ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2019-01-17T01:26:58Zhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/11Add support to report how long a entry has been in error.2019-01-17T01:26:58ZMark AndrewsAdd support to report how long a entry has been in error.add the ability to specify a database to record this information.
use a key of <zone> or <zone,server,type> or < zone,server,address> depending upon the error type.
record the fail timestamp on error, do not update if it already exists.
...add the ability to specify a database to record this information.
use a key of <zone> or <zone,server,type> or < zone,server,address> depending upon the error type.
record the fail timestamp on error, do not update if it already exists.
clear the above keys on success where success is:
* ns lookup succeeded for <zone>
* address lookup succeeded for <zone,server,type>
* tests succeeded for zone,server,address>https://gitlab.isc.org/isc-projects/bind9/-/issues/862simplify and speed up clean.sh in system tests2019-02-06T05:33:56ZEvan Huntsimplify and speed up clean.sh in system testsMoved here from a discussion in !1454. @ondrej has suggested we use files in system tests, similar to .gitignore files, to indicate which other files need to be removed during test cleanup.Moved here from a discussion in !1454. @ondrej has suggested we use files in system tests, similar to .gitignore files, to indicate which other files need to be removed during test cleanup.Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/445add support for mongo db2019-02-07T17:00:17ZGhost Useradd support for mongo db---
name: mongodb
about: add mongodb support to kea dhcp server
---
**Some initial questions**
- could not find this request anywhere in issues or on the web
- sure, there are other databases support; but that's not the point
**Is you...---
name: mongodb
about: add mongodb support to kea dhcp server
---
**Some initial questions**
- could not find this request anywhere in issues or on the web
- sure, there are other databases support; but that's not the point
**Is your feature request related to a problem? Please describe.**
- Reduction of the numbers of databases on the client's systems
**Describe the solution you'd like**
- allow kea administrators to configure mongodb in kea
**Describe alternatives you've considered**
- Not really.
**Additional context**
- No.
**Funding its development**
- Sure to some very small degree.
**Participating in development**
- design discussions and testing
**Contacting you**
- Private messages to my gitlab.isc.org registered email address are fine.outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/896Create KB article on QNAME minimization2019-02-21T14:07:25ZStephen MorrisCreate KB article on QNAME minimization(Action from internal BIND Outreach meeting.)(Action from internal BIND Outreach meeting.)https://gitlab.isc.org/isc-projects/kea/-/issues/581ISC DHCP "decline"2019-04-18T15:36:10ZFrancis DupontISC DHCP "decline"According to ISC DHCP dhcpd config doc:
```
The declines keyword
allow declines;
deny declines;
ignore declines;
The DHCPDECLINE message is used by DHCP clients to indicate that the lease the se...According to ISC DHCP dhcpd config doc:
```
The declines keyword
allow declines;
deny declines;
ignore declines;
The DHCPDECLINE message is used by DHCP clients to indicate that the lease the server has
offered is not valid. When the server receives a DHCPDECLINE for a particular address, it
normally abandons that address, assuming that some unauthorized system is using it. Unfor-
tunately, a malicious or buggy client can, using DHCPDECLINE messages, completely exhaust
the DHCP server's allocation pool. The server will eventually reclaim these leases, but not
while the client is running through the pool. This may cause serious thrashing in the DNS,
and it will also cause the DHCP server to forget old DHCP client address allocations.
The declines flag tells the DHCP server whether or not to honor DHCPDECLINE messages. If it
is set to deny or ignore in a particular scope, the DHCP server will not respond to DHCPDE-
CLINE messages.
The declines flag is only supported by DHCPv4 servers. Given the large IPv6 address space
and the internal limits imposed by the server's address generation mechanism we don't think
it is necessary for DHCPv6 servers at this time.
Currently, abandoned IPv6 addresses are reclaimed in one of two ways:
a) Client renews a specific address:
If a client using a given DUID submits a DHCP REQUEST containing
the last address abandoned by that DUID, the address will be
reassigned to that client.
b) Upon the second restart following an address abandonment. When
an address is abandoned it is both recorded as such in the lease
file and retained as abandoned in server memory until the server
is restarted. Upon restart, the server will process the lease file
and all addresses whose last known state is abandoned will be
retained as such in memory but not rewritten to the lease file.
This means that a subsequent restart of the server will not see the
abandoned addresses in the lease file and therefore have no record
of them as abandoned in memory and as such perceive them as free
for assignment.
The total number addresses in a pool, available for a given DUID value, is internally lim-
ited by the server's address generation mechanism. If through mistaken configuration, mul-
tiple clients are using the same DUID they will competing for the same addresses causing the
server to reach this internal limit rather quickly. The internal limit isolates this type
of activity such that address range is not exhausted for other DUID values. The appearance
of the following error log, can be an indication of this condition:
"Best match for DUID <XX> is an abandoned address, This may be a
result of multiple clients attempting to use this DUID"
where <XX> is an actual DUID value depicted as colon separated
string of bytes in hexadecimal values.
```ISC DHCP Migrationhttps://gitlab.isc.org/isc-projects/kea/-/issues/586disable dhcpdecline via configuration option2019-04-25T16:01:56ZGhost Userdisable dhcpdecline via configuration optionI disabled the DHCPDECLINE feature in the KEA source.
In our FTTH access network IP conflict never ever can happen, because of the dhcp snooping
based IP- and ARP anti spoofing, so processing the DHCPDECLINE messages from the clients is ...I disabled the DHCPDECLINE feature in the KEA source.
In our FTTH access network IP conflict never ever can happen, because of the dhcp snooping
based IP- and ARP anti spoofing, so processing the DHCPDECLINE messages from the clients is just a vulnerability.
I suggest the DHCPDECLINE feature should be disable via configuration option, global or/and subnet level.outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/1039Tag based policy controls2019-05-17T12:56:21ZRay BellisTag based policy controlsWe need a syntax and mechanism to apply policy controls (e.g. per #825 and #826) based on EDNS Client Tag (see #960)We need a syntax and mechanism to apply policy controls (e.g. per #825 and #826) based on EDNS Client Tag (see #960)https://gitlab.isc.org/isc-projects/bind9/-/issues/1105named-checkconf option to convert deprecated options2019-06-25T07:37:00ZMatthijs Mekkingmatthijs@isc.orgnamed-checkconf option to convert deprecated optionsRequest- an option that would deal with the options that are deprecated and deliver a nice `named.conf`. For example, `managed-keys` and `trusted-keys` would be translated to `dnssec-keys`. Obsoleted options (like `dnssec-enable`) would ...Request- an option that would deal with the options that are deprecated and deliver a nice `named.conf`. For example, `managed-keys` and `trusted-keys` would be translated to `dnssec-keys`. Obsoleted options (like `dnssec-enable`) would be filtered out. This would be useful only if it could also preserve the comments in the file, which currently are stripped by -checkconf.)https://gitlab.isc.org/isc-projects/bind9/-/issues/1107managed-keys.bind error related to changing working directory back and forth2019-06-25T10:58:28ZOndřej Surýmanaged-keys.bind error related to changing working directory back and forthWhen you change workdir back and forth, the `managed-keys.bind` + journal gets left in the place and then loaded back leading to:
```
25-Jun-2019 12:55:17.921 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer compl...When you change workdir back and forth, the `managed-keys.bind` + journal gets left in the place and then loaded back leading to:
```
25-Jun-2019 12:55:17.921 managed-keys-zone: Key 20326 for zone . is now trusted (acceptance timer complete)
25-Jun-2019 12:55:17.922 malformed transaction: managed-keys.bind.jnl last serial 6 != transaction first serial 7
25-Jun-2019 12:55:17.922 managed-keys-zone: keyfetch_done:dns_journal_write_transaction -> unexpected error
25-Jun-2019 12:55:17.922 managed-keys-zone: error during managed-keys processing (unexpected error): DNSSEC validation may be at risk
```
We probably need to cleanup the old file when changing the working directory and doing reconfigs on the fly.https://gitlab.isc.org/isc-projects/kea/-/issues/718RESTful API for Kea Control Agent (GSoC 2019)2019-08-06T11:08:58ZJames WangRESTful API for Kea Control Agent (GSoC 2019)Kea Control Agent currently implements an RPC-style API where all work is done by POSTing a command with arguments. This issue explores how to implement a true RESTful style API for Kea CA.
* Original [proposal](https://summerofcode.wit...Kea Control Agent currently implements an RPC-style API where all work is done by POSTing a command with arguments. This issue explores how to implement a true RESTful style API for Kea CA.
* Original [proposal](https://summerofcode.withgoogle.com/dashboard/project/6159304481046528/details/) for this project
* The draft API reference can be found [here](https://gitlab.isc.org/Rinne0410/kea/wikis/API-references). It will be moved to main Wiki once finalized
* The underlying implementation design can be found [here](https://gitlab.isc.org/Rinne0410/kea/wikis/New-API-design)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/541auto-generated config parsing tests are currently limited to "Dhcp4Parser*.*"2019-08-08T16:20:44ZThomas Markwalderauto-generated config parsing tests are currently limited to "Dhcp4Parser*.*"The following discussion from !254 should be addressed:
- [ ] @marcin started a [discussion](https://gitlab.isc.org/isc-projects/kea/merge_requests/254#note_48600): (+4 comments)
> Now that you trained me how to re-generate the un...The following discussion from !254 should be addressed:
- [ ] @marcin started a [discussion](https://gitlab.isc.org/isc-projects/kea/merge_requests/254#note_48600): (+4 comments)
> Now that you trained me how to re-generate the unit tests in get_config_unittests.cc I wonder if enabling this test that calls `extractConfig` should result in re-generating the tests?outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/739More metadata checks in MySQL CB unit tests2019-08-08T16:23:54ZFrancis DupontMore metadata checks in MySQL CB unit testsAs we already do in CB cmds hook add more metadata checks in MySQL CB unit tests (reference https://gitlab.isc.org/isc-projects/kea/merge_requests/424#note_68391)As we already do in CB cmds hook add more metadata checks in MySQL CB unit tests (reference https://gitlab.isc.org/isc-projects/kea/merge_requests/424#note_68391)outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/879Implement SLAAC (stateless IPv6 configuration) daemon2019-09-05T15:54:40ZTomek MrugalskiImplement SLAAC (stateless IPv6 configuration) daemonThis is an experiment we (@fdupont, @godfryd, @tomek) did during a hackathon in Prague. For details, see
https://gitlab.isc.org/isc-projects/kea/wikis/hackathon/slaac.
This ticket is created to slowly evolve the code into something tha...This is an experiment we (@fdupont, @godfryd, @tomek) did during a hackathon in Prague. For details, see
https://gitlab.isc.org/isc-projects/kea/wikis/hackathon/slaac.
This ticket is created to slowly evolve the code into something that could one day be accepted as experimental feature in Kea.outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/1167Add SRP update policy rule.2019-09-06T02:47:55ZMark AndrewsAdd SRP update policy rule.See also #1166 See also #1166 https://gitlab.isc.org/isc-projects/bind9/-/issues/1166Add code to identify SRP messages and potential extract the KEY RRset from th...2019-09-06T02:48:19ZMark AndrewsAdd code to identify SRP messages and potential extract the KEY RRset from the message.For background see [draft-ietf-dnssd-srp](https://tools.ietf.org/html/draft-ietf-dnssd-srp).
See also #1167For background see [draft-ietf-dnssd-srp](https://tools.ietf.org/html/draft-ietf-dnssd-srp).
See also #1167https://gitlab.isc.org/isc-projects/bind9/-/issues/1254Follow-up from "silence clang warning by using local variable."2019-10-02T08:05:26ZOndřej SurýFollow-up from "silence clang warning by using local variable."The following discussion from !2419 should be addressed:
- [ ] @ondrej started a [discussion](https://gitlab.isc.org/isc-projects/bind9/merge_requests/2419#note_80780): (+1 comment)
> There's more usage of `isc_commandline_index` ...The following discussion from !2419 should be addressed:
- [ ] @ondrej started a [discussion](https://gitlab.isc.org/isc-projects/bind9/merge_requests/2419#note_80780): (+1 comment)
> There's more usage of `isc_commandline_index` (and other global variables from `lib/isc/commandline.c`) scattered over BIND 9 source code.
>
> I would rather see a refactoring of the API that would not use global variables and would better cover common usage patterns than selectively applying ducktape to silence one specific compiler. The whole isc_commandline API is not thread-safe and it should be.
>
> The `isc_commandline_index`, `isc_commandline_option`, `isc_commandline_argument` should be moved to `isc_commandline_parse()` as arguments, `isc_commandline_reset` should be a function, and `isc_commandline_errprint` should be argument to new `isc_commandline_init()` function. `isc_commandline_progname` is used only internally.
>
> As a side note - the whole usage of non-const `LIBISC_EXTERNAL_DATA` variables should be eradicated.Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/902Configuration Backend in DHCPv4 dhcp4_subnet not display2019-10-03T19:12:39ZGhost UserConfiguration Backend in DHCPv4 dhcp4_subnet not display![image](/uploads/78df9669353f2e41db6aac33097f6b65/image.png)
this is sql dhcp4_options tables
this is post confi-get , not code 3 display in subnet id 216,99
"subnet4": [
{
"4o6-interface": "...![image](/uploads/78df9669353f2e41db6aac33097f6b65/image.png)
this is sql dhcp4_options tables
this is post confi-get , not code 3 display in subnet id 216,99
"subnet4": [
{
"4o6-interface": "",
"4o6-interface-id": "",
"4o6-subnet": "",
"id": 99,
"option-data": [
{
"always-send": false,
"code": 3,
"csv-format": true,
"data": "192.168.0.1",
"name": "routers",
"space": "dhcp4"
}
],
"pools": [
{
"option-data": [],
"pool": "192.168.0.10-192.168.0.100"
}
],
"relay": {
"ip-addresses": []
},
"reservations": [],
"subnet": "192.168.0.0/24"
},
{
"4o6-interface": "",
"4o6-interface-id": "",
"4o6-subnet": "",
"id": 100,
"option-data": [],
"pools": [
{
"option-data": [],
"pool": "192.168.1.10-192.168.1.100"
}
],
"relay": {
"ip-addresses": []
},
"reservations": [],
"subnet": "192.168.1.0/24"
},
{
"4o6-interface": "",
"4o6-interface-id": "",
"4o6-subnet": "",
"id": 216,
"option-data": [
{
"always-send": false,
"code": 6,
"csv-format": true,
"data": "172.22.1.253",
"name": "domain-name-servers",
"space": "dhcp4"
},
{
"always-send": false,
"code": 4,
"csv-format": true,
"data": "10.10.10.50",
"name": "time-servers",
"space": "dhcp4"
}
],
"pools": [
{
"option-data": [],
"pool": "172.30.216.10-172.30.216.20"
}
],
"relay": {
"ip-addresses": []
},
"reservations": [],
"subnet": "172.30.216.0/21"
}
],outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/927Improve parsing of commas within text strings2019-10-17T15:43:43ZMichael McNallyImprove parsing of commas within text stringsOur friend Shawn, on support ticket [#15079](https://support.isc.org/Ticket/Display.html?id=15079) was having a bit of awkwardness trying to define some string-valued options in which the strings contained commas.
He wrote:
>>>
We have ...Our friend Shawn, on support ticket [#15079](https://support.isc.org/Ticket/Display.html?id=15079) was having a bit of awkwardness trying to define some string-valued options in which the strings contained commas.
He wrote:
>>>
We have a customer attempting to put a comma separated string into an option defined as text in Kea. Kea appears to be treating the comma as a delimiter for arrays and discarding the comma and the text after the comma. It appears that you may have addressed this issue somewhat in 1.6.0 but I wanted to check if there is any way to escape or otherwise allow for commas in text strings in 1.5.0.
For example given this option definition
```
{
"space": "dhcp4",
"code": 176,
"type": "string",
"name": "test"
}
```
And this specification for the option value
```
{
"name": "test",
"code": 177,
"data": "foo,bar"
}
```
We are only seeing "foo" put into the packet sent to the client. I have tried single quoting the text
"'foo,bar'" and escaping the comma "foo\,bar" and neither seem to work.
>>>
In a subsequent response on the same ticket he mentions that he has found a way to successfully escape the commas using multiple backslashes but this is likely to be a situation encountered by other operators who may find it similarly confusing, therefore we should consider (ideally) improving the parsing of commas that are within string literals OR (if not) at least better documenting how to use them.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/929replace boost::shared_ptr/weak_ptr and similar components with std::shared_pt...2019-10-17T15:53:34ZRazvan Becheriureplace boost::shared_ptr/weak_ptr and similar components with std::shared_ptr/std::weak_ptr and respective std componentsAs the code uses std::shared_ptr and boost_shared_ptr, the code should use only c++11 stl (std) components (if provided).
From what I know, only multi index container is not implemented in stl. Everything else should be stl.As the code uses std::shared_ptr and boost_shared_ptr, the code should use only c++11 stl (std) components (if provided).
From what I know, only multi index container is not implemented in stl. Everything else should be stl.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/938Implement RFC8539 (new softwire options)2019-10-24T15:54:34ZTomek MrugalskiImplement RFC8539 (new softwire options)There's a new [RFC 8539](https://tools.ietf.org/html/rfc8539) published. We should support it one day.
As there are currently no known customers or users and the complexity of its implementation is non-trivial, this is not a high priority.There's a new [RFC 8539](https://tools.ietf.org/html/rfc8539) published. We should support it one day.
As there are currently no known customers or users and the complexity of its implementation is non-trivial, this is not a high priority.outstanding