ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2024-01-03T14:09:50Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/5Revise coding style and documentation requirements2024-01-03T14:09:50ZOndřej SurýRevise coding style and documentation requirementsThis is unsorted list:
* [ ] opening curly braces on new line when the outside construct is multiline, e.g.
```
for (foo;
bar;
baz) {
```
vs current
```
for (foo;
bar;
baz)
{
```
* [ ] Using parentheses to e...This is unsorted list:
* [ ] opening curly braces on new line when the outside construct is multiline, e.g.
```
for (foo;
bar;
baz) {
```
vs current
```
for (foo;
bar;
baz)
{
```
* [ ] Using parentheses to explicitly set priority in conditions, e.g.
```
((foo == TRUE) || (bar == FALSE))
```
vs current
```
(foo == TRUE || bar == FALSE)
```
* [ ] Explicit `NULL` or `FALSE` comparison
```
(foo == FALSE && bar == NULL)
```
vs current
```
(!foo && !bar)
```November 2019 (9.11.13, 9.14.8, 9.15.6)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/5opcode/opcodeflg tests report timeout when server does not copy opcode2018-04-16T08:15:55ZPeter van Dijkopcode/opcodeflg tests report timeout when server does not copy opcode```
$ dig a tdns.powerdns.org @127.0.0.1 +opcode=15 +noedns +nodnssec +ignore
; <<>> DiG 9.11.2 <<>> a tdns.powerdns.org @127.0.0.1 +opcode=15 +noedns +nodnssec +ignore
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUER...```
$ dig a tdns.powerdns.org @127.0.0.1 +opcode=15 +noedns +nodnssec +ignore
; <<>> DiG 9.11.2 <<>> a tdns.powerdns.org @127.0.0.1 +opcode=15 +noedns +nodnssec +ignore
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOTIMP, id: 24795
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0
;; WARNING: recursion requested but not available
;; QUESTION SECTION:
;tdns.powerdns.org. IN A
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Fri Apr 13 17:56:42 CEST 2018
;; MSG SIZE rcvd: 35
```
Note that the server did not copy the opcode to the response. In this case, `genreport` apparently does not match the response to the query, unhelpfully reporting timeout.https://gitlab.isc.org/isc-projects/dhcp/-/issues/5Delete build instructions for NextStep and other obsolete systems2021-03-02T07:27:17ZVicky Riskvicky@isc.orgDelete build instructions for NextStep and other obsolete systemsI know this is a nit, but it bugs me to see NextStep and Ultrix and so on in the readme. If it is ok with you Thomas, let me know and I will delete the offending bits.
(Ideally, we would also add a platforms.md and list the platforms we ...I know this is a nit, but it bugs me to see NextStep and Ultrix and so on in the readme. If it is ok with you Thomas, let me know and I will delete the offending bits.
(Ideally, we would also add a platforms.md and list the platforms we test on and know it works on there.)4.4.2https://gitlab.isc.org/isc-projects/stork/-/issues/5Set up Prometheus & Grafana2019-08-13T14:33:32ZTomek MrugalskiSet up Prometheus & GrafanaOnce #3 is done, we need to have prometheus and Grafana installed on stork.lab.isc.orgOnce #3 is done, we need to have prometheus and Grafana installed on stork.lab.isc.orgMichal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/5Configuration parser for NETCONF2022-10-27T12:44:25ZTomek MrugalskiConfiguration parser for NETCONFThis task covers writing configuration parser for kea-netconf. This configuration will cover things like:
- which model(s) to subscribe to
- which translators to load
- where send the JSON commands (stdout, unix socket, http socket)
- l...This task covers writing configuration parser for kea-netconf. This configuration will cover things like:
- which model(s) to subscribe to
- which translators to load
- where send the JSON commands (stdout, unix socket, http socket)
- loggingKea1.5-beta1https://gitlab.isc.org/isc-projects/kea/-/issues/32Extend DHCP configuration to point to the config backend2018-10-08T13:05:34ZGhost UserExtend DHCP configuration to point to the config backendWe need at least two configuration parameters: *config-database* and *server-tag* for DHCP servers.
See the https://gitlab.isc.org/isc-projects/kea/wikis/designs/configuration-in-db-design.
We need at least two configuration parameters: *config-database* and *server-tag* for DHCP servers.
See the https://gitlab.isc.org/isc-projects/kea/wikis/designs/configuration-in-db-design.
Kea1.5-beta1Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/6Merge trusted-key and managed-keys2024-01-03T14:09:50ZOndřej SurýMerge trusted-key and managed-keysThis was discussed during the KSK-2017 roll, we need to either:
a) make `trusted-keys` to bootstrap `managed-keys`, e.g. make `trusted-keys` functionally equivalent to `managed-keys`
b) remove `trusted-keys` completely (maybe in next re...This was discussed during the KSK-2017 roll, we need to either:
a) make `trusted-keys` to bootstrap `managed-keys`, e.g. make `trusted-keys` functionally equivalent to `managed-keys`
b) remove `trusted-keys` completely (maybe in next release?)BIND 9.15.2https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/6IDN domains do not work2018-06-01T09:02:30ZPetr Špačekpspacek@isc.orgIDN domains do not workExamples:
* háčkyčárky.cz
* öko.de
* różyczka.pl
* 艶やかコンパクト.comExamples:
* háčkyčárky.cz
* öko.de
* różyczka.pl
* 艶やかコンパクト.comhttps://gitlab.isc.org/isc-projects/kea/-/issues/6Simplify CPL framework to be more suitable for kea-netconf2022-10-27T12:44:25ZTomek MrugalskiSimplify CPL framework to be more suitable for kea-netconfThe CPL framework that was initially designed and developed for D2 and was later used for CA is considered superior to what DHCPv4 and DHCPv6 use. However it has a number of disadvantages that should be mitigated:
- way too many classes...The CPL framework that was initially designed and developed for D2 and was later used for CA is considered superior to what DHCPv4 and DHCPv6 use. However it has a number of disadvantages that should be mitigated:
- way too many classes needed (agent, classes derived derived from controller, process, DCfgContextBase, DCfgMgrBase)
- lack of common class to store logging information (Daemon from libdhcpsrv is used for this, resulting in the need to include libdhcpsrv library everywhere)Kea1.5-beta1https://gitlab.isc.org/isc-projects/dhcp/-/issues/6DHCPv6 lease length logging2021-03-02T07:27:17ZGhost UserDHCPv6 lease length logging---
name: DHCPv6 - on commit {} - preferred lifetime / valid lifetime incorrect values available
---
**Describe the bug**
When logging preferred and valid lifetime using on commit {} client requested values are recorded instead of serve...---
name: DHCPv6 - on commit {} - preferred lifetime / valid lifetime incorrect values available
---
**Describe the bug**
When logging preferred and valid lifetime using on commit {} client requested values are recorded instead of server provided values.
**To Reproduce**
Use a MacOS DHCPv6 client.
Add this bit to the dhcp config:
```
on commit {
if exists dhcp6.ia-na {
log(debug,
concat( "PREFERREDLIFETIME: ",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-na,32,4)),",",
"VALIDLIFETIME: ",binary-to-ascii(10, 32, "", substring(option dhcp6.ia-na,36,4))
)
);
}
}
```
which prints a log line like this:
`Sep 15 18:53:49 dhcp-server-1 dhcpd: PREFERREDLIFETIME: 0,VALIDLIFETIME: 0`
**Expected behavior**
Should print a log line with the server provided preferred and valid lifetimes (ie: the values being sent back to the client. In my test case was 375 and 600)
**Environment:**
- ISC DHCP version: 4.4.1
- OS: Linux (custom)
- Which features were compiled in
```
./configure --prefix=/usr \
--sysconfdir=/etc \
--enable-secs-byteorder \
--localstatedir=/var/state/dhcp \
--with-srv-lease-file=/var/state/dhcp/dhcpd.leases \
--with-srv6-lease-file=/var/state/dhcp/dhcpd6.leases \
--with-srv-pid-file=/var/run/dhcpd.pid \
--with-srv6-pid-file=/var/run/dhcpd6.pid;
```
**Additional Information**
when committing a lease to an Apple Mac mini (el Capitan) which generates a conventional log line like this:
```
Sep 15 18:53:48 dhcp-server-1 dhcpd: Relay-forward message from 2001:DB8:2e50:e8::1 port 547, link address 2001:DB8:2e50:e8::1, peer address fe80::225:4bff:fea0:6fe8
Sep 15 18:53:48 dhcp-server-1 dhcpd: Advertise NA: address 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe to client with duid 00:01:00:01:20:e5:6e:2d:00:25:4b:a0:6f:e8 iaid = 0 valid for 600 seconds
Sep 15 18:53:48 dhcp-server-1 dhcpd: Sending Relay-reply to 2001:DB8:2e50:e8::1 port 547
Sep 15 18:53:49 dhcp-server-1 dhcpd: Relay-forward message from 2001:DB8:2e50:e8::1 port 547, link address 2001:DB8:2e50:e8::1, peer address fe80::225:4bff:fea0:6fe8
Sep 15 18:53:49 dhcp-server-1 dhcpd: Reply NA: address 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe to client with duid 00:01:00:01:20:e5:6e:2d:00:25:4b:a0:6f:e8 iaid = 0 valid for 600 seconds
Sep 15 18:53:49 dhcp-server-1 dhcpd: Sending Relay-reply to 2001:DB8:2e50:e8::1 port 547
```
Using tcpdump, I can see that the client request had preferred and valid lifetimes of 0 but the reply from the server had preferred lifetime of 375 and valid lifetime of 600.
```
1505501629.303271 IP6 (class 0xe0, hlim 255, next-header UDP (17) payload length: 197) 2001:DB8:2e50:e8::1.547 > 2001:DB8:2e50:e4::226.547: [udp sum ok] dhcp6 relay-fwd (linkaddr=2001:DB8:2e50:e8::1 peeraddr=fe80::225:4bff:fea0:6fe8 (relay-message (dhcp6 request (xid=450fb (client-ID hwaddr/time type 1 time 551906861 00254ba06fe8) (option-request DNS-server DNS-search-list) (elapsed-time 0) (server-ID hwaddr/time type 1 time 542736789 00259061f77a) (IA_NA IAID:0 T1:0 T2:0 (IA_ADDR 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe pltime:0 vltime:0)))) (opt_79) (interface-ID 4769302f302f312e3234...) (Remote-ID 9 0200010000f0000a0003...))
1505501629.303633 IP6 (hlim 64, next-header UDP (17) payload length: 181) 2001:DB8:2e50:e4::226.547 > 2001:DB8:2e50:e8::1.547: [udp sum ok] dhcp6 relay-reply (linkaddr=2001:DB8:2e50:e8::1 peeraddr=fe80::225:4bff:fea0:6fe8 (interface-ID 4769302f302f312e3234...) (relay-message (dhcp6 reply (xid=450fb (IA_NA IAID:0 T1:0 T2:0 (IA_ADDR 2001:DB8:2e50:e8:7fff:ffff:ffff:fffe pltime:375 vltime:600)) (client-ID hwaddr/time type 1 time 551906861 00254ba06fe8) (server-ID hwaddr/time type 1 time 542736789 00259061f77a) (DNS-server 2001:DB8:2e50:a::10 2001:DB8:2e50:a::74))))
```
It seems that option dhcp6.ia-na during the on commit {} may contain data from the client request packet instead of the server reply packet.
This seems to me like it should be considered a bug since it makes it impossible to get the lease time during on commit {}.
**Describe alternatives you've considered**
Presently I'm running tshark to extract the lease length and log it that way. This is not an ideal solution.
**Contacting you**
please contact me if you need to: perl-list at network1.netOutstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/6Prepare Grafana template for Kea/Bind2019-09-23T11:46:00ZTomek MrugalskiPrepare Grafana template for Kea/BindOnce #5 is done, we need to come up with a nice initial template that will show statistics from both BIND and Kea.
We can start with a BIND dashboard someone created: https://grafana.com/grafana/dashboards/1666 and then extend it to cov...Once #5 is done, we need to come up with a nice initial template that will show statistics from both BIND and Kea.
We can start with a BIND dashboard someone created: https://grafana.com/grafana/dashboards/1666 and then extend it to cover Kea.Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/7Obsolete domain-lookaside-validation2024-01-03T14:09:50ZOndřej SurýObsolete domain-lookaside-validation1. Announce on bind9-users list :white_check_mark:
https://lists.isc.org/pipermail/bind-users/2019-June/101972.html
2. Write a I-D/RFC to move the DLV RFCs to Historic status.
In progress: https://datatracker.ietf.org/doc/draft-...1. Announce on bind9-users list :white_check_mark:
https://lists.isc.org/pipermail/bind-users/2019-June/101972.html
2. Write a I-D/RFC to move the DLV RFCs to Historic status.
In progress: https://datatracker.ietf.org/doc/draft-mekking-dnsop-obsolete-dlv/
3. Mark the dnssec-lookaside deprecated in 9.15/9.16. :white_check_mark:
4. Remove the code related to DLV in the next stable release.Not plannedhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/7redirect to results sometimes does not work2018-06-04T06:50:21ZPetr Špačekpspacek@isc.orgredirect to results sometimes does not workIt seems that some zones are broken enough to break ednscomp web tool.
E.g. testing zone `mfcr.cz` using https://ednscomp.isc.org/ednscomp/ leads at first to incomplete page. JSON API returns empty document for this site.
Please improv...It seems that some zones are broken enough to break ednscomp web tool.
E.g. testing zone `mfcr.cz` using https://ednscomp.isc.org/ednscomp/ leads at first to incomplete page. JSON API returns empty document for this site.
Please improve the behavior, it breaks workflow and confuses people who try to test their domains.https://gitlab.isc.org/isc-projects/kea/-/issues/7Implement libyang library2022-10-27T12:44:25ZTomek MrugalskiImplement libyang libraryThis task covers adding a libyang library. It has at least provide:
- makefile changes to build a new lib
- unit-tests
- translation utilities for netconf primitives (int, string, bool, etc) to JSON and vice versa
- a base class for tra...This task covers adding a libyang library. It has at least provide:
- makefile changes to build a new lib
- unit-tests
- translation utilities for netconf primitives (int, string, bool, etc) to JSON and vice versa
- a base class for translator
- a base class for watcher (a piece of code that exposes a callback that can be called when certain part of netconf tree changes)Kea1.5-beta1Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/dhcp/-/issues/7Improve error message "mdb.c(319): non-null pointer"2021-03-02T07:27:17ZCathy AlmondImprove error message "mdb.c(319): non-null pointer"Per Support ticket [RT #14122](https://support.isc.org/Ticket/Display.html?id=14122)
In a dhcpd.conf that contains both client identifier AND uid in the
same host declaration, the following warning message is emitted as dhcpd starts:
`...Per Support ticket [RT #14122](https://support.isc.org/Ticket/Display.html?id=14122)
In a dhcpd.conf that contains both client identifier AND uid in the
same host declaration, the following warning message is emitted as dhcpd starts:
`mdb.c(319): non-null pointer`
Having both is ambiguous and not supported - but the error message is not in the least helpful or useful for diagnosing what is wrong.4.4.2Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/stork/-/issues/7Experiment with node exporter2019-07-29T13:19:08ZTomek MrugalskiExperiment with node exporterWe want to gather hardware and OS statistics. There is dedicated node exporter for this.
The goal of this task is to install node exporter and evaluate its usefulness.
Please write down installation instructions, so others can easily r...We want to gather hardware and OS statistics. There is dedicated node exporter for this.
The goal of this task is to install node exporter and evaluate its usefulness.
Please write down installation instructions, so others can easily reproduce the procedure.https://gitlab.isc.org/isc-projects/bind9/-/issues/8Update the used C standard to C112024-01-03T14:09:50ZOndřej SurýUpdate the used C standard to C11Require C11 (or rather gnu11) support from compiler, and there are some next relevant steps:
* [ ] Use C11 data types (uintXX_t, boolean, etc...) #9
* [ ] Use and require atomic primitives support #10
* [ ] Benefit from better multi-th...Require C11 (or rather gnu11) support from compiler, and there are some next relevant steps:
* [ ] Use C11 data types (uintXX_t, boolean, etc...) #9
* [ ] Use and require atomic primitives support #10
* [ ] Benefit from better multi-threading support in the language #11BIND-9.13.3Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/8genreport -E does not output anything for some NSes2018-06-07T07:07:10ZPetr Špačekpspacek@isc.orggenreport -E does not output anything for some NSesHello,
it seems that `genreport -E` does not output anything for certain domains. I've tracked down this to NSSET `ns[12].parkingcrew.net.`
Example:
```
$ ~/pkg/DNS-Compliance-Testing/genreport -E
obchodniplatforma.cz.
```
Interesting...Hello,
it seems that `genreport -E` does not output anything for certain domains. I've tracked down this to NSSET `ns[12].parkingcrew.net.`
Example:
```
$ ~/pkg/DNS-Compliance-Testing/genreport -E
obchodniplatforma.cz.
```
Interestingly it seems to work without `-E`:
```
$ ~/pkg/DNS-Compliance-Testing/genreport
obchodniplatforma.cz.
obchodniplatforma.cz. @54.75.226.194 (ns2.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @54.75.227.14 (ns1.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.22.2.242 (ns2.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.2.199.197 (ns1.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.89.204.2 (ns2.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.88.191.171 (ns1.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.68.87.177 (ns1.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.69.248.231 (ns2.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.64.97.236 (ns1.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
obchodniplatforma.cz. @52.64.133.131 (ns2.parkingcrew.net.): dns=ok edns=noopt edns1=noerror,noopt,soa edns@512=noopt ednsopt=noopt edns1opt=noerror,noopt,soa do=noopt ednsflags=noopt optlist=noopt signed=noopt ednstcp=noopt
```https://gitlab.isc.org/isc-projects/kea/-/issues/8Kea should print out info about opened ctrl socket2022-10-27T12:44:25ZMarcin SiodelskiKea should print out info about opened ctrl socketKea should print out information about control socket __acceptor__ being opened.
This should be printed on info level.
For the original ticket see https://kea.isc.org/ticket/5598Kea should print out information about control socket __acceptor__ being opened.
This should be printed on info level.
For the original ticket see https://kea.isc.org/ticket/5598Kea1.5-beta1Marcin SiodelskiMarcin Siodelski2018-07-12https://gitlab.isc.org/isc-projects/dhcp/-/issues/9DHClient: static lease not assigned with no DHCP Server responding (No DHCPOF...2019-11-18T16:38:29ZGhost UserDHClient: static lease not assigned with no DHCP Server responding (No DHCPOFFERS received.)---
name: DHC Client: Access all dynamic and static leases on signal
about: debugging DHC client
---
**Some initial questions**
- Are you sure your feature is not already implemented in the latest ISC DHCP version? YES
- Are you sure ...---
name: DHC Client: Access all dynamic and static leases on signal
about: debugging DHC client
---
**Some initial questions**
- Are you sure your feature is not already implemented in the latest ISC DHCP version? YES
- Are you sure your feature is not already implemented in the latest Kea version? YES - this is a Client issue.
- Are you sure what you would like to do is not possible using some other mechanisms?
- Have you discussed your idea on dhcp-users or dhcp-workers mailing lists? unk
**Is your feature request related to a problem? Please describe.**
Was trying to troubleshoot an issue:
In principle: dhclient does not use the static leases as of
current (and for a couple of versions) if all dynamic leases have expired
because of a programming bug in dhclient.c, routine state_panic in line 2331:
loop needs to be set to 0/NUL here, otherwise with no dynamic leases around
the variable loop is already dhclient->active when reaching line 2403 (after
jumping to activate_next), hence that static lease never gets into the while
loop and never gets activated, instead the "no leases in persistent database
- sleeping" message arrives, dhclient removes the IP and kills the network.
We currently experience such a problem where a DHCP server (by a router of an
ISP) does not respond for hours (for unknown reasons) causing havoc in the
network (which otherwise would work).
I have for now recompiled my own version with that bug fix in place which
works well now.
**Describe the solution you'd like**
I'd like to file a feature request to be able to see the internal
leases database (including dynamic and static leases with all details) upon a
signal (e.g. kill -USR1 pid of dhclient), this would be extremely useful for
such debugging purposes. So far I assumed the entry in the dhclient.conf
wasn't valid/erroneous and therefore rejected somehow.
**Describe alternatives you've considered**
**Additional context**
**Funding its development**
**Participating in development**
**Contacting you**
(request entered on behalf of the user, who had trouble setting up a valid account on Gitlab)4.4.2Thomas MarkwalderThomas Markwalder