ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2021-06-01T02:57:23Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2740Not able to parse zone file with ZONEMD other than sha3842021-06-01T02:57:23ZLibor PeltanNot able to parse zone file with ZONEMD other than sha384Neither `named`, nor `dnssec-verify` is not able to load zone file with a ZONEMD record other than sha384.
When I try to load `named` with sha512-ZONEMD in zone file, it fails with
```
31-May-2021 20:09:42.137 dns_rdata_fromtext: /home/...Neither `named`, nor `dnssec-verify` is not able to load zone file with a ZONEMD record other than sha384.
When I try to load `named` with sha512-ZONEMD in zone file, it fails with
```
31-May-2021 20:09:42.137 dns_rdata_fromtext: /home/peltan/conf/1/example.com.zone:67: near '2e0cc4827e7a3204': extra input text
```
Similar error occurs with `dnssec-verify`.
Bind9 version is 9.16.6:
```
BIND 9.16.6-Ubuntu (Stable Release) <id:25846cf>
running on Linux x86_64 5.8.0-53-generic #60-Ubuntu SMP Thu May 6 07:46:32 UTC 2021
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--disable-isc-spnego' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-aPvtn0/bind9-9.16.6=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 10.2.0
compiled with OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
linked to OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
compiled with libuv version: 1.38.0
linked to libuv version: 1.38.0
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.4.2
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```https://gitlab.isc.org/isc-projects/stork/-/issues/5500.18 release changes2021-06-01T09:54:47ZAndrei Pavelandrei@isc.org0.18 release changes0.18Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2739ThreadSanitizer: data race lib/isc/task.c:435 in task_send (unprotected acces...2021-06-15T02:53:51ZOndřej SurýThreadSanitizer: data race lib/isc/task.c:435 in task_send (unprotected access to `task->threadid`)(This should be ultimately resolved by making the tasks to be assigned to a single worker for their entire lifetime.)
```
==================
WARNING: ThreadSanitizer: data race (pid=32684)
Write of size 4 at 0x7b3800034688 by thread T...(This should be ultimately resolved by making the tasks to be assigned to a single worker for their entire lifetime.)
```
==================
WARNING: ThreadSanitizer: data race (pid=32684)
Write of size 4 at 0x7b3800034688 by thread T1 (mutexes: write M134399044339482320, write M230660, write M362957240824530600, write M239952160606078560):
#0 task_send /builds/isc-projects/bind9/lib/isc/task.c:435 (libisc-9.16.16.so+0x66587)
#1 isc_task_sendtoanddetach /builds/isc-projects/bind9/lib/isc/task.c:515 (libisc-9.16.16.so+0x66587)
#2 isc_task_sendanddetach /builds/isc-projects/bind9/lib/isc/task.c:456 (libisc-9.16.16.so+0x669bd)
#3 dns_resolver_cancelfetch /builds/isc-projects/bind9/lib/dns/resolver.c:11159 (libdns-9.16.16.so+0x19a861)
#4 ns_query_cancel /builds/isc-projects/bind9/lib/ns/query.c:653 (libns-9.16.16.so+0x30ad8)
#5 ns_client_killoldestquery /builds/isc-projects/bind9/lib/ns/client.c:175 (libns-9.16.16.so+0xea95)
#6 ns_query_recurse /builds/isc-projects/bind9/lib/ns/query.c:6302 (libns-9.16.16.so+0x327d2)
#7 query_delegation_recurse /builds/isc-projects/bind9/lib/ns/query.c:8643 (libns-9.16.16.so+0x4093c)
#8 query_delegation /builds/isc-projects/bind9/lib/ns/query.c:8589 (libns-9.16.16.so+0x4093c)
#9 query_gotanswer /builds/isc-projects/bind9/lib/ns/query.c:7322 (libns-9.16.16.so+0x3c4f9)
#10 query_lookup /builds/isc-projects/bind9/lib/ns/query.c:5919 (libns-9.16.16.so+0x3dbb7)
#11 ns__query_start /builds/isc-projects/bind9/lib/ns/query.c:5561 (libns-9.16.16.so+0x3ebc9)
#12 query_setup /builds/isc-projects/bind9/lib/ns/query.c:5274 (libns-9.16.16.so+0x477a2)
#13 ns_query_start /builds/isc-projects/bind9/lib/ns/query.c:11870 (libns-9.16.16.so+0x48073)
#14 ns__client_request /builds/isc-projects/bind9/lib/ns/client.c:2165 (libns-9.16.16.so+0x15bd8)
#15 isc__nm_async_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:2575 (libisc-9.16.16.so+0x4883e)
#16 isc__nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:2550 (libisc-9.16.16.so+0x489e7)
#17 udp_recv_cb /builds/isc-projects/bind9/lib/isc/netmgr/udp.c:426 (libisc-9.16.16.so+0x4fd79)
#18 <null> <null> (libuv.so.1+0x1d6d4)
#19 isc__trampoline_run /builds/isc-projects/bind9/lib/isc/trampoline.c:191 (libisc-9.16.16.so+0x6bdc5)
#20 <null> <null> (libtsan.so.0+0x29b3d)
Previous read of size 4 at 0x7b3800034688 by thread T3:
#0 task_ready /builds/isc-projects/bind9/lib/isc/task.c:347 (libisc-9.16.16.so+0x6a1dc)
#1 isc_task_unpause /builds/isc-projects/bind9/lib/isc/task.c:1230 (libisc-9.16.16.so+0x6a1dc)
#2 ns__client_request /builds/isc-projects/bind9/lib/ns/client.c:2191 (libns-9.16.16.so+0x15bed)
#3 isc__nm_async_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:2575 (libisc-9.16.16.so+0x4883e)
#4 isc__nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:2550 (libisc-9.16.16.so+0x489e7)
#5 udp_recv_cb /builds/isc-projects/bind9/lib/isc/netmgr/udp.c:426 (libisc-9.16.16.so+0x4fd79)
#6 <null> <null> (libuv.so.1+0x1d6d4)
#7 isc__trampoline_run /builds/isc-projects/bind9/lib/isc/trampoline.c:191 (libisc-9.16.16.so+0x6bdc5)
#8 <null> <null> (libtsan.so.0+0x29b3d)
Location is heap block of size 209 at 0x7b3800034640 allocated by thread T1:
#0 malloc <null> (libtsan.so.0+0x2b1a3)
#1 default_memalloc /builds/isc-projects/bind9/lib/isc/mem.c:717 (libisc-9.16.16.so+0x3796e)
#2 mem_get /builds/isc-projects/bind9/lib/isc/mem.c:626 (libisc-9.16.16.so+0x384b6)
#3 mem_allocateunlocked /builds/isc-projects/bind9/lib/isc/mem.c:1292 (libisc-9.16.16.so+0x384b6)
#4 isc___mem_allocate /builds/isc-projects/bind9/lib/isc/mem.c:1312 (libisc-9.16.16.so+0x384b6)
#5 isc__mem_allocate /builds/isc-projects/bind9/lib/isc/mem.c:2563 (libisc-9.16.16.so+0x3e6e0)
#6 isc___mem_get /builds/isc-projects/bind9/lib/isc/mem.c:1061 (libisc-9.16.16.so+0x3ec16)
#7 isc__mem_get /builds/isc-projects/bind9/lib/isc/mem.c:2542 (libisc-9.16.16.so+0x3d7de)
#8 isc_task_create_bound /builds/isc-projects/bind9/lib/isc/task.c:216 (libisc-9.16.16.so+0x67f93)
#9 ns_clientmgr_create /builds/isc-projects/bind9/lib/ns/client.c:2475 (libns-9.16.16.so+0x110b2)
#10 ns_interface_create /builds/isc-projects/bind9/lib/ns/interfacemgr.c:430 (libns-9.16.16.so+0x19fe5)
#11 ns_interface_setup /builds/isc-projects/bind9/lib/ns/interfacemgr.c:513 (libns-9.16.16.so+0x19fe5)
#12 do_scan /builds/isc-projects/bind9/lib/ns/interfacemgr.c:1088 (libns-9.16.16.so+0x1b4e4)
#13 ns_interfacemgr_scan0 /builds/isc-projects/bind9/lib/ns/interfacemgr.c:1147 (libns-9.16.16.so+0x1bad9)
#14 ns_interfacemgr_scan /builds/isc-projects/bind9/lib/ns/interfacemgr.c:1195 (libns-9.16.16.so+0x1bc30)
#15 load_configuration server.c:8871 (named+0x55513)
#16 run_server server.c:9815 (named+0x5b132)
#17 task_run /builds/isc-projects/bind9/lib/isc/task.c:852 (libisc-9.16.16.so+0x68ae9)
#18 isc_task_run /builds/isc-projects/bind9/lib/isc/task.c:945 (libisc-9.16.16.so+0x68ae9)
#19 isc__nm_async_task /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:880 (libisc-9.16.16.so+0x40ba0)
#20 process_netievent /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:959 (libisc-9.16.16.so+0x48f04)
#21 process_queue /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:1028 (libisc-9.16.16.so+0x496de)
#22 process_all_queues /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:799 (libisc-9.16.16.so+0x49fae)
#23 async_cb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:828 (libisc-9.16.16.so+0x49fae)
#24 <null> <null> (libuv.so.1+0x10667)
#25 isc__trampoline_run /builds/isc-projects/bind9/lib/isc/trampoline.c:191 (libisc-9.16.16.so+0x6bdc5)
#26 <null> <null> (libtsan.so.0+0x29b3d)
Mutex M134399044339482320 is already destroyed.
Mutex M230660 (0x7b7c001b8488) created at:
#0 pthread_mutex_init <null> (libtsan.so.0+0x2c5ad)
#1 isc__mutex_init /builds/isc-projects/bind9/lib/isc/pthreads/mutex.c:288 (libisc-9.16.16.so+0x888f7)
#2 ns_query_init /builds/isc-projects/bind9/lib/ns/query.c:798 (libns-9.16.16.so+0x32012)
#3 ns__client_setup /builds/isc-projects/bind9/lib/ns/client.c:2291 (libns-9.16.16.so+0x10cbf)
#4 ns__client_request /builds/isc-projects/bind9/lib/ns/client.c:1658 (libns-9.16.16.so+0x134c4)
#5 isc__nm_async_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:2575 (libisc-9.16.16.so+0x4883e)
#6 isc__nm_readcb /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:2550 (libisc-9.16.16.so+0x489e7)
#7 udp_recv_cb /builds/isc-projects/bind9/lib/isc/netmgr/udp.c:426 (libisc-9.16.16.so+0x4fd79)
#8 <null> <null> (libuv.so.1+0x1d6d4)
#9 isc__trampoline_run /builds/isc-projects/bind9/lib/isc/trampoline.c:191 (libisc-9.16.16.so+0x6bdc5)
#10 <null> <null> (libtsan.so.0+0x29b3d)
Mutex M362957240824530600 is already destroyed.
Mutex M239952160606078560 is already destroyed.
Thread T1 'isc-net-0000' (tid=32699, running) created by main thread at:
#0 pthread_create <null> (libtsan.so.0+0x2be1b)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:79 (libisc-9.16.16.so+0x889a0)
#2 isc__netmgr_create /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:374 (libisc-9.16.16.so+0x41619)
#3 isc_managers_create /builds/isc-projects/bind9/lib/isc/managers.c:33 (libisc-9.16.16.so+0x359cb)
#4 create_managers main.c:920 (named+0x2886e)
#5 setup main.c:1245 (named+0x2886e)
#6 main main.c:1548 (named+0x2886e)
Thread T3 'isc-net-0002' (tid=32701, running) created by main thread at:
#0 pthread_create <null> (libtsan.so.0+0x2be1b)
#1 isc_thread_create /builds/isc-projects/bind9/lib/isc/pthreads/thread.c:79 (libisc-9.16.16.so+0x889a0)
#2 isc__netmgr_create /builds/isc-projects/bind9/lib/isc/netmgr/netmgr.c:374 (libisc-9.16.16.so+0x41619)
#3 isc_managers_create /builds/isc-projects/bind9/lib/isc/managers.c:33 (libisc-9.16.16.so+0x359cb)
#4 create_managers main.c:920 (named+0x2886e)
#5 setup main.c:1245 (named+0x2886e)
#6 main main.c:1548 (named+0x2886e)
SUMMARY: ThreadSanitizer: data race /builds/isc-projects/bind9/lib/isc/task.c:435 in task_send
```July 2021 (9.11.34, 9.11.34-S1, 9.16.19, 9.16.19-S1, 9.17.16)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/stork/-/issues/549rake uninstall2022-02-04T08:26:20ZTomek Mrugalskirake uninstallWe do have installation procedure (`rake install`), but there is no uninstall. As reported [here](https://gitlab.isc.org/isc-projects/stork/-/issues/540#note_212156).We do have installation procedure (`rake install`), but there is no uninstall. As reported [here](https://gitlab.isc.org/isc-projects/stork/-/issues/540#note_212156).outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1907catch all exceptions in main functions2021-06-09T20:00:50ZRazvan Becheriucatch all exceptions in main functionscatch all exceptions in main functionscatch all exceptions in main functionskea1.9.9Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1906lenient_option_parsing_ not initialized in SrvConfig constructor2021-06-01T09:17:32ZRazvan Becheriulenient_option_parsing_ not initialized in SrvConfig constructorkea1.9.9Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2738LeakSanitizer: detected memory leaks in in ns_listenelt_create()2022-12-14T18:30:51ZOndřej SurýLeakSanitizer: detected memory leaks in in ns_listenelt_create()```
=================================================================
==21575==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 352 byte(s) in 1 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/b...```
=================================================================
==21575==ERROR: LeakSanitizer: detected memory leaks
Direct leak of 352 byte(s) in 1 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ede8558 in CRYPTO_zalloc (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x18e558)
Indirect leak of 10040 byte(s) in 68 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ede8558 in CRYPTO_zalloc (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x18e558)
Indirect leak of 526 byte(s) in 1 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ed0c260 (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0xb2260)
Indirect leak of 512 byte(s) in 1 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ecfd16a in ASN1_item_sign_ctx (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0xa316a)
Indirect leak of 312 byte(s) in 3 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ed2b3c6 in BN_MONT_CTX_new (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0xd13c6)
Indirect leak of 208 byte(s) in 2 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ed3ac9b in BUF_MEM_grow (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0xe0c9b)
Indirect leak of 146 byte(s) in 2 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ee682bb (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x20e2bb)
Indirect leak of 130 byte(s) in 9 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ed02989 in ASN1_STRING_set (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0xa8989)
Indirect leak of 128 byte(s) in 2 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ede8558 in CRYPTO_zalloc (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x18e558)
#2 0x7f513f2d2463 in ns_listenelt_create /builds/isc-projects/bind9/lib/ns/listenlist.c:42:12
#3 0x56bada in ns_listenelt_fromconfig /builds/isc-projects/bind9/bin/named/server.c:10959:11
#4 0x555f57 in ns_listenlist_fromconfig /builds/isc-projects/bind9/bin/named/server.c:10841:12
#5 0x549b8b in load_configuration /builds/isc-projects/bind9/bin/named/server.c:8842:10
#6 0x510458 in run_server /builds/isc-projects/bind9/bin/named/server.c:9820:2
#7 0x7f5140d1070c in dispatch /builds/isc-projects/bind9/lib/isc/task.c:1152:7
#8 0x7f5140d03c84 in run /builds/isc-projects/bind9/lib/isc/task.c:1344:2
#9 0x7f513e9e2fa2 in start_thread /build/glibc-vjB4T1/glibc-2.28/nptl/pthread_create.c:486:8
Indirect leak of 72 byte(s) in 2 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ede8558 in CRYPTO_zalloc (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0x18e558)
#2 0x84cf469241f605ff (<unknown module>)
Indirect leak of 48 byte(s) in 3 object(s) allocated from:
#0 0x4ac0cd in malloc (/builds/isc-projects/bind9/bin/named/.libs/named+0x4ac0cd)
#1 0x7f513ed0d0b2 (/usr/lib/x86_64-linux-gnu/libcrypto.so.1.1+0xb30b2)
SUMMARY: AddressSanitizer: 12474 byte(s) leaked in 94 allocation(s).
```
[named-4.run](/uploads/3a348b8af74ff925c16b3d4e3373289e/named-4.run)Not plannedArtem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2736when I manually roll back the time, The slave server cannot synchronize data ...2021-06-02T03:32:55Zjin ggwhen I manually roll back the time, The slave server cannot synchronize data from the master server.The test case is as follows:
1. The bind version is **v9_11**:
2. named.conf in master server(192.168.1.10)(Some unnecessary information is omitted.):
```
options {
listen-on port 53 { 192.168.1.10; };
listen-on-v6 port...The test case is as follows:
1. The bind version is **v9_11**:
2. named.conf in master server(192.168.1.10)(Some unnecessary information is omitted.):
```
options {
listen-on port 53 { 192.168.1.10; };
listen-on-v6 port 53 { ::1; };
directory "/var/named";
allow-query { any; };
allow-transfer { localhost; 192.168.1.11; };
notify yes;
also-notify { 192.168.1.11; };
recursion yes;
};
zone "test.com" IN {
type master;
file "test.com.zone";
};
```
3. named.conf in slave server(192.168.1.11)(Some unnecessary information is omitted.):
```
options {
listen-on port 53 { 192.168.1.11; };
listen-on-v6 port 53 { ::1; };
allow-query { any; };
notify yes;
also-notify { 192.168.1.10; };
recursion yes;
};
zone "test.com" IN {
type slave;
file "slaves/test.com.zone";
masters { 9.99.88.99; };
};
```
4. test.com.zone:
```
$TTL 1D
@ IN SOA ns1 rname.invalid. (
2019062905 ; serial
5M ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
ns1 IN A 9.99.88.77
www IN A 9.99.100.100
NS ns2
ns2 IN A 9.82.177.0
```
5. modify serial to 2019062906, add bbs1 in master(192.168.1.10) and restart master:
```
$TTL 1D
@ IN SOA ns1 rname.invalid. (
2019062906 ; serial
5M ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
ns1 IN A 9.99.88.77
www IN A 9.99.100.100
NS ns2
ns2 IN A 9.82.177.0
bbs IN A 1.1.1.10
bbs1 IN A 1.1.1.11
```
6. dig -t a bbs1.test.com @192.168.1.11 (slave)
```
;; ANSWER SECTION:
bbs1.test.com. 86400 IN A 1.1.1.11
```
7. manually roll back the slave time
```
date -s "-1 year"
```
8. modify serial to 2019062907, add bbs2 in master(192.168.1.10) and restart master:
```
$TTL 1D
@ IN SOA ns1 rname.invalid. (
2019062907 ; serial
5M ; refresh
1H ; retry
1W ; expire
3H ) ; minimum
NS ns1
ns1 IN A 9.99.88.77
www IN A 9.99.100.100
NS ns2
ns2 IN A 9.82.177.0
bbs IN A 1.1.1.10
bbs1 IN A 1.1.1.11
bbs2 IN A 1.1.1.12
```
9. test the synchronization between the master and slave:
```
dit -t a bbs2.test.com @192.168.1.11
```
10. Modifications in master cannot be synchronized.
I think the reason for this error is that the isc_time_now function uses CLOCK_REALTIME(or gettimeofday fuction) instead of CLOCK_MONOTONIC as the clock source.
this error can be fixed when I used CLOCK_MONOTONIC as the clock source and solved some conversion problems between isc_time_now and isc_stdtime_now.
# Possible fixes
The patch is as follow(**the modification based on v9_11**):
```
From 310e717804a226a75f40786e31f04aa7b3d77d71 Mon Sep 17 00:00:00 2001
From: jiangh <853048484@qq.com>
Date: Sat, 29 May 2021 20:45:55 +0800
Subject: [PATCH] Fix errors when time jumps
---
bin/named/client.c | 2 +-
bin/named/query.c | 4 +-
lib/dns/rbtdb.c | 4 +-
lib/dns/zone.c | 7 ++--
lib/isc/task.c | 2 +-
lib/isc/unix/time.c | 93 +++++++++------------------------------------
6 files changed, 28 insertions(+), 84 deletions(-)
diff --git a/bin/named/client.c b/bin/named/client.c
index 15fcfcd3c3..860a01309c 100644
--- a/bin/named/client.c
+++ b/bin/named/client.c
@@ -2558,7 +2558,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
isc_task_getcurrenttimex(task, &client->requesttime);
client->tnow = client->requesttime;
- client->now = isc_time_seconds(&client->tnow);
+ isc_stdtime_get(&client->now);
if (result != ISC_R_SUCCESS) {
if (TCP_CLIENT(client)) {
diff --git a/bin/named/query.c b/bin/named/query.c
index f1098056b8..bca0ccd570 100644
--- a/bin/named/query.c
+++ b/bin/named/query.c
@@ -9123,11 +9123,11 @@ query_find(ns_client_t *client, dns_fetchevent_t *event, dns_rdatatype_t qtype)
uint32_t secs;
dns_zone_getexpiretime(zone, &expiretime);
secs = isc_time_seconds(&expiretime);
- if (secs >= client->now &&
+ if (secs >= isc_time_seconds(&client->tnow) &&
result == ISC_R_SUCCESS) {
client->attributes |=
NS_CLIENTATTR_HAVEEXPIRE;
- client->expire = secs - client->now;
+ client->expire = secs - isc_time_seconds(&client->tnow);
}
}
if (dns_zone_gettype(mayberaw) == dns_zone_master) {
diff --git a/lib/dns/rbtdb.c b/lib/dns/rbtdb.c
index 3ee18766cd..779b4247fb 100644
--- a/lib/dns/rbtdb.c
+++ b/lib/dns/rbtdb.c
@@ -6858,8 +6858,10 @@ addrdataset(dns_db_t *db, dns_dbnode_t *node, dns_dbversion_t *version,
}
if (rbtversion == NULL) {
- if (now == 0)
+ if (now == 0) {
isc_stdtime_get(&now);
+ }
+
} else
now = 0;
diff --git a/lib/dns/zone.c b/lib/dns/zone.c
index 4f7c2a773a..97589e4d8d 100644
--- a/lib/dns/zone.c
+++ b/lib/dns/zone.c
@@ -10198,6 +10198,7 @@ static void
zone_maintenance(dns_zone_t *zone) {
const char me[] = "zone_maintenance";
isc_time_t now;
+ isc_stdtime_t tnow;
isc_result_t result;
bool dumping, load_pending, viewok, start_refresh;
bool need_notify;
@@ -10231,6 +10232,7 @@ zone_maintenance(dns_zone_t *zone) {
}
TIME_NOW(&now);
+ isc_stdtime_get(&tnow);
/*
* Expire check.
@@ -10384,8 +10386,7 @@ zone_maintenance(dns_zone_t *zone) {
*/
if (!isc_time_isepoch(&zone->keywarntime) &&
isc_time_compare(&now, &zone->keywarntime) >= 0)
- set_key_expiry_warning(zone, zone->key_expiry,
- isc_time_seconds(&now));
+ set_key_expiry_warning(zone, zone->key_expiry, tnow);
break;
default:
@@ -18733,7 +18734,7 @@ zone_rekey(dns_zone_t *zone) {
CHECK(dns_db_getoriginnode(db, &node));
TIME_NOW(&timenow);
- now = isc_time_seconds(&timenow);
+ isc_stdtime_get(&now);
dns_zone_log(zone, ISC_LOG_INFO, "reconfiguring zone keys");
diff --git a/lib/isc/task.c b/lib/isc/task.c
index 048639350b..5f1f421d60 100644
--- a/lib/isc/task.c
+++ b/lib/isc/task.c
@@ -1138,7 +1138,7 @@ dispatch(isc__taskmgr_t *manager) {
XTRACE(isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
ISC_MSG_RUNNING, "running"));
TIME_NOW(&task->tnow);
- task->now = isc_time_seconds(&task->tnow);
+ isc_stdtime_get(&task->now);
do {
if (!EMPTY(task->events)) {
event = HEAD(task->events);
diff --git a/lib/isc/unix/time.c b/lib/isc/unix/time.c
index bcca41bd04..ae74ba8a98 100644
--- a/lib/isc/unix/time.c
+++ b/lib/isc/unix/time.c
@@ -38,16 +38,7 @@
#define NS_PER_MS 1000000 /*%< Nanoseconds per millisecond. */
#define US_PER_S 1000000 /*%< Microseconds per second. */
-/*
- * All of the INSIST()s checks of nanoseconds < NS_PER_S are for
- * consistency checking of the type. In lieu of magic numbers, it
- * is the best we've got. The check is only performed on functions which
- * need an initialized type.
- */
-
-#ifndef ISC_FIX_TV_USEC
-#define ISC_FIX_TV_USEC 1
-#endif
+#define CLOCKSOURCE CLOCK_MONOTONIC
/*%
*** Intervals
@@ -56,32 +47,6 @@
static const isc_interval_t zero_interval = { 0, 0 };
const isc_interval_t * const isc_interval_zero = &zero_interval;
-#if ISC_FIX_TV_USEC
-static inline void
-fix_tv_usec(struct timeval *tv) {
- bool fixed = false;
-
- if (tv->tv_usec < 0) {
- fixed = true;
- do {
- tv->tv_sec -= 1;
- tv->tv_usec += US_PER_S;
- } while (tv->tv_usec < 0);
- } else if (tv->tv_usec >= US_PER_S) {
- fixed = true;
- do {
- tv->tv_sec += 1;
- tv->tv_usec -= US_PER_S;
- } while (tv->tv_usec >=US_PER_S);
- }
- /*
- * Call syslog directly as was are called from the logging functions.
- */
- if (fixed)
- (void)syslog(LOG_ERR, "gettimeofday returned bad tv_usec: corrected");
-}
-#endif
-
void
isc_interval_set(isc_interval_t *i,
unsigned int seconds, unsigned int nanoseconds)
@@ -143,76 +108,52 @@ isc_time_isepoch(const isc_time_t *t) {
isc_result_t
isc_time_now(isc_time_t *t) {
- struct timeval tv;
+ struct timespec ts;
char strbuf[ISC_STRERRORSIZE];
REQUIRE(t != NULL);
- if (gettimeofday(&tv, NULL) == -1) {
+ if (clock_gettime(CLOCKSOURCE, &ts) == -1) {
isc__strerror(errno, strbuf, sizeof(strbuf));
UNEXPECTED_ERROR(__FILE__, __LINE__, "%s", strbuf);
return (ISC_R_UNEXPECTED);
}
- /*
- * Does POSIX guarantee the signedness of tv_sec and tv_usec? If not,
- * then this test will generate warnings for platforms on which it is
- * unsigned. In any event, the chances of any of these problems
- * happening are pretty much zero, but since the libisc library ensures
- * certain things to be true ...
- */
-#if ISC_FIX_TV_USEC
- fix_tv_usec(&tv);
- if (tv.tv_sec < 0)
- return (ISC_R_UNEXPECTED);
-#else
- if (tv.tv_sec < 0 || tv.tv_usec < 0 || tv.tv_usec >= US_PER_S)
+ if (ts.tv_sec < 0 || ts.tv_nsec < 0 || ts.tv_nsec >= NS_PER_S) {
return (ISC_R_UNEXPECTED);
-#endif
+ }
/*
* Ensure the tv_sec value fits in t->seconds.
*/
- if (sizeof(tv.tv_sec) > sizeof(t->seconds) &&
- ((tv.tv_sec | (unsigned int)-1) ^ (unsigned int)-1) != 0U)
+ if (sizeof(ts.tv_sec) > sizeof(t->seconds) &&
+ ((ts.tv_sec | (unsigned int)-1) ^ (unsigned int)-1) != 0U)
return (ISC_R_RANGE);
- t->seconds = tv.tv_sec;
- t->nanoseconds = tv.tv_usec * NS_PER_US;
+ t->seconds = ts.tv_sec;
+ t->nanoseconds = ts.tv_nsec;
return (ISC_R_SUCCESS);
}
isc_result_t
isc_time_nowplusinterval(isc_time_t *t, const isc_interval_t *i) {
- struct timeval tv;
+ struct timespec ts;
char strbuf[ISC_STRERRORSIZE];
REQUIRE(t != NULL);
REQUIRE(i != NULL);
INSIST(i->nanoseconds < NS_PER_S);
- if (gettimeofday(&tv, NULL) == -1) {
+ if (clock_gettime(CLOCKSOURCE, &ts) == -1) {
isc__strerror(errno, strbuf, sizeof(strbuf));
UNEXPECTED_ERROR(__FILE__, __LINE__, "%s", strbuf);
return (ISC_R_UNEXPECTED);
}
- /*
- * Does POSIX guarantee the signedness of tv_sec and tv_usec? If not,
- * then this test will generate warnings for platforms on which it is
- * unsigned. In any event, the chances of any of these problems
- * happening are pretty much zero, but since the libisc library ensures
- * certain things to be true ...
- */
-#if ISC_FIX_TV_USEC
- fix_tv_usec(&tv);
- if (tv.tv_sec < 0)
- return (ISC_R_UNEXPECTED);
-#else
- if (tv.tv_sec < 0 || tv.tv_usec < 0 || tv.tv_usec >= US_PER_S)
+ if (ts.tv_sec < 0 || ts.tv_nsec < 0 || ts.tv_nsec >= NS_PER_S) {
return (ISC_R_UNEXPECTED);
-#endif
+ }
/*
* Ensure the resulting seconds value fits in the size of an
@@ -220,12 +161,12 @@ isc_time_nowplusinterval(isc_time_t *t, const isc_interval_t *i) {
* note that even if both values == INT_MAX, then when added
* and getting another 1 added below the result is UINT_MAX.)
*/
- if ((tv.tv_sec > INT_MAX || i->seconds > INT_MAX) &&
- ((long long)tv.tv_sec + i->seconds > UINT_MAX))
+ if ((ts.tv_sec > INT_MAX || i->seconds > INT_MAX) &&
+ ((long long)ts.tv_sec + i->seconds > UINT_MAX))
return (ISC_R_RANGE);
- t->seconds = tv.tv_sec + i->seconds;
- t->nanoseconds = tv.tv_usec * NS_PER_US + i->nanoseconds;
+ t->seconds = ts.tv_sec + i->seconds;
+ t->nanoseconds = ts.tv_nsec + i->nanoseconds;
if (t->nanoseconds >= NS_PER_S) {
t->seconds++;
t->nanoseconds -= NS_PER_S;
--
2.28.0.windows.1
```https://gitlab.isc.org/isc-projects/bind9/-/issues/2735BIND 9.16, must stop named, delete .jnl files for signed zones to be updated2021-08-22T08:15:10ZHakan GustafssonBIND 9.16, must stop named, delete .jnl files for signed zones to be updated<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
For a signed zone to be updated I have to stop named, delete all the "." files, update the serial number and then start named again. If I do a normal update, just update the serial number and then run "rndc reload", I got this error message "29-May-2021 13:54:52.008 general: error: zone ******.se/IN (signed): receive_secure_serial: unchanged", and the zone don't update. I have had this issue in previous versions also, now I run 9.16.16.
### BIND version used
```
BIND 9.16.16 (Stable Release) <id:0c314d8>
running on Linux x86_64 4.18.0-305.el8.x86_64 #1 SMP Thu Apr 29 08:54:30 EDT 2021
built by make with '--prefix=/service/dns/bind-9.16.16' '--sysconfdir=/data/dns/named' '--localstatedir=/var' '--with-openssl=/service/dns/openssl' 'LDFLAGS=-ldl'
compiled by GCC 8.4.1 20200928 (Red Hat 8.4.1-1)
compiled with OpenSSL version: OpenSSL 1.1.1k 25 Mar 2021
linked to OpenSSL version: OpenSSL 1.1.1k 25 Mar 2021
compiled with libuv version: 1.23.1
linked to libuv version: 1.23.1
compiled with libxml2 version: 2.9.7
linked to libxml2 version: 20907
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
threads support is enabled
default paths:
named configuration: /data/dns/named/named.conf
rndc configuration: /data/dns/named/rndc.conf
DNSSEC root key: /data/dns/named/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
```
### Steps to reproduce
Update the serial number for signed zone och then do a "rndc reload"
### What is the current *bug* behavior?
The zone doesn't update
### What is the expected *correct* behavior?
The zone should be updated after I have changed the serial number
### Relevant configuration files
I use a manually policy for signed zones, "dnssec-policy modified;"
```
dnssec-policy "modified" {
keys {
csk lifetime unlimited algorithm rsasha256 2048;
};
};
```
### Relevant logs and/or screenshots
"29-May-2021 13:54:52.008 general: error: zone ******.se/IN (signed): receive_secure_serial: unchanged"
### Possible fixes
The workaround is to stop named, delete all "." files (.jbk, .jnl, .signed, .signed.jnl), update the serial number, start named again.August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/dhcp/-/issues/191Client link-local address and interface not available in commit hook2021-05-29T03:41:26ZNick GallowayClient link-local address and interface not available in commit hook---
name: Client's link-local address and interface should be available in commit hook
about: Add either an option to get both the link local address and interface (in the usual fe80::abcd%IFACE format) or to obtain them separately.
---...---
name: Client's link-local address and interface should be available in commit hook
about: Add either an option to get both the link local address and interface (in the usual fe80::abcd%IFACE format) or to obtain them separately.
---
**Some initial questions**
- Are you sure your feature is not already implemented in the latest ISC DHCP version? Pretty sure. I went over all the relevant code and even tried implementing hooks that look at the packet content but didn't see an option available.
- Are you sure your feature is not already implemented in the latest Kea version? Perhaps it's a
good time to consider migration? It probably is implemented in Kea, but there's already the better part of an implementation for ISC DHCP written so I think it could be an easy addition to ISC DHCP, and it would overall be a lot less work for anyone not wanting to migrate just yet.
- Are you sure what you would like to do is not possible using some other mechanisms? Not directly, no. It is possible by writing a commit hook that executes a neighbour discovery lookup to obtain the link-local address of the client based on the Mac address of the client, but that seems like an incorrect solution.
- Have you discussed your idea on dhcp-users or dhcp-workers mailing lists? No.
**Is your feature request related to a problem? Please describe.**
A problem I ran into recently on a popular open source router distribution (OPNsense) is that delegating prefixes to subrouters was broken. I spent some time looking into it and came up with a [solution](https://github.com/opnsense/core/pull/5020), but I think it is less than ideal. It would be better to simply directly have access to the client's link-local address/interface so that routes can be added directly in an on commit hook.
**Describe the solution you'd like**
I think integrating the last five changes here would be along the lines of what I'd go for: https://github.com/Oryon/isc-dhcp/commits/mpalmer/client-address-data-expression
I don't agree with all the specifics of the patches there and would probably present it as a single string to the commit hook, but it's roughly what I'd like.
**Describe alternatives you've considered**
I've considered just migrating to Kea, but as this seems like a relatively small change to improve commit hooks for delegating prefixes it seems like the better option. If ISC DHCP is being deprecated or development halted then migration would be far more urgent.
**Additional context**
Hopefully this request is fairly clear and the GitHub reference for the Oryon/mpalmer patches are also clear.
**Funding its development**
ISC DHCP is run by ISC, which is a small non-profit organization without any government funding or
any permanent sponsorship organizations. Are you able and willing to participate financially in the
development costs?
Not in my current role, no.
**Participating in development**
Are you willing to participate in the feature development? ISC team always tries to make a feature
as generic as possible, so it can be used in wide variety of situations. That means the proposed
solution may be a bit different that you initially thought. Are you willing to take part in the
design discussions? Are you willing to test an unreleased engineering code?
I am willing but my time is quite limited. I'm not set on any specific solution to this problem.
**Contacting you**
How can ISC reach you to discuss this matter further? If you do not specify any means such as
e-mail, jabber id or a telephone, we may send you a message on github with questions when we have
them.
I can keep an eye on this issue but if you need to reach out or send me a message that's also fine.https://gitlab.isc.org/isc-projects/dhcp/-/issues/190dhclient: wrong argument to memcpy2022-01-19T19:01:11ZJan Engelhardtdhclient: wrong argument to memcpyAffects 79110e525e0584d195327d31f4ee67e6a5e2fe7a, affects dhcp-4.4.2.
```
client/dhclient.c:3384: memcpy(&client_identifier.buffer->data + 5 - hw_len,
client/dhclient.c:3389: memcpy(&client_identifier.buffer->data+(1+4),...Affects 79110e525e0584d195327d31f4ee67e6a5e2fe7a, affects dhcp-4.4.2.
```
client/dhclient.c:3384: memcpy(&client_identifier.buffer->data + 5 - hw_len,
client/dhclient.c:3389: memcpy(&client_identifier.buffer->data+(1+4),
```
These two lines look wrong. data is of type char[1] and its equivalent pointer would be char*. You would not want to take the address again, as the type of that (char**) leads to a different effect when adding +5.
The lines should be
```
client/dhclient.c:3384: memcpy(client_identifier.buffer->data + 5 - hw_len,
client/dhclient.c:3389: memcpy(client_identifier.buffer->data+(1+4),
```
If the source had declared `unsigned char data[]` instead of `unsigend char data[1]`, this would have been caught.4.4.3-beta1Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2734dns64 processing of stale AAAA doesn't use a non-stale A2023-11-02T16:26:07ZEvan Huntdns64 processing of stale AAAA doesn't use a non-stale AIn [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5102#note_216731) in !5102, @michal pointed out an edge case in stale-data/dns64 processing that may be a bug:
- we're searching for AAAA, but the auth server is...In [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5102#note_216731) in !5102, @michal pointed out an edge case in stale-data/dns64 processing that may be a bug:
- we're searching for AAAA, but the auth server is slow
- we reach the stale answer timeout, but we don't have a stale AAAA in the cache
- but we have a _current_ A record in the cache
- ...but dns64 can't use it to synthesize a reply, because when we're processing a stale timeout we only look for _stale_ data.
This can be observed by applying these changes to the test code that was introduced in that MR:
```
diff --git a/bin/tests/system/serve-stale/ans2/ans.pl b/bin/tests/system/serve-stale/ans2/ans.pl
index a046417e09c..5e11f22cf6a 100644
--- a/bin/tests/system/serve-stale/ans2/ans.pl
+++ b/bin/tests/system/serve-stale/ans2/ans.pl
@@ -119,7 +119,7 @@ sub reply_handler {
$rcode = "NOERROR";
} elsif ($qname eq "a-only.example") {
if ($qtype eq "A") {
- my $rr = new Net::DNS::RR("a-only.example 2 IN A $localaddr");
+ my $rr = new Net::DNS::RR("a-only.example 5 IN A $localaddr");
push @ans, $rr;
} else {
my $rr = new Net::DNS::RR($negSOA);
diff --git a/bin/tests/system/serve-stale/tests.sh b/bin/tests/system/serve-stale/tests.sh
index b287f8c1f07..7ac0288d329 100755
--- a/bin/tests/system/serve-stale/tests.sh
+++ b/bin/tests/system/serve-stale/tests.sh
@@ -2216,7 +2216,7 @@ $DIG -p ${PORT} @10.53.0.2 txt disable > /dev/null
# wait two seconds for the previous answer to become stale
sleep 2
# resend the query and wait in the background; we should get a stale answer
-$DIG -p ${PORT} @10.53.0.3 a-only.example AAAA > dig.out.2.test$n &
+$DIG -p ${PORT} +tries=1 @10.53.0.3 a-only.example AAAA > dig.out.2.test$n &
# re-enable queries after a pause, so the server gets a real answer too
sleep 2
$DIG -p ${PORT} @10.53.0.2 txt enable > /dev/null
```Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/1903Assess Kea vs. NIST 'Zero trust architecture'2022-11-02T15:10:17ZVicky Riskvicky@isc.orgAssess Kea vs. NIST 'Zero trust architecture'Kea was designed for deployment into a protected environment in a datacenter. Although we are gradually adding more security features, we should do an assessment of which of the NIST Zero Trust architecture requirements we meet and which...Kea was designed for deployment into a protected environment in a datacenter. Although we are gradually adding more security features, we should do an assessment of which of the NIST Zero Trust architecture requirements we meet and which we do not and document that.
https://www.nist.gov/publications/zero-trust-architecturebackloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1902HA+Mt HttpClient incorrectly reports number of threads as 02021-06-25T14:05:33ZThomas MarkwalderHA+Mt HttpClient incorrectly reports number of threads as 0The following log statement in http/client.cc it currently reports the number of threads as zero:
LOG_DEBUG(http_logger, isc::log::DBGLVL_TRACE_BASIC, HTTP_CLIENT_MT_STARTED)
.arg(getThreadCount());
In fa...The following log statement in http/client.cc it currently reports the number of threads as zero:
LOG_DEBUG(http_logger, isc::log::DBGLVL_TRACE_BASIC, HTTP_CLIENT_MT_STARTED)
.arg(getThreadCount());
In fact, the threads have not yet been created because the thread pool start is deferred. It should be moved from HttpClientImpl ctor to HttpClientImpl::start().kea1.9.9Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1901Remove the "Active development" warning from the ARM in HA+MT section2021-06-17T09:45:56ZThomas MarkwalderRemove the "Active development" warning from the ARM in HA+MT sectionThe warning can be removed. In addition, the MT section for core should point to the HA+MT section so people realized there are more knobs to turn when using HA.The warning can be removed. In addition, the MT section for core should point to the HA+MT section so people realized there are more knobs to turn when using HA.kea1.9.9Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1900update AUTHORS file2021-06-23T14:37:02ZWlodzimierz Wencelupdate AUTHORS fileReported in isc-projects/kea#1891 (1.9.8 sanity checks)
I think AUTHORS file should be extended, some hooks are missing. e.g lease query, legal logging, HA+MT is worth mentioning as wellReported in isc-projects/kea#1891 (1.9.8 sanity checks)
I think AUTHORS file should be extended, some hooks are missing. e.g lease query, legal logging, HA+MT is worth mentioning as wellkea1.9.9Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/1899warnings during compilation2021-06-02T16:51:50ZWlodzimierz Wencelwarnings during compilationReported by @razvan on isc-projects/kea#1891 (1.9.8 sanity checks)
minor:
```
In file included from json_config_parser.cc:14:
../../../src/bin/dhcp4/dhcp4_srv.h:386:10: warning: 'shutdown' overrides a member function but is not marked '...Reported by @razvan on isc-projects/kea#1891 (1.9.8 sanity checks)
minor:
```
In file included from json_config_parser.cc:14:
../../../src/bin/dhcp4/dhcp4_srv.h:386:10: warning: 'shutdown' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
void shutdown();
^
../../../src/lib/process/daemon.h:74:18: note: overridden virtual function is here
virtual void shutdown();
^
```
```
In file included from json_config_parser.cc:17:
../../../src/bin/dhcp6/dhcp6_srv.h:203:10: warning: 'shutdown' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
void shutdown();
^
../../../src/lib/process/daemon.h:74:18: note: overridden virtual function is here
virtual void shutdown();
^
```
```
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:283:25: warning: 'getConfigSummary' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
virtual std::string getConfigSummary(const uint32_t selection);
^
../../../src/lib/process/d_cfg_mgr.h:165:25: note: overridden virtual function is here
virtual std::string getConfigSummary(const uint32_t selection) = 0;
^
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:295:5: warning: 'parse' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
parse(isc::data::ConstElementPtr config, bool check_only);
^
../../../src/lib/process/d_cfg_mgr.h:226:40: note: overridden virtual function is here
virtual isc::data::ConstElementPtr parse(isc::data::ConstElementPtr config,
^
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:303:18: warning: 'setCfgDefaults' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
virtual void setCfgDefaults(isc::data::ElementPtr mutable_config);
^
../../../src/lib/process/d_cfg_mgr.h:188:18: note: overridden virtual function is here
virtual void setCfgDefaults(isc::data::ElementPtr mutable_config);
^
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:314:32: warning: 'createNewContext' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
virtual process::ConfigPtr createNewContext();
^
../../../src/lib/process/d_cfg_mgr.h:199:23: note: overridden virtual function is here
virtual ConfigPtr createNewContext() = 0;
^
4 warnings generated.
```kea1.9.9Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1898bump up kea version2021-05-27T14:34:34ZWlodzimierz Wencelbump up kea versionto kea 1.9.9-gitto kea 1.9.9-gitkea1.9.9https://gitlab.isc.org/isc-projects/bind9/-/issues/2733"stale-answer-client-timeout" > 0 can cause crashes when prefetch is enabled2021-06-03T12:55:33ZMichał Kępień"stale-answer-client-timeout" > 0 can cause crashes when prefetch is enabled`named` can crash in the following scenario:
1. Assume that `stale-answer-client-timeout` is set to a positive value
and that in the course of resolving a `cname.example/A` query, the
following records were cached:
```
...`named` can crash in the following scenario:
1. Assume that `stale-answer-client-timeout` is set to a positive value
and that in the course of resolving a `cname.example/A` query, the
following records were cached:
```
cname.example. CNAME a.example. ; TTL=10
a.example. A 192.0.2.1 ; TTL=12
```
2. 10 seconds pass, causing the relevant cache contents to become:
```
cname.example. CNAME a.example. ; expired
a.example. A 192.0.2.1 ; TTL=2
```
3. The resolver is queried for `cname.example/A` again.
4. `cname.example/CNAME` is expired, so recursion starts. As a part of
this process, the `DNS_FETCHOPT_TRYSTALE_ONTIMEOUT` flag is [set][1]
in `client->query.fetchoptions`.
5. The authoritative response for `cname.example/CNAME` arrives before
`a.example/A` expires from the cache.
6. Query processing is restarted for `a.example/A` (the CNAME target).
7. `a.example/A` is found in the cache with a positive TTL which falls
below the default prefetch trigger (2 seconds).
8. A prefetch for `a.example/A` is started with
`DNS_FETCHOPT_TRYSTALE_ONTIMEOUT` still being set. This causes the
"try stale" timer to be started for the prefetch query.
9. No response to the prefetch query arrives before the "try stale"
timeout fires.
10. `prefetch_done()` is called and is passed an event of type
`DNS_EVENT_TRYSTALE`.
11. The `REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);` [assertion][2]
fails, causing `named` to crash.
See: https://support.isc.org/Ticket/Display.html?id=18536
[1]: https://gitlab.isc.org/isc-projects/bind9/-/blob/e7f5c9582a8b3c441f57c33785ad8113b59428c0/lib/ns/query.c#L6429-6434
[2]: https://gitlab.isc.org/isc-projects/bind9/-/blob/e7f5c9582a8b3c441f57c33785ad8113b59428c0/lib/ns/query.c#L2491June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)https://gitlab.isc.org/isc-projects/dhcp/-/issues/189outdated ISC address in license section in 4.4.2 and 4.1-ESV2022-01-20T11:04:51ZWlodzimierz Wenceloutdated ISC address in license section in 4.4.2 and 4.1-ESVExample from code:
```
/*$
* Copyright (c) 2017 by Internet Systems Consortium, Inc. ("ISC")$
*$
* This Source Code Form is subject to the terms of the Mozilla Public$
* License, v. 2.0. If a copy of the MPL was not distributed with ...Example from code:
```
/*$
* Copyright (c) 2017 by Internet Systems Consortium, Inc. ("ISC")$
*$
* This Source Code Form is subject to the terms of the Mozilla Public$
* License, v. 2.0. If a copy of the MPL was not distributed with this$
* file, You can obtain one at http://mozilla.org/MPL/2.0/.$
*$
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES$
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF$
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR$
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES$
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN$
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT$
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.$
*$
* Internet Systems Consortium, Inc.$
* 950 Charter Street$
* Redwood City, CA 94063$
* <info@isc.org>$
* https://www.isc.org/$
*$
*/$
```
we have outdated address, either change it to current or remove completely.4.4.3-beta1Tomek MrugalskiTomek Mrugalski