ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2020-08-07T16:00:45Zhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/119Unable to get FQDN in the DHCPv6 leases database while FQDN is available in t...2020-08-07T16:00:45ZGaneshUnable to get FQDN in the DHCPv6 leases database while FQDN is available in the DHCPv6 client request.---
name: Get DHCPv6 FQDN in dhcpd6.leases database.
about: Need a way to print DHCPv6 options in the dhcpd6.leases.
---
**Describe the bug**
I have captured a DHCPv6 IP request packet. In that packet, I am getting Client FQDN(39) as a...---
name: Get DHCPv6 FQDN in dhcpd6.leases database.
about: Need a way to print DHCPv6 options in the dhcpd6.leases.
---
**Describe the bug**
I have captured a DHCPv6 IP request packet. In that packet, I am getting Client FQDN(39) as a parameter under the DHCPv6 section. And it has complete FQDN for eg. "hostname.domain.name". I want that FQDN should print in the leases database file /var/lib/dhcpd6.leases. Let me know is there any way to get DHCPv6 request options in the leases database.
**Expected behavior**
If DHCPv6 request packet is getting any specific options like FQDN, MAC then there should be configuration to print that data in the dhcpd6.leases database.
**Environment:**
- ISC DHCP version: 4.4.2
- OS: centos7
**Additional Information**
We have tried some options in the dhcpd6.conf file to print the request parameter in the leases but it could not worked.https://gitlab.isc.org/isc-projects/stork/-/issues/339Start/stop monitoring button for inactive services2020-08-06T08:06:32ZTomek MrugalskiStart/stop monitoring button for inactive servicesThere's a problem that Stork detects Kea CA has sockets for all 3 daemons: dhcpv4, dhcpv6 and ca. Usually, at least one of them is not running. This is reported as red.
There are two things that can be improved here:
- [x] services that...There's a problem that Stork detects Kea CA has sockets for all 3 daemons: dhcpv4, dhcpv6 and ca. Usually, at least one of them is not running. This is reported as red.
There are two things that can be improved here:
- [x] services that were never up and they don't have their own configs, could be reported as yellow warnings, not red errors
- [x] there should be a way to disable monitoring (a button "stop monitoring" would do the trick)
We discussed this a long time ago (I couldn't find the original note), also see [stork ui, line 113](https://pad.isc.org/p/stork-ui)0.10https://gitlab.isc.org/isc-projects/bind9/-/issues/2009Update ISC logo in documentation2020-07-16T06:54:50ZMark AndrewsUpdate ISC logo in documentationAugust 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/kea/-/issues/1319MySQL error 1452 in kea-admin tests2020-08-04T08:36:05ZFrancis DupontMySQL error 1452 in kea-admin testsThe last MySQAL test mysql_unused_subnet_id_test raised an error which does not make it to fail:
```
Processing /tmp/k1196/src/share/database/scripts/mysql/upgrade_9.1_to_9.2.sh file...
ERROR 1452 (23000) at line 8: Cannot add or update ...The last MySQAL test mysql_unused_subnet_id_test raised an error which does not make it to fail:
```
Processing /tmp/k1196/src/share/database/scripts/mysql/upgrade_9.1_to_9.2.sh file...
ERROR 1452 (23000) at line 8: Cannot add or update a child row: a foreign key constraint fails (`keatest`.`#sql-22f3_4b5d`, CONSTRAINT `fk_dhcp4_options_subnet` FOREIGN KEY (`dhcp4_subnet_id`) REFERENCES `dhcp4_subnet` (`subnet_id`) ON DELETE CASCADE ON UPDATE CASCADE)
Processing /tmp/k1196/src/share/database/scripts/mysql/upgrade_9.2_to_9.3.sh file...
This script upgrades 9.2 to 9.3. Reported version is 9.1. Skipping upgrade.
Database version reported after upgrade: 9.1
Wiping whole database keatest
PASSED mysql.unused_subnet_id_test
```
I think the second (subnet) new constraint fails, something as having a subnet option when the subnet itself does not exist.kea1.8.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1318Support 'include' files for configuration management2020-07-06T19:38:40ZVicky Riskvicky@isc.orgSupport 'include' files for configuration managementWe have a request from a support customer and prospective Kea user to add support for 'include' files for parity with ISC DHCP and to enable automated maintenance for larger configurations. This is a very popular feature in our other pro...We have a request from a support customer and prospective Kea user to add support for 'include' files for parity with ISC DHCP and to enable automated maintenance for larger configurations. This is a very popular feature in our other products.
[https://support.isc.org/Ticket/Display.html?id=16779]https://gitlab.isc.org/isc-projects/bind9/-/issues/2008dnstap-read.1 manpage installed even when dnstap is disabled2020-07-07T06:58:40ZAndreas Hasenackandreas@canonical.comdnstap-read.1 manpage installed even when dnstap is disabledThis is a minor issue in 9.16.4, but while building the Ubuntu packages I noticed that the `dnstap-read.1` manpage is being installed by `make install` even when `./configure --disable-dnstap` (or simple not using `--enable-dnstap`) was ...This is a minor issue in 9.16.4, but while building the Ubuntu packages I noticed that the `dnstap-read.1` manpage is being installed by `make install` even when `./configure --disable-dnstap` (or simple not using `--enable-dnstap`) was used. This is a change from bind 9.16.3.https://gitlab.isc.org/isc-projects/stork/-/issues/336Lease stats puller sends too many commands2020-08-11T15:22:53ZThomas MarkwalderLease stats puller sends too many commandsThe Keacommand instances created in func (statsPuller *StatsPuller) getLeaseStatsFromApp() are sent to all the dhcp Daemons instead of only to the dhcp4 or dhcp6 daemon:
```
// issue 2 commands to dhcp daemons at once to get their ...The Keacommand instances created in func (statsPuller *StatsPuller) getLeaseStatsFromApp() are sent to all the dhcp Daemons instead of only to the dhcp4 or dhcp6 daemon:
```
// issue 2 commands to dhcp daemons at once to get their lease stats for v4 and v6
cmds := []*agentcomm.KeaCommand{}
if dhcpDaemons["dhcp4"] {
cmds = append(cmds, &agentcomm.KeaCommand{
Command: "stat-lease4-get",
Daemons: &dhcpDaemons, <--- should not be the whole list
})
}
if dhcpDaemons["dhcp6"] {
cmds = append(cmds, &agentcomm.KeaCommand{
Command: "stat-lease6-get",
Daemons: &dhcpDaemons, <--- should not be the whole list
})
}
```0.10Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2006Coverity reports CHECKED_RETURN defects in keymgr2020-07-15T06:27:32ZMatthijs Mekkingmatthijs@isc.orgCoverity reports CHECKED_RETURN defects in keymgr```
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 304937: (CHECKED_RETURN)
/lib/dns/keymgr.c: 2004 in dns_keymgr_status()
/lib/dns/keymgr.c: 2005 in dns_keymgr_status()
__________________________________...```
New defect(s) Reported-by: Coverity Scan
Showing 2 of 2 defect(s)
** CID 304937: (CHECKED_RETURN)
/lib/dns/keymgr.c: 2004 in dns_keymgr_status()
/lib/dns/keymgr.c: 2005 in dns_keymgr_status()
________________________________________________________________________________________________________
*** CID 304937: (CHECKED_RETURN)
/lib/dns/keymgr.c: 2004 in dns_keymgr_status()
1998
1999 if (dst_key_is_unused(dkey->key)) {
2000 continue;
2001 }
2002
2003 // key data
>>> CID 304937: (CHECKED_RETURN)
>>> Calling "dst_key_getbool" without checking return value (as is done elsewhere 25 out of 29 times).
2004 dst_key_getbool(dkey->key, DST_BOOL_KSK, &ksk);
2005 dst_key_getbool(dkey->key, DST_BOOL_ZSK, &zsk);
2006 dns_secalg_format((dns_secalg_t)dst_key_alg(dkey->key), algstr,
2007 sizeof(algstr));
2008 isc_buffer_printf(&buf, "\nkey: %d (%s), %s\n",
2009 dst_key_id(dkey->key), algstr,
/lib/dns/keymgr.c: 2005 in dns_keymgr_status()
1999 if (dst_key_is_unused(dkey->key)) {
2000 continue;
2001 }
2002
2003 // key data
2004 dst_key_getbool(dkey->key, DST_BOOL_KSK, &ksk);
>>> CID 304937: (CHECKED_RETURN)
>>> Calling "dst_key_getbool" without checking return value (as is done elsewhere 25 out of 29 times).
2005 dst_key_getbool(dkey->key, DST_BOOL_ZSK, &zsk);
2006 dns_secalg_format((dns_secalg_t)dst_key_alg(dkey->key), algstr,
2007 sizeof(algstr));
2008 isc_buffer_printf(&buf, "\nkey: %d (%s), %s\n",
2009 dst_key_id(dkey->key), algstr,
2010 keymgr_keyrole(dkey->key));
```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2005Coverity is reporting double unlock.2020-07-16T07:29:44ZMark AndrewsCoverity is reporting double unlock.```
3159
10. Condition readable, taking true branch.
11. Condition !!(readable || writeable), taking true branch.
3160 REQUIRE(readable || writeable);
12. Condition readable, taking true branch.
3161 if (read...```
3159
10. Condition readable, taking true branch.
11. Condition !!(readable || writeable), taking true branch.
3160 REQUIRE(readable || writeable);
12. Condition readable, taking true branch.
3161 if (readable) {
13. Condition sock->listener, taking true branch.
3162 if (sock->listener) {
14. unlock: internal_accept unlocks sock->lock. [show details]
3163 internal_accept(sock);
15. Falling through to end of if statement.
3164 } else {
3165 internal_recv(sock);
3166 }
3167 }
3168
16. Condition writeable, taking true branch.
3169 if (writeable) {
17. Condition sock->connecting, taking false branch.
3170 if (sock->connecting) {
3171 internal_connect(sock);
3172 } else {
CID 303441 (#1-2 of 2): Double unlock (LOCK)
18. double_unlock: internal_send unlocks sock->lock while it is unlocked. [show details]
3173 internal_send(sock);
3174 }
3175 }
3176
3177 /* sock->lock is unlocked in internal_* function */
```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/bind9/-/issues/2003Remove redundant listener != NULL check2020-07-16T06:53:46ZMark AndrewsRemove redundant listener != NULL checkWith isc_mem_get no longer failing this check is no longer needed.
```
1258 } else {
CID 304936 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking listener suggests that it may be null...With isc_mem_get no longer failing this check is no longer needed.
```
1258 } else {
CID 304936 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking listener suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
1259 if (listener != NULL) {
1260 listener->exiting = true;
1261 free_listener(listener);
1262 }
```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/bind9/-/issues/2002some tests fail in 9.11 if newer bind.keys file is installed2020-07-09T06:52:03ZEvan Huntsome tests fail in 9.11 if newer bind.keys file is installedSystem tests that don't specify `dnssec-validation yes` or `bindkeys-file` in their configurations will try to open the installed `bind.keys` file, and in 9.11 they fail because `trust-anchors` isn't recognized.
In other branches this d...System tests that don't specify `dnssec-validation yes` or `bindkeys-file` in their configurations will try to open the installed `bind.keys` file, and in 9.11 they fail because `trust-anchors` isn't recognized.
In other branches this doesn't cause test failures but it should be cleaned up anyway; there's no good reason for a test to access installed files.BIND 9.17 BackburnerEvan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2001kasp, statschannel and rpzextra tests fail2020-07-03T17:42:45ZJean-Christophe Manciotkasp, statschannel and rpzextra tests fail- Ubuntu 20.04
- tag: v9_17_2
The first failure is identical to [an already reported issue](https://gitlab.isc.org/isc-projects/bind9/-/issues/1939).
Building & testing bind9 with:
```
autoreconf -f -i
./configure --build=x86_64-pc-li...- Ubuntu 20.04
- tag: v9_17_2
The first failure is identical to [an already reported issue](https://gitlab.isc.org/isc-projects/bind9/-/issues/1939).
Building & testing bind9 with:
```
autoreconf -f -i
./configure --build=x86_64-pc-linux-gnu \
--prefix=/usr --sysconfdir=/etc/bind --localstatedir=/ \
--datarootdir=/usr/share --docdir=/usr/share/doc --mandir=/usr/share/man \
--disable-native-pkcs11 \
--disable-querytrace \
--enable-auto-validation \
--enable-developer \
--enable-dnstap \
--enable-fixed-rrset \
--enable-full-report \
--enable-largefile \
--enable-linux-caps \
--enable-shared=yes \
--enable-static=yes \
--with-cmocka=yes \
--with-gnu-ld=yes \
--with-gperftools-profiler=yes \
--with-gssapi=/usr/bin/krb5-config \
--with-json-c=yes \
--with-libidn2 \
--with-libxml2=yes \
--with-lmdb=auto \
--with-maxminddb=yes \
--with-openssl=/usr/lib/x86_64-linux-gnu \
--with-tuning=large \
--with-zlib=yes
make all
bin/tests/system/ifconfig.sh up
make check
```
leads to: [test-suite.log](/uploads/0a11a1ac6148bdf6fe5dfaf535c9324f/test-suite.log)
Full log: [bind9_9_17_2_amd64.build.log](/uploads/a294c51d3bebb59194477f33e29df50a/bind9_9_17_2_amd64.build.log)https://gitlab.isc.org/isc-projects/dhcp/-/issues/117ISC DHCP does not build with gcc102022-01-20T12:10:27ZFrancis DupontISC DHCP does not build with gcc10Again an issue from the -fno-common by default with gcc10. Please look at #116 for more details (including what solution to apply and how to find needed changes without a gcc10 compiler).Again an issue from the -fno-common by default with gcc10. Please look at #116 for more details (including what solution to apply and how to find needed changes without a gcc10 compiler).4.4.3-beta1Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2000[v9_17_2] autogen.sh has been removed2020-07-03T09:05:56ZJean-Christophe Manciot[v9_17_2] autogen.sh has been removed- what is the rationale behind this decision?
- is ```autoreconf -f -i``` still appropriate?- what is the rationale behind this decision?
- is ```autoreconf -f -i``` still appropriate?https://gitlab.isc.org/isc-projects/bind9/-/issues/1999Add a regular "make dist" job to CI2020-07-24T13:53:56ZMichal NowakAdd a regular "make dist" job to CIIt's easy to break `make dist` on `main`, we should test this scenario regularly, to prevent surprises like https://gitlab.isc.org/isc-private/bind9/-/jobs/1006996.It's easy to break `make dist` on `main`, we should test this scenario regularly, to prevent surprises like https://gitlab.isc.org/isc-private/bind9/-/jobs/1006996.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/116keama compilation on Fedora 32 fails2020-07-30T12:32:00ZMichal Nowikowskikeama compilation on Fedora 32 fails```
gcc -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/vagrant/bind/include -o keama keama.o data.o conflex.o json.o confparse.o parse.o options.o reduce.o print.o eval.o
/usr/bin/ld: conflex.o:/vagrant/keama/keama.h:...```
gcc -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/vagrant/bind/include -o keama keama.o data.o conflex.o json.o confparse.o parse.o options.o reduce.o print.o eval.o
/usr/bin/ld: conflex.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: conflex.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: json.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: json.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: confparse.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: confparse.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: parse.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: parse.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: options.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: options.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: reduce.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: reduce.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: print.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: print.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: eval.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: eval.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
collect2: error: ld returned 1 exit status
```Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/1998ddns-confgen should be an alias to tsig-keygen, not the other way around2021-02-03T11:26:17ZEvan Huntddns-confgen should be an alias to tsig-keygen, not the other way aroundSome releases back we modified `ddns-confgen` so that it would behave differently if called as `tsig-keygen`, and then deprecated the use of `dnssec-keygen` to generate TSIG keys. That's the primary use of that tool now, and it's what I ...Some releases back we modified `ddns-confgen` so that it would behave differently if called as `tsig-keygen`, and then deprecated the use of `dnssec-keygen` to generate TSIG keys. That's the primary use of that tool now, and it's what I think people are most likely to want to look up, but in a discussion with @sgoldlust I noticed that the manual page is still titled `ddns-confgen` and it's listed that way in the table of contents; `tsig-keygen` does not appear.
There doesn't seem to be any way to have the same man page listed twice when it documents two commands, but we should have it listed with the more useful name.
(Perhaps we could add a new man page for `ddns-confgen` that just links to the `tsig-keygen` man page, if we want them both to appear in the TOC.)August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/1997[CVE-2020-8621] Attempting QNAME minimization after forwarding can lead to an...2020-09-11T09:02:40ZOndřej Surý[CVE-2020-8621] Attempting QNAME minimization after forwarding can lead to an assertion failure in resolver.c### Summary
Similar to issue 1219, I am getting repeated periodic bind crashes. I am on Ubuntu Server 20.04 LTS, fully patched and up to date. This is installed from the ISC Bind9 PPA using the focal release.
### BIND version used
``...### Summary
Similar to issue 1219, I am getting repeated periodic bind crashes. I am on Ubuntu Server 20.04 LTS, fully patched and up to date. This is installed from the ISC Bind9 PPA using the focal release.
### BIND version used
```
BIND 9.16.4-Ubuntu (Stable Release) <id:0849b42>
running on Linux x86_64 5.4.0-33-generic #37-Ubuntu SMP Thu May 21 12:53:59 UTC 2020
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64
-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads'
'--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=
no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-cWwckC/bind9-9.16.4=. -fstack-protector-strong -Wformat -
Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 9.3.0
compiled with OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
linked to OpenSSL version: OpenSSL 1.1.1f 31 Mar 2020
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.13.1
linked to json-c version: 0.13.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.4.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
Not sure, named is running fine and suddenly I will notice resolving slows on clients as DNS reverts to the secondary resolver, upon checking the service status it is "failed" in systemd. The service restarts but then crashes intermittently, approximately every 1-3 days.
### What is the current *bug* behavior?
Service fails and resolving stops.
### What is the expected *correct* behavior?
Service should not fail/stop
### Relevant configuration files
```
root@HOST:~# named-checkconf -px
...
```
[Sanitized by @mnowak.]
### Relevant logs and/or screenshots
Console output of /var/log/bind/bind.log
```
30-Jun-2020 00:00:02.536 general: notice: all zones loaded
30-Jun-2020 00:00:02.536 general: notice: running
30-Jun-2020 10:19:36.354 general: critical: resolver.c:5104: INSIST(dns_name_issubdomain(&fctx->name, &fctx->domain)) failed, back trace
30-Jun-2020 10:19:36.354 general: critical: #0 0x55b9b83ff083 in ??
30-Jun-2020 10:19:36.354 general: critical: #1 0x7f4ea095cac0 in ??
30-Jun-2020 10:19:36.354 general: critical: #2 0x7f4ea0b26675 in ??
30-Jun-2020 10:19:36.354 general: critical: #3 0x7f4ea0b29e90 in ??
30-Jun-2020 10:19:36.354 general: critical: #4 0x7f4ea0b2fdb8 in ??
30-Jun-2020 10:19:36.354 general: critical: #5 0x7f4ea0b348a1 in ??
30-Jun-2020 10:19:36.354 general: critical: #6 0x7f4ea0984d51 in ??
30-Jun-2020 10:19:36.354 general: critical: #7 0x7f4ea0425609 in ??
30-Jun-2020 10:19:36.354 general: critical: #8 0x7f4ea034c103 in ??
30-Jun-2020 10:19:36.354 general: critical: exiting (due to assertion failure)
```
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/kea/-/issues/1315HA + MT design - redesign of HA connection to control channel and Kea server2021-03-29T13:17:33ZRazvan BecheriuHA + MT design - redesign of HA connection to control channel and Kea serverthe ST async implementation of HA does not benefit from Kea MT without some core and lib changes
this ticket handles the design phase by creating the design document:
- old design: https://gitlab.isc.org/isc-projects/kea/-/wikis/high%2...the ST async implementation of HA does not benefit from Kea MT without some core and lib changes
this ticket handles the design phase by creating the design document:
- old design: https://gitlab.isc.org/isc-projects/kea/-/wikis/high%20availability%20with%20multi%20threading
- new design (as implemented): https://gitlab.isc.org/isc-projects/kea/-/wikis/designs/HA-MT-Design-for-Multi-threaded-Http-HA-traffickea1.9.6Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/1314different pools based on class2020-07-15T08:23:34ZWlodzimierz Wenceldifferent pools based on classRelated: https://support.isc.org/Ticket/Display.html?id=16773
Scenario:
Kea configured with one subnet with two pools inside, one pool is "open" second is only for client that will be assigned to class "super-fun-clients". Class will be...Related: https://support.isc.org/Ticket/Display.html?id=16773
Scenario:
Kea configured with one subnet with two pools inside, one pool is "open" second is only for client that will be assigned to class "super-fun-clients". Class will be assigned via global reservation.
Problem:
I can't make it work, either all clients get all addresses or non of the clients are able to get "super-fun-clients" pool.
Example configuration (I tried more, but this one is, what I think, correct)
```
{
"Dhcp4": {
"client-classes": [
{
"name": "super-fun-clients",
"only-if-required": true
}
],
"hooks-libraries": [],
"interfaces-config": {
"interfaces": [
"enp0s9"
]
},
"lease-database": {
"type": "memfile"
},
"loggers": [
{
"debuglevel": 99,
"name": "kea-dhcp4",
"output_options": [
{
"output": "/home/wlodek/installed/git-thread/var/log/kea.log"
}
],
"severity": "DEBUG"
}
],
"multi-threading": {
"enable-multi-threading": true,
"packet-queue-size": 16,
"thread-pool-size": 2
},
"option-data": [],
"rebind-timer": 2000,
"renew-timer": 1000,
"reservations": [
{
"client-classes": [
"super-fun-clients"
],
"hw-address": "aa:bb:cc:dd:ee:ff"
}
],
"shared-networks": [],
"subnet4": [
{
"interface": "enp0s9",
"pools": [
{
"pool": "10.0.0.1-10.0.0.11",
"require-client-classes": [
"super-fun-clients"
]
},
{
"pool": "10.0.0.15-10.0.0.25"
}
],
"reservation-mode": "global",
"subnet": "10.0.0.0/24"
}
],
"valid-lifetime": 4000
}
}
```
am I making a mistake or is it a bug or pool selection is not possible this way?
EDIT: and packets are classified correctly, pkt with mac address "aa:bb:cc:dd:ee:ff" is assigned to `super-fun-clients` class
`DHCP4_CLASS_ASSIGNED [hwtype=1 aa:bb:cc:dd:ee:ff], cid=[no info], tid=0x3eaf28: client packet has been assigned to the following class(es): ALL, super-fun-clients, KNOWN`kea1.7.10