ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2021-10-04T10:57:58Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2930Remove support for the "map" zone file format2021-10-04T10:57:58ZMichał KępieńRemove support for the "map" zone file formatThe `masterfile-format map;` options has already been [deprecated][1] in
9.16/9.17. This issue is for dropping the "map" zone file format
altogether in 9.19+. See #2882 for the rationale.
[1]: #2882The `masterfile-format map;` options has already been [deprecated][1] in
9.16/9.17. This issue is for dropping the "map" zone file format
altogether in 9.19+. See #2882 for the rationale.
[1]: #2882BIND 9.19.xhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2929Replace more "master" and "slave" keywords2021-10-27T11:25:17ZPeter DaviesReplace more "master" and "slave" keywordsThe following error message from the ```rndc freeze``` command:
```rndc: 'freeze' failed: not master```
It may be preferable to use the term ```primary```.
There are other instances in code and in the rndc man page.The following error message from the ```rndc freeze``` command:
```rndc: 'freeze' failed: not master```
It may be preferable to use the term ```primary```.
There are other instances in code and in the rndc man page.November 2021 (9.16.23, 9.16.23-S1, 9.17.20)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/2120Fix TSIG key hierarchy2021-12-09T15:46:06ZFrancis DupontFix TSIG key hierarchyContexts depend on key classes so the hierarchy should be: key1 -> context -> key2 with the context factory in the key2 class.Contexts depend on key classes so the hierarchy should be: key1 -> context -> key2 with the context factory in the key2 class.kea2.1.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2928Coverity issues in the merged dispatch branch2023-01-11T13:58:16ZOndřej SurýCoverity issues in the merged dispatch branch```
** CID 339073: Error handling issues (CHECKED_RETURN)
/lib/dns/resolver.c: 4379 in fctx_doshutdown()
________________________________________________________________________________________________________
*** CID 339073: Error ...```
** CID 339073: Error handling issues (CHECKED_RETURN)
/lib/dns/resolver.c: 4379 in fctx_doshutdown()
________________________________________________________________________________________________________
*** CID 339073: Error handling issues (CHECKED_RETURN)
/lib/dns/resolver.c: 4379 in fctx_doshutdown()
4373 */
4374 fctx_increference(fctx);
4375 fctx_cancelqueries(fctx, false, false);
4376 fctx_cleanup(fctx);
4377
4378 LOCK(&res->buckets[bucketnum].lock);
CID 339073: Error handling issues (CHECKED_RETURN)
Calling "fctx_decreference" without checking return value (as is done elsewhere 6 out of 7 times).
4379 fctx_decreference(fctx);
4380
4381 FCTX_ATTR_SET(fctx, FCTX_ATTR_SHUTTINGDOWN);
4382
4383 INSIST(fctx->state == fetchstate_active ||
4384 fctx->state == fetchstate_done);
```
```
** CID 339072: Error handling issues (CHECKED_RETURN)
/lib/dns/rpz.c: 2247 in rpz_detach()
________________________________________________________________________________________________________
*** CID 339072: Error handling issues (CHECKED_RETURN)
/lib/dns/rpz.c: 2247 in rpz_detach()
2241 false);
2242 }
2243 dns_db_detach(&rpz->updb);
2244 }
2245 }
2246
CID 339072: Error handling issues (CHECKED_RETURN)
Calling "isc_timer_reset" without checking return value (as is done elsewhere 9 out of 10 times).
2247 isc_timer_reset(rpz->updatetimer, isc_timertype_inactive, NULL,
2248 NULL, true);
2249 isc_timer_detach(&rpz->updatetimer);
2250
2251 isc_ht_destroy(&rpz->nodes);
2252
```
```
** CID 339071: (USE_AFTER_FREE)
/lib/dns/resolver.c: 2846 in resquery_connected()
/lib/dns/resolver.c: 2846 in resquery_connected()
/lib/dns/resolver.c: 2846 in resquery_connected()
/lib/dns/resolver.c: 2846 in resquery_connected()
________________________________________________________________________________________________________
*** CID 339071: (USE_AFTER_FREE)
/lib/dns/resolver.c: 2846 in resquery_connected()
2840 fctx_cancelquery(query, NULL, false, false);
2841 fctx_done(fctx, eresult, __LINE__);
2842 break;
2843 }
2844
2845 detach:
CID 339071: (USE_AFTER_FREE)
Calling "resquery_detach" frees pointer "query" which has already been freed.
2846 resquery_detach(&query);
2847 }
2848
2849 static void
2850 fctx_finddone(isc_task_t *task, isc_event_t *event) {
2851 fetchctx_t *fctx;
/lib/dns/resolver.c: 2846 in resquery_connected()
2840 fctx_cancelquery(query, NULL, false, false);
2841 fctx_done(fctx, eresult, __LINE__);
2842 break;
2843 }
2844
2845 detach:
CID 339071: (USE_AFTER_FREE)
Calling "resquery_detach" frees pointer "query" which has already been freed.
2846 resquery_detach(&query);
2847 }
2848
2849 static void
2850 fctx_finddone(isc_task_t *task, isc_event_t *event) {
2851 fetchctx_t *fctx;
/lib/dns/resolver.c: 2846 in resquery_connected()
2840 fctx_cancelquery(query, NULL, false, false);
2841 fctx_done(fctx, eresult, __LINE__);
2842 break;
2843 }
2844
2845 detach:
CID 339071: (USE_AFTER_FREE)
Calling "resquery_detach" frees pointer "query" which has already been freed.
2846 resquery_detach(&query);
2847 }
2848
2849 static void
2850 fctx_finddone(isc_task_t *task, isc_event_t *event) {
2851 fetchctx_t *fctx;
/lib/dns/resolver.c: 2846 in resquery_connected()
2840 fctx_cancelquery(query, NULL, false, false);
2841 fctx_done(fctx, eresult, __LINE__);
2842 break;
2843 }
2844
2845 detach:
CID 339071: (USE_AFTER_FREE)
Calling "resquery_detach" frees pointer "query" which has already been freed.
2846 resquery_detach(&query);
2847 }
2848
2849 static void
2850 fctx_finddone(isc_task_t *task, isc_event_t *event) {
2851 fetchctx_t *fctx;
```
```
** CID 339070: Memory - corruptions (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 339070: Memory - corruptions (USE_AFTER_FREE)
/lib/dns/request.c: 920 in request_cancel()
914
915 request->flags |= DNS_REQUEST_F_CANCELED;
916 request->flags &= ~DNS_REQUEST_F_CONNECTING;
917
918 if (request->dispentry != NULL) {
919 dns_dispatch_cancel(request->dispentry);
CID 339070: Memory - corruptions (USE_AFTER_FREE)
Calling "dns_dispatch_removeresponse" frees pointer "request->dispentry" which has already been freed.
920 dns_dispatch_removeresponse(&request->dispentry);
921 }
922
923 dns_dispatch_detach(&request->dispatch);
924 }
925 }
```
```
** CID 339069: (USE_AFTER_FREE)
/lib/dns/resolver.c: 1776 in resquery_senddone()
/lib/dns/resolver.c: 1776 in resquery_senddone()
________________________________________________________________________________________________________
*** CID 339069: (USE_AFTER_FREE)
/lib/dns/resolver.c: 1776 in resquery_senddone()
1770 fctx_cancelquery(query, NULL, false, false);
1771 fctx_done(fctx, eresult, __LINE__);
1772 break;
1773 }
1774
1775 detach:
CID 339069: (USE_AFTER_FREE)
Calling "resquery_detach" frees pointer "query" which has already been freed.
1776 resquery_detach(&query);
1777 }
1778
1779 static inline isc_result_t
1780 fctx_addopt(dns_message_t *message, unsigned int version, uint16_t udpsize,
1781 dns_ednsopt_t *ednsopts, size_t count) {
/lib/dns/resolver.c: 1776 in resquery_senddone()
1770 fctx_cancelquery(query, NULL, false, false);
1771 fctx_done(fctx, eresult, __LINE__);
1772 break;
1773 }
1774
1775 detach:
CID 339069: (USE_AFTER_FREE)
Calling "resquery_detach" frees pointer "query" which has already been freed.
1776 resquery_detach(&query);
1777 }
1778
1779 static inline isc_result_t
1780 fctx_addopt(dns_message_t *message, unsigned int version, uint16_t udpsize,
1781 dns_ednsopt_t *ednsopts, size_t count) {
```
```
** CID 339068: Memory - corruptions (USE_AFTER_FREE)
________________________________________________________________________________________________________
*** CID 339068: Memory - corruptions (USE_AFTER_FREE)
/lib/dns/resolver.c: 1397 in fctx_cancelquery()
1391 /*
1392 * Check for any outstanding dispatch responses and if they
1393 * exist, cancel them.
1394 */
1395 if (query->dispentry != NULL) {
1396 dns_dispatch_cancel(query->dispentry);
CID 339068: Memory - corruptions (USE_AFTER_FREE)
Calling "dns_dispatch_removeresponse" frees pointer "query->dispentry" which has already been freed.
1397 dns_dispatch_removeresponse(&query->dispentry);
1398 }
1399
1400 if (ISC_LINK_LINKED(query, link)) {
1401 ISC_LIST_UNLINK(fctx->queries, query, link);
1402 }
```January 2023 (9.16.37, 9.16.37-S1, 9.18.11, 9.18.11-S1, 9.19.9)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2927lame servers with IPv6 unreachable make dispatch@netmgr stuck on shutdown2022-01-26T11:33:41ZOndřej Surýlame servers with IPv6 unreachable make dispatch@netmgr stuck on shutdownSo, I narrowed it down to a single query:
```
dig -p 5300 IN A mail.lab.comcor.ru. @10.10.10.20
```
which goes like this:
```
04-Oct-2021 09:25:59.507 resolver priming query complete
04-Oct-2021 09:26:16.119 network unreachable resolvi...So, I narrowed it down to a single query:
```
dig -p 5300 IN A mail.lab.comcor.ru. @10.10.10.20
```
which goes like this:
```
04-Oct-2021 09:25:59.507 resolver priming query complete
04-Oct-2021 09:26:16.119 network unreachable resolving '_.ru/A/IN': 2001:500:2f::f#53
04-Oct-2021 09:26:16.119 network unreachable resolving '_.ru/A/IN': 2001:500:12::d0d#53
04-Oct-2021 09:26:16.135 network unreachable resolving '_.comcor.ru/A/IN': 2001:678:15:0:193:232:142:17#53
04-Oct-2021 09:26:16.135 network unreachable resolving '_.comcor.ru/A/IN': 2001:678:18:0:194:190:124:17#53
04-Oct-2021 09:26:16.135 network unreachable resolving '_.comcor.ru/A/IN': 2001:678:17:0:193:232:128:6#53
04-Oct-2021 09:26:16.135 network unreachable resolving '_.comcor.ru/A/IN': 2001:678:16:0:194:85:252:62#53
04-Oct-2021 09:26:16.135 network unreachable resolving '_.comcor.ru/A/IN': 2001:678:14:0:193:232:156:17#53
04-Oct-2021 09:26:16.143 network unreachable resolving '_.lab.comcor.ru/A/IN': 2a02:290:0:2::5#53
04-Oct-2021 09:26:16.143 network unreachable resolving '_.lab.comcor.ru/A/IN': 2a02:290:0:1::4#53
04-Oct-2021 09:26:16.203 network unreachable resolving 'ns.lab.comcor.ru/AAAA/IN': 2001:678:17:0:193:232:128:6#53
04-Oct-2021 09:26:16.207 network unreachable resolving 'ns.lab.comcor.ru/AAAA/IN': 2001:678:18:0:194:190:124:17#53
04-Oct-2021 09:26:16.207 network unreachable resolving 'ns.lab.comcor.ru/AAAA/IN': 2001:678:16:0:194:85:252:62#53
04-Oct-2021 09:26:16.251 lame server resolving 'mail.lab.comcor.ru' (in 'lab.COMCOR.ru'?): 212.45.0.3#53
04-Oct-2021 09:26:16.335 network unreachable resolving 'ns.lab.comcor.ru/AAAA/IN': 2a02:290:0:2::5#53
04-Oct-2021 09:26:16.443 lame server resolving 'ns.lab.comcor.ru' (in 'lab.COMCOR.ru'?): 212.45.0.3#53
```
You also need to have broken IPv6 :-), it doesn't happen when I run `named -4`.
#### Edited ####
This is caused by the new dispatch code:
1. Start `named -p 5300 -g -c /dev/null`
2. Start `dnsperf -s 127.0.0.1 -p 5300 -D -d queryfile-example-10million-201202`
3. Press Ctrl-C
4. `named` doesn't stop:
```
$ eu-stack -p $(pidof named)
PID 275694 - process
TID 275694:
#0 0x00007f4b7bac9c61 clock_nanosleep@@GLIBC_2.17
#1 0x00007f4b7bacf443 __nanosleep
#2 0x00007f4b7bafa125 usleep
#3 0x00007f4b7c476f19 isc__taskmgr_destroy
#4 0x00007f4b7c45b994 isc_managers_destroy
#5 0x0000564d877b86cf destroy_managers
#6 0x0000564d877b86da cleanup
#7 0x0000564d877ba041 main
#8 0x00007f4b7ba2ad0a __libc_start_main
#9 0x0000564d877ae9ca _start
TID 275708:
#0 0x00007f4b7bb02116 epoll_wait
#1 0x00007f4b7be18b3f uv__io_poll
#2 0x00007f4b7be07714 uv_run
#3 0x00007f4b7c43c33e nm_thread
#4 0x00007f4b7c47ce50 isc__trampoline_run
#5 0x00007f4b7bbd1ea7 start_thread
#6 0x00007f4b7bb01def __clone
TID 275709:
#0 0x00007f4b7bbd8ad8 pthread_cond_timedwait@@GLIBC_2.3.2
#1 0x00007f4b7c44f081 isc_condition_waituntil
#2 0x00007f4b7c479dab run
#3 0x00007f4b7c47ce50 isc__trampoline_run
#4 0x00007f4b7bbd1ea7 start_thread
#5 0x00007f4b7bb01def __clone
TID 275710:
#0 0x00007f4b7bb02116 epoll_wait
#1 0x00007f4b7c46f6f2 netthread
#2 0x00007f4b7c47ce50 isc__trampoline_run
#3 0x00007f4b7bbd1ea7 start_thread
#4 0x00007f4b7bb01def __clone
```
+1 we are obviously missing a system test for this kind of scenario.November 2021 (9.16.23, 9.16.23-S1, 9.17.20)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/kea/-/issues/2119Wiki link to Developer's guide is broken2021-10-04T10:38:32ZFrancis DupontWiki link to Developer's guide is brokenCurrent link under the `jenkins` name is https://jenkins.isc.org/job/Kea_doc/doxygen/
Obviously it should point to the new AWS Jenkins or another site...Current link under the `jenkins` name is https://jenkins.isc.org/job/Kea_doc/doxygen/
Obviously it should point to the new AWS Jenkins or another site...Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2926use netmgr for route sockets and remove isc_socket2022-01-21T13:44:36ZEvan Huntuse netmgr for route sockets and remove isc_socketThe last remaining use of `isc_socket` and `isc_socketmgr` in BIND is for the netlink/route sockets that are used to scan for interface changes.
The libuv documentation indicates that any socket that honors the datagram contract can be ...The last remaining use of `isc_socket` and `isc_socketmgr` in BIND is for the netlink/route sockets that are used to scan for interface changes.
The libuv documentation indicates that any socket that honors the datagram contract can be passed to `uv_udp_open()`, so we should be able to make the netmgr do this instead.November 2021 (9.16.23, 9.16.23-S1, 9.17.20)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/kea-packaging/-/issues/6Add gss-tsig hook2021-10-07T12:17:14ZFrancis DupontAdd gss-tsig hookAdding a package for the gss-tsig hook.Adding a package for the gss-tsig hook.Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/stork/-/issues/589Kea timeout in system tests2022-06-22T14:51:49ZSlawek FigielKea timeout in system testsDuring resolving #552 we found a rare problem with a Kea timeout.
It looks like the problem occurs when the Kea uses many network configurations.
```
> assert data['total'] == 6912
E KeyError: 'total'
agent = <container...During resolving #552 we found a rare problem with a Kea timeout.
It looks like the problem occurs when the Kea uses many network configurations.
```
> assert data['total'] == 6912
E KeyError: 'total'
agent = <containers.StorkAgentContainer object at 0x7f25865631f0>
data = {'items': None}
i = 29
m = {'address': '10.69.61.73', 'agentPort': 8080, 'agentToken': '79C7F48C7860CA179B14E01CAFC07C383B86E630F3EB3573CE0E83162FFD57F0', 'agentVersion': '0.20.0', ...}
r = <Response [200]>
server = <containers.StorkServerContainer object at 0x7f2586558640>
tests.py:267: KeyError
```
I think that our test shouldn't fail in this case, but wait for the end of processing.
I attach all collected logs to this issue.
[stork-agent-0.log](/uploads/e6327e9188b14fbcb7772e719658363b/stork-agent-0.log)
[stork-server-0.log](/uploads/b8e0b97d42377948223c3f2bf5021519/stork-server-0.log)
[raw.txt](/uploads/e75df69ca44eadc2d0c2943f0de220b3/raw.txt)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/2118bump up kea version2021-10-07T09:57:56ZWlodzimierz Wencelbump up kea versionafter 2.0.0 release we need 2.1.0-git in configure.acafter 2.0.0 release we need 2.1.0-git in configure.ackea2.1.0https://gitlab.isc.org/isc-projects/kea/-/issues/2117keactl does not color code status for DHCP-DDNS2021-11-16T07:13:00ZAndrey Pevnevkeactl does not color code status for DHCP-DDNSContinuing https://gitlab.isc.org/isc-projects/kea/-/issues/1424 - it looks like [this](https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/bin/keactrl/keactrl.in#L544) line needs to say `$active` not `"active"`. Thanks!Continuing https://gitlab.isc.org/isc-projects/kea/-/issues/1424 - it looks like [this](https://gitlab.isc.org/isc-projects/kea/-/blob/master/src/bin/keactrl/keactrl.in#L544) line needs to say `$active` not `"active"`. Thanks!kea2.1.1Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/stork/-/issues/588Load kea config from another kea server2021-10-12T13:17:29ZPeter DaviesLoad kea config from another kea serverLoad kea config from another kea server
I would appear we have all the necessary mechanisms to enable a secondary HA server to load its configuration from the primary.
This feature could be enabled with a command line parameter that co...Load kea config from another kea server
I would appear we have all the necessary mechanisms to enable a secondary HA server to load its configuration from the primary.
This feature could be enabled with a command line parameter that could instruct the server to look and retrieve its config from a server/address before loading its local config.
In this way users running into issues caused by mismatching configurations and typos.
The interface name and "this-server-name" would need to be syntherzied somehow.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/587IPv6 support in Stork system test framework2023-07-27T12:26:19ZSlawek FigielIPv6 support in Stork system test frameworkThe system tests framework incorrectly handles IPv6 addresses. It causes a system test building to fail on some configurations.
We need to rewrite our scripts to support this IP schema.
We noticed also that some system tests were execut...The system tests framework incorrectly handles IPv6 addresses. It causes a system test building to fail on some configurations.
We need to rewrite our scripts to support this IP schema.
We noticed also that some system tests were executed, but produce incorrect results when IPv6 was used. We need to prepare some unit and system tests to cover IPv6-based configurations.
```
distro_agent = 'ubuntu/18.04', distro_server = 'centos/8'
@pytest.mark.parametrize("distro_agent, distro_server", SUPPORTED_DISTROS)
def test_pkg_upgrade_server_token(distro_agent, distro_server):
"""Check if Stork agent and server can be upgraded from latest release
to localy built packages."""
server = containers.StorkServerContainer(alias=distro_server)
agent = containers.StorkAgentContainer(alias=distro_agent)
# install the latest version of stork from cloudsmith
server.setup_bg('cloudsmith')
while server.mgmt_ip is None:
time.sleep(0.1)
agent.setup_bg('cloudsmith', server.mgmt_ip)
server.setup_wait()
agent.setup_wait()
# login
r = server.api_post('/sessions', json=dict(useremail='admin', userpassword='admin'), expected_status=200) # TODO: POST should return 201
assert r.json()['login'] == 'admin'
# install local packages
banner('UPGRADING STORK SERVER')
server.prepare_stork_server()
# get server token from server
for i in range(100):
try:
r = server.api_get('/machines-server-token')
break
except:
if i == 99:
raise
time.sleep(1)
data = r.json()
server_token = data['token']
# install kea on the agent machine
agent.install_kea()
# install local packages using server token based way
banner('UPGRADING STORK AGENT')
server_url = 'http://%s:8080' % server.mgmt_ip
> agent.run('curl -o stork-install-agent.sh %s/stork-install-agent.sh' % server_url)
agent = <containers.StorkAgentContainer object at 0x7fdd88d29970>
data = {'token': 'o85LV4YpOCqapgfaiZ4feeoUJL4fiw8v'}
distro_agent = 'ubuntu/18.04'
distro_server = 'centos/8'
i = 0
r = <Response [200]>
server = <containers.StorkServerContainer object at 0x7fdd88bfa040>
server_token = 'o85LV4YpOCqapgfaiZ4feeoUJL4fiw8v'
server_url = 'http://fd42:6657:6f41:ab43:216:3eff:fe59:2fea:8080'
tests.py:211:
_ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _ _
self = <containers.StorkAgentContainer object at 0x7fdd88d29970>, cmd = 'curl -o stork-install-agent.sh http://fd42:6657:6f41:ab43:216:3eff:fe59:2fea:8080/stork-install-agent.sh'
env = {'LANG': 'en_US.UTF-8', 'LANGUAGE': 'en_US:UTF-8', 'LC_ALL': 'en_US.UTF-8'}, ignore_error = False, attempts = 1, sleep_time_after_attempt = None
def run(self, cmd, env=None, ignore_error=False, attempts=1, sleep_time_after_attempt=None):
cmd2 = shlex.split(cmd)
if env is None:
env = {}
env['LANG'] = "en_US.UTF-8"
env['LANGUAGE'] = "en_US:UTF-8"
env['LC_ALL'] = "en_US.UTF-8"
for attempt in range(attempts):
result = self.cntr.execute(cmd2, env)
out = 'run: %s\n' % cmd
out += result[1]
self._trace_logs(out, 'out')
self._trace_logs(result[2], 'err')
if result[0] == 0:
break
elif attempt < attempts - 1:
print('command failed, retry, attempt %d/%d' % (attempt, attempts))
if sleep_time_after_attempt:
time.sleep(sleep_time_after_attempt)
if result[0] != 0 and not ignore_error:
> raise Exception('problem with cmd: %s' % cmd)
E Exception: problem with cmd: curl -o stork-install-agent.sh http://fd42:6657:6f41:ab43:216:3eff:fe59:2fea:8080/stork-install-agent.sh
attempt = 0
attempts = 1
cmd = 'curl -o stork-install-agent.sh http://fd42:6657:6f41:ab43:216:3eff:fe59:2fea:8080/stork-install-agent.sh'
cmd2 = ['curl', '-o', 'stork-install-agent.sh', 'http://fd42:6657:6f41:ab43:216:3eff:fe59:2fea:8080/stork-install-agent.sh']
env = {'LANG': 'en_US.UTF-8', 'LANGUAGE': 'en_US:UTF-8', 'LC_ALL': 'en_US.UTF-8'}
ignore_error = False
out = 'run: curl -o stork-install-agent.sh http://fd42:6657:6f41:ab43:216:3eff:fe59:2fea:8080/stork-install-agent.sh\n'
result = InstanceExecuteResult(exit_code=3, stdout='', stderr="curl: (3) Port number ended with ':'\n")
self = <containers.StorkAgentContainer object at 0x7fdd88d29970>
sleep_time_after_attempt = None
containers.py:228: Exception
```outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2925Defining "default" "http" clause should not be allowed in the configuration2021-10-05T10:12:27ZArtem BoldarievDefining "default" "http" clause should not be allowed in the configurationDefining 'default' 'http' configuration should not be allowed in configuration files, as `default` is reserved for internal use in `listen-on` statements. For example, the following configuration file should be rejected:
```
tls local-t...Defining 'default' 'http' configuration should not be allowed in configuration files, as `default` is reserved for internal use in `listen-on` statements. For example, the following configuration file should be rejected:
```
tls local-tls {
key-file "key.pem";
cert-file "cert.pem";
};
http default {
endpoints { "/dns-query"; };
listener-clients 100;
streams-per-connection 100;
};
options {
listen-on { 10.53.0.1; };
http-port 80;
https-port 443;
http-listener-clients 100;
http-streams-per-connection 100;
listen-on port 443 tls local-tls http default { 10.53.0.1; };
listen-on port 8080 tls none http default { 10.53.0.1; };
};
```October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/kea/-/issues/2115gss: rename the GSS hook to libddns_gss_tsig.so2021-12-09T15:46:06ZTomek Mrugalskigss: rename the GSS hook to libddns_gss_tsig.soThe hook library is called `libdhcp_gss_tsig.so`, which is a copy-paste error from other hooks that are supposed to be loaded by DHCP. When Kea hooks are installed into one directory, the original idea of starting the name with `libdhcp_...The hook library is called `libdhcp_gss_tsig.so`, which is a copy-paste error from other hooks that are supposed to be loaded by DHCP. When Kea hooks are installed into one directory, the original idea of starting the name with `libdhcp_` was to identify that the hook is supposed to be loaded by DHCP daemons. That is not the case for gss.
This should be renamed to `libd2_gss_tsig.so` or `libddns_gss_tsig.so`.kea2.1.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2114build with gssapi and without unit test fail2021-12-09T15:46:06ZWlodzimierz Wencelbuild with gssapi and without unit test failwhen used `--with-gssapi` and without `--with-gtest-source` kea still try to build nsupdate needed for tests:
```
make[7]: Leaving directory '/home/wlodek/kea/premium/src/hooks/d2/gss_tsig/libloadtests'
Making all in tests
make[7]: Enter...when used `--with-gssapi` and without `--with-gtest-source` kea still try to build nsupdate needed for tests:
```
make[7]: Leaving directory '/home/wlodek/kea/premium/src/hooks/d2/gss_tsig/libloadtests'
Making all in tests
make[7]: Entering directory '/home/wlodek/kea/premium/src/hooks/d2/gss_tsig/tests'
Making all in .
make[8]: Entering directory '/home/wlodek/kea/premium/src/hooks/d2/gss_tsig/tests'
CXXLD nsupdate
/usr/bin/ld: /usr/lib/gcc/x86_64-linux-gnu/8/../../../x86_64-linux-gnu/Scrt1.o: in function `_start':
(.text+0x20): undefined reference to `main'
collect2: error: ld returned 1 exit status
make[8]: *** [Makefile:683: nsupdate] Error 1
make[8]: Leaving directory '/home/wlodek/kea/premium/src/hooks/d2/gss_tsig/tests'
make[7]: *** [Makefile:897: all-recursive] Error 1
make[7]: Leaving directory '/home/wlodek/kea/premium/src/hooks/d2/gss_tsig/tests'
make[6]: *** [Makefile:809: all-recursive] Error 1
make[6]: Leaving directory '/home/wlodek/kea/premium/src/hooks/d2/gss_tsig'
make[5]: *** [Makefile:459: all-recursive] Error 1
make[5]: Leaving directory '/home/wlodek/kea/premium/src/hooks/d2'
make[4]: *** [Makefile:456: all-recursive] Error 1
make[4]: Leaving directory '/home/wlodek/kea/premium/src/hooks'
make[3]: *** [Makefile:456: all-recursive] Error 1
make[3]: Leaving directory '/home/wlodek/kea/premium/src'
make[2]: *** [Makefile:457: all-recursive] Error 1
make[2]: Leaving directory '/home/wlodek/kea/premium'
make[1]: *** [Makefile:626: all-recursive] Error 1
make[1]: Leaving directory '/home/wlodek/kea'
make: *** [Makefile:514: all] Error 2
```kea2.1.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2113Finish GSS doc (Krb5, bind9, AD setups) (followup)2021-12-09T15:46:05ZFrancis DupontFinish GSS doc (Krb5, bind9, AD setups) (followup)Followup of #2096Followup of #2096kea2.1.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2924heap-use-after-free caused by checking for duplicate "http" configurations2021-10-04T10:15:31ZArtem Boldarievheap-use-after-free caused by checking for duplicate "http" configurationsChecking for duplicate `http` clauses in configuration files leads to heap use after free.
```
=================================================================
==1833==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300002b...Checking for duplicate `http` clauses in configuration files leads to heap use after free.
```
=================================================================
==1833==ERROR: AddressSanitizer: heap-use-after-free on address 0x60300002b420 at pc 0x7fbcc0f4c4f2 bp 0x7ffdd9e9a170 sp 0x7ffdd9e99920
READ of size 1 at 0x60300002b420 thread T0
#0 0x7fbcc0f4c4f1 (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xb64f1)
#1 0x7fbcc0b2dacd in isc_symtab_define /builds/isc-projects/bind9/lib/isc/symtab.c:221
#2 0x7fbcbe556dfc in bind9_check_httpserver /builds/isc-projects/bind9/lib/bind9/check.c:2046
#3 0x7fbcbe556dfc in bind9_check_httpservers /builds/isc-projects/bind9/lib/bind9/check.c:2111
#4 0x7fbcbe556dfc in bind9_check_namedconf /builds/isc-projects/bind9/lib/bind9/check.c:5692
#5 0x55798af6ceb7 in main /builds/isc-projects/bind9/bin/check/named-checkconf.c:726
#6 0x7fbcbd83e09a in __libc_start_main ../csu/libc-start.c:308
#7 0x55798af697c9 in _start (/builds/isc-projects/bind9/bin/check/.libs/named-checkconf+0xa7c9)
0x60300002b420 is located 0 bytes inside of 18-byte region [0x60300002b420,0x60300002b432)
freed by thread T0 here:
#0 0x7fbcc0f7efb0 in __interceptor_free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe8fb0)
#1 0x7fbcc0ac2ca6 in sdallocx /builds/isc-projects/bind9/lib/isc/jemalloc_shim.h:39
#2 0x7fbcc0ac2ca6 in mem_put /builds/isc-projects/bind9/lib/isc/mem.c:361
#3 0x7fbcc0ac2ca6 in isc__mem_free /builds/isc-projects/bind9/lib/isc/mem.c:977
#4 0x7fbcbe556e22 in bind9_check_httpserver /builds/isc-projects/bind9/lib/bind9/check.c:2066
#5 0x7fbcbe556e22 in bind9_check_httpservers /builds/isc-projects/bind9/lib/bind9/check.c:2111
#6 0x7fbcbe556e22 in bind9_check_namedconf /builds/isc-projects/bind9/lib/bind9/check.c:5692
#7 0x55798af6ceb7 in main /builds/isc-projects/bind9/bin/check/named-checkconf.c:726
#8 0x7fbcbd83e09a in __libc_start_main ../csu/libc-start.c:308
previously allocated by thread T0 here:
#0 0x7fbcc0f7f330 in __interceptor_malloc (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xe9330)
#1 0x7fbcc0ac1020 in mallocx /builds/isc-projects/bind9/lib/isc/jemalloc_shim.h:29
#2 0x7fbcc0ac1020 in mem_get /builds/isc-projects/bind9/lib/isc/mem.c:341
#3 0x7fbcc0ac1020 in isc__mem_allocate /builds/isc-projects/bind9/lib/isc/mem.c:886
#4 0x7fbcc0ac429b in isc__mem_strdup /builds/isc-projects/bind9/lib/isc/mem.c:996
#5 0x7fbcbe556d8b in bind9_check_httpserver /builds/isc-projects/bind9/lib/bind9/check.c:2039
#6 0x7fbcbe556d8b in bind9_check_httpservers /builds/isc-projects/bind9/lib/bind9/check.c:2111
#7 0x7fbcbe556d8b in bind9_check_namedconf /builds/isc-projects/bind9/lib/bind9/check.c:5692
#8 0x55798af6ceb7 in main /builds/isc-projects/bind9/bin/check/named-checkconf.c:726
#9 0x7fbcbd83e09a in __libc_start_main ../csu/libc-start.c:308
SUMMARY: AddressSanitizer: heap-use-after-free (/usr/lib/x86_64-linux-gnu/libasan.so.5+0xb64f1)
Shadow bytes around the buggy address:
0x0c067fffd630: 00 00 00 fa fa fa 00 00 02 fa fa fa 00 00 00 fa
0x0c067fffd640: fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa 00 00
0x0c067fffd650: 00 fa fa fa 00 00 00 fa fa fa 00 00 00 00 fa fa
0x0c067fffd660: 00 00 02 fa fa fa 00 00 00 fa fa fa 00 00 00 fa
0x0c067fffd670: fa fa 00 00 00 00 fa fa 00 00 02 fa fa fa 00 00
=>0x0c067fffd680: 00 fa fa fa[fd]fd fd fa fa fa 00 00 02 fa fa fa
0x0c067fffd690: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fffd6a0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fffd6b0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fffd6c0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
0x0c067fffd6d0: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
Addressable: 00
Partially addressable: 01 02 03 04 05 06 07
Heap left redzone: fa
Freed heap region: fd
Stack left redzone: f1
Stack mid redzone: f2
Stack right redzone: f3
Stack after return: f5
Stack use after scope: f8
Global redzone: f9
Global init order: f6
Poisoned by user: f7
Container overflow: fc
Array cookie: ac
Intra object redzone: bb
ASan internal: fe
Left alloca redzone: ca
Right alloca redzone: cb
==1833==ABORTING
```
The problem was found by accident while working on a similar code in !5444October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/209DHCP not getting passed to IP phone2021-09-29T14:18:30ZMATT CERODHCP not getting passed to IP phoneI have PFSense working well in all aspects but when my Obihai 1022 phone is in DHCP it is not connecting to the network. All other clients are getting DHCP information and full functionality/networking from the DHCP server but the phone ...I have PFSense working well in all aspects but when my Obihai 1022 phone is in DHCP it is not connecting to the network. All other clients are getting DHCP information and full functionality/networking from the DHCP server but the phone is the only client not able to connect via DHCP. It works with static information. I've tried putting a static entry in PFSense to no avail please know. I'm not running any VLANs or anything special that would prevent it from working with a DHCP server. Below is the latest log entry.
THank you.
| Sep 29 07:00:34 | php-fpm | 344 | /system.php: The command '/usr/local/sbin/dhcpd -user dhcpd -group _dhcp -chroot /var/dhcpd -cf /etc/dhcpd.conf -pf /var/run/dhcpd.pid igb0 nfe0' returned exit code '1', the output was 'Internet Systems Consortium DHCP Server 4.4.2-P1 Copyright 2004-2021 Internet Systems Consortium. All rights reserved. For info, please visit https://www.isc.org/software/dhcp/ /etc/dhcpd.conf line 87: expecting allow/deny key \x09\x09ignore members ^ /etc/dhcpd.conf line 87: expecting a parameter or declaration \x09\x09ignore members of "9cadefc08ca9"; ^ Configuration file errors encountered -- exiting If you think you have received this message due to a bug rather than a configuration issue please read the section on submitting bugs on either our web page at www.isc.org or in the README file before submitting a bug. These pages explain the proper process and the information we find helpful for debugging. exiting.' |
|-----------------|---------|-----|-------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|https://gitlab.isc.org/isc-projects/stork/-/issues/586Display Access Points2022-01-31T18:43:36ZSlawek FigielDisplay Access PointsThe Stork stores the access points. They contain localization (IP address, port, info about protocol) in the network of Kea/BIND9 CAs.
The access points aren't presented in the Stork UI.
It may be useful to have a possibility to check:
...The Stork stores the access points. They contain localization (IP address, port, info about protocol) in the network of Kea/BIND9 CAs.
The access points aren't presented in the Stork UI.
It may be useful to have a possibility to check:
- Kea/BIND9 Control Agents are visible for the Stork Agent.
- Check ports used by Kea/BIND9 CAs
- Check that Kea CAs use an HTTPS protocol
- Check that BIND9 use a secure protocol1.1Marcin SiodelskiMarcin Siodelski