parameter is to be formatted according to the man page: -u 2001:1:1::1%interfacename
However if the interface name begins with a t, for example -u 2001:1:1::1%team0
the %t is interpreted incorrectly resulting in the error message "Interface name '2001:1:1::1/runeam0.10' too long"
It's possible to work around this issue by renaming the network adapterhttps://gitlab.isc.org/isc-projects/bind9/-/issues/3030Feature request: allow named-checkconf to accept "-" as a filename argument a...2023-11-02T17:02:20Zlibchap1Feature request: allow named-checkconf to accept "-" as a filename argument and read from stdinIt would be nice if `named-checkconf` (and possibly other utilities as well) accepted `-` as a source filename with the meaning of stdin.
It's possible to use `/dev/stdin`, but it does not work e.g. from within Python (calling by `subpr...It would be nice if `named-checkconf` (and possibly other utilities as well) accepted `-` as a source filename with the meaning of stdin.
It's possible to use `/dev/stdin`, but it does not work e.g. from within Python (calling by `subprocess.Popen(stdin=PIPE, ...)`.
It's also possible to use `/dev/fd/0`, but it seems not to be very nice.
Related issues: #1014 #1279
Thank you!Not plannedhttps://gitlab.isc.org/isc-projects/stork/-/issues/636Supported systems - Debian2021-11-30T14:45:02ZSlawek FigielSupported systems - DebianDo we really not supporting Debian? Maybe consider to extend supported systems. [supported systems](https://stork.readthedocs.io/en/latest/install.html#supported-systems).Do we really not supporting Debian? Maybe consider to extend supported systems. [supported systems](https://stork.readthedocs.io/en/latest/install.html#supported-systems).backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/635Inform about agent being uninstalled2021-11-30T14:42:37ZSlawek FigielInform about agent being uninstalledProvide info in the Stork UI that the agent was uninstalled/removed. So far there is a generic error that could mean more things like network issues, ...Provide info in the Stork UI that the agent was uninstalled/removed. So far there is a generic error that could mean more things like network issues, ...backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/634Add option to ignore agent2021-11-30T14:36:50ZSlawek FigielAdd option to ignore agentConsider to add option to ignore agent otherwise the agent will keep recurring.Consider to add option to ignore agent otherwise the agent will keep recurring.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/633Variable rename2021-12-06T11:15:14ZSlawek FigielVariable renameI would rename `STORK_AGENT_SERVER_URL` to \`STORK_SERVER_URL. BTW by mistake this name was used in docs already. See - "Installation from Cloudsmith and Registration with an Agent Token - STORK SERVER URL" issueI would rename `STORK_AGENT_SERVER_URL` to \`STORK_SERVER_URL. BTW by mistake this name was used in docs already. See - "Installation from Cloudsmith and Registration with an Agent Token - STORK SERVER URL" issue1.0Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/632More explanatory comments in /etc/stork/agent.env2021-12-03T21:21:43ZSlawek FigielMore explanatory comments in /etc/stork/agent.envExtend the comment, it can be hard to understand for the newcomers.
```
# this is used when agent is automatically registered in Stork server
# STORK_AGENT_SERVER_URL=
# STORK_AGENT_ADDRESS=
```Extend the comment, it can be hard to understand for the newcomers.
```
# this is used when agent is automatically registered in Stork server
# STORK_AGENT_SERVER_URL=
# STORK_AGENT_ADDRESS=
```1.0Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/631Avoid multiple entries in default /etc/stork/agent.env2021-12-03T08:28:32ZSlawek FigielAvoid multiple entries in default /etc/stork/agent.env`STORK_AGENT_ADDRESS=` is there two times`STORK_AGENT_ADDRESS=` is there two times1.0