ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-07-17T13:58:20Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/2947config-set return incorrect hash (from config that was overwritten)2023-07-17T13:58:20ZWlodzimierz Wencelconfig-set return incorrect hash (from config that was overwritten)config-set is returning hash of previous config.
Let's run this scenario:
- send config-get to server - included hash (hash1)
- change returned config
- send config-set to kea with modified config - response include hash (hash2)
- send ...config-set is returning hash of previous config.
Let's run this scenario:
- send config-get to server - included hash (hash1)
- change returned config
- send config-set to kea with modified config - response include hash (hash2)
- send config-get to check values - response include hash (hash3)
Problem is when Kea sends back response to config-set (with new config) it returns hash value but of the old config (in this scenario hash1). Result should be `hash1 != hash2 == hash3` but in reality it's `hash1 == hash2 != hash3`
first config get:
```
{'arguments': {}, 'command': 'config-get', 'service': ['dhcp4']}
send to address: http://192.168.51.3:8000
[
{
"arguments": {
"Dhcp4": {
"allocator": "iterative",
"authoritative": false,
"boot-file-name": "",
"calculate-tee-times": false,
"control-socket": {
"socket-name": "/home/wlodek/installed/git/var/run/kea/control_socket",
"socket-type": "unix"
},
"ddns-generated-prefix": "myhost",
"ddns-override-client-update": false,
"ddns-override-no-update": false,
"ddns-qualifying-suffix": "",
"ddns-replace-client-name": "never",
"ddns-send-updates": true,
"ddns-update-on-renew": false,
"ddns-use-conflict-resolution": true,
"decline-probation-period": 86400,
"dhcp-ddns": {
"enable-updates": false,
"max-queue-size": 1024,
"ncr-format": "JSON",
"ncr-protocol": "UDP",
"sender-ip": "0.0.0.0",
"sender-port": 0,
"server-ip": "127.0.0.1",
"server-port": 53001
},
"dhcp-queue-control": {
"capacity": 64,
"enable-queue": false,
"queue-type": "kea-ring4"
},
"dhcp4o6-port": 0,
"early-global-reservations-lookup": false,
"echo-client-id": true,
"expired-leases-processing": {
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"reclaim-timer-wait-time": 10,
"unwarned-reclaim-cycles": 5
},
"hooks-libraries": [],
"host-reservation-identifiers": [
"hw-address",
"duid",
"circuit-id",
"client-id"
],
"hostname-char-replacement": "",
"hostname-char-set": "[^A-Za-z0-9.-]",
"interfaces-config": {
"interfaces": [
"enp0s9"
],
"re-detect": true
},
"ip-reservations-unique": true,
"lease-database": {
"type": "memfile"
},
"loggers": [
{
"debuglevel": 99,
"name": "kea-dhcp4",
"output_options": [
{
"flush": true,
"maxsize": 10240000,
"maxver": 1,
"output": "/home/wlodek/installed/git/var/log/kea.log",
"pattern": ""
}
],
"severity": "DEBUG"
}
],
"match-client-id": true,
"multi-threading": {
"enable-multi-threading": true,
"packet-queue-size": 64,
"thread-pool-size": 0
},
"next-server": "0.0.0.0",
"option-data": [],
"option-def": [],
"parked-packet-limit": 256,
"rebind-timer": 2000,
"renew-timer": 1000,
"reservations-global": false,
"reservations-in-subnet": true,
"reservations-lookup-first": false,
"reservations-out-of-pool": false,
"sanity-checks": {
"extended-info-checks": "fix",
"lease-checks": "warn"
},
"server-hostname": "",
"server-tag": "",
"shared-networks": [],
"statistic-default-sample-age": 0,
"statistic-default-sample-count": 20,
"store-extended-info": false,
"subnet4": [],
"t1-percent": 0.5,
"t2-percent": 0.875,
"valid-lifetime": 4000
},
"hash": "5FBC030220D411E42FFBE0A0EE394A6A5554AF8469C5FD5C35683A1ED476E7D2"
},
"result": 0
}
]
```
now we send back modified config in config-set (in this case global reservation is added)
```
{'arguments': {'Dhcp4': {'allocator': 'iterative',
'authoritative': False,
'boot-file-name': '',
'calculate-tee-times': False,
'control-socket': {'socket-name': '/home/wlodek/installed/git/var/run/kea/control_socket',
'socket-type': 'unix'},
'ddns-generated-prefix': 'myhost',
'ddns-override-client-update': False,
'ddns-override-no-update': False,
'ddns-qualifying-suffix': '',
'ddns-replace-client-name': 'never',
'ddns-send-updates': True,
'ddns-update-on-renew': False,
'ddns-use-conflict-resolution': True,
'decline-probation-period': 86400,
'dhcp-ddns': {'enable-updates': False,
'max-queue-size': 1024,
'ncr-format': 'JSON',
'ncr-protocol': 'UDP',
'sender-ip': '0.0.0.0',
'sender-port': 0,
'server-ip': '127.0.0.1',
'server-port': 53001},
'dhcp-queue-control': {'capacity': 64,
'enable-queue': False,
'queue-type': 'kea-ring4'},
'dhcp4o6-port': 0,
'early-global-reservations-lookup': False,
'echo-client-id': True,
'expired-leases-processing': {'flush-reclaimed-timer-wait-time': 25,
'hold-reclaimed-time': 3600,
'max-reclaim-leases': 100,
'max-reclaim-time': 250,
'reclaim-timer-wait-time': 10,
'unwarned-reclaim-cycles': 5},
'hooks-libraries': [],
'host-reservation-identifiers': ['hw-address',
'duid',
'circuit-id',
'client-id'],
'hostname-char-replacement': '',
'hostname-char-set': '[^A-Za-z0-9.-]',
'interfaces-config': {'interfaces': ['enp0s9'],
're-detect': True},
'ip-reservations-unique': True,
'lease-database': {'type': 'memfile'},
'loggers': [{'debuglevel': 99,
'name': 'kea-dhcp4',
'output_options': [{'flush': True,
'maxsize': 10240000,
'maxver': 1,
'output': '/home/wlodek/installed/git/var/log/kea.log',
'pattern': ''}],
'severity': 'DEBUG'}],
'match-client-id': True,
'multi-threading': {'enable-multi-threading': True,
'packet-queue-size': 64,
'thread-pool-size': 0},
'next-server': '0.0.0.0',
'option-data': [],
'option-def': [],
'parked-packet-limit': 256,
'rebind-timer': 2000,
'renew-timer': 1000,
'reservations': [{'hw-address': 'ff:01:02:03:ff:04'}],
'reservations-global': False,
'reservations-in-subnet': True,
'reservations-lookup-first': False,
'reservations-out-of-pool': False,
'sanity-checks': {'extended-info-checks': 'fix',
'lease-checks': 'warn'},
'server-hostname': '',
'server-tag': '',
'shared-networks': [],
'statistic-default-sample-age': 0,
'statistic-default-sample-count': 20,
'store-extended-info': False,
'subnet4': [],
't1-percent': 0.5,
't2-percent': 0.875,
'valid-lifetime': 4000}},
'command': 'config-set',
'service': ['dhcp4']}
send to address: http://192.168.51.3:8000
[
{
"arguments": {
"hash": "5FBC030220D411E42FFBE0A0EE394A6A5554AF8469C5FD5C35683A1ED476E7D2" <<<< same value as for previous configuration
},
"result": 0,
"text": "Configuration successful."
}
]
```
and let's repeat check with config-get:
```
{'arguments': {}, 'command': 'config-get', 'service': ['dhcp4']}
send to address: http://192.168.51.3:8000
[
{
"arguments": {
"Dhcp4": {
"allocator": "iterative",
"authoritative": false,
"boot-file-name": "",
"calculate-tee-times": false,
"control-socket": {
"socket-name": "/home/wlodek/installed/git/var/run/kea/control_socket",
"socket-type": "unix"
},
"ddns-generated-prefix": "myhost",
"ddns-override-client-update": false,
"ddns-override-no-update": false,
"ddns-qualifying-suffix": "",
"ddns-replace-client-name": "never",
"ddns-send-updates": true,
"ddns-update-on-renew": false,
"ddns-use-conflict-resolution": true,
"decline-probation-period": 86400,
"dhcp-ddns": {
"enable-updates": false,
"max-queue-size": 1024,
"ncr-format": "JSON",
"ncr-protocol": "UDP",
"sender-ip": "0.0.0.0",
"sender-port": 0,
"server-ip": "127.0.0.1",
"server-port": 53001
},
"dhcp-queue-control": {
"capacity": 64,
"enable-queue": false,
"queue-type": "kea-ring4"
},
"dhcp4o6-port": 0,
"early-global-reservations-lookup": false,
"echo-client-id": true,
"expired-leases-processing": {
"flush-reclaimed-timer-wait-time": 25,
"hold-reclaimed-time": 3600,
"max-reclaim-leases": 100,
"max-reclaim-time": 250,
"reclaim-timer-wait-time": 10,
"unwarned-reclaim-cycles": 5
},
"hooks-libraries": [],
"host-reservation-identifiers": [
"hw-address",
"duid",
"circuit-id",
"client-id"
],
"hostname-char-replacement": "",
"hostname-char-set": "[^A-Za-z0-9.-]",
"interfaces-config": {
"interfaces": [
"enp0s9"
],
"re-detect": true
},
"ip-reservations-unique": true,
"lease-database": {
"type": "memfile"
},
"loggers": [
{
"debuglevel": 99,
"name": "kea-dhcp4",
"output_options": [
{
"flush": true,
"maxsize": 10240000,
"maxver": 1,
"output": "/home/wlodek/installed/git/var/log/kea.log",
"pattern": ""
}
],
"severity": "DEBUG"
}
],
"match-client-id": true,
"multi-threading": {
"enable-multi-threading": true,
"packet-queue-size": 64,
"thread-pool-size": 0
},
"next-server": "0.0.0.0",
"option-data": [],
"option-def": [],
"parked-packet-limit": 256,
"rebind-timer": 2000,
"renew-timer": 1000,
"reservations": [
{
"boot-file-name": "",
"client-classes": [],
"hostname": "",
"hw-address": "ff:01:02:03:ff:04",
"next-server": "0.0.0.0",
"option-data": [],
"server-hostname": ""
}
],
"reservations-global": false,
"reservations-in-subnet": true,
"reservations-lookup-first": false,
"reservations-out-of-pool": false,
"sanity-checks": {
"extended-info-checks": "fix",
"lease-checks": "warn"
},
"server-hostname": "",
"server-tag": "",
"shared-networks": [],
"statistic-default-sample-age": 0,
"statistic-default-sample-count": 20,
"store-extended-info": false,
"subnet4": [],
"t1-percent": 0.5,
"t2-percent": 0.875,
"valid-lifetime": 4000
},
"hash": "144D4F24E1AA66AF20A02966B6150DAD5D86B134C396FF571538CE458A8CE1A7" <<< it's changed
},
"result": 0
}
]
```kea2.4.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/4171catz crashed in dns_catz_dbupdate_callback2023-10-20T07:47:47ZOndřej Surýcatz crashed in dns_catz_dbupdate_callbackA [recent job](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3488427) failed with:
```
27-Jun-2023 06:41:51.371 ht.c:364: REQUIRE(((ht) != ((void *)0) && ((const isc__magic_t *)(ht))->magic == ((('H') << 24 | ('T') << 16 | ('a') << 8...A [recent job](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3488427) failed with:
```
27-Jun-2023 06:41:51.371 ht.c:364: REQUIRE(((ht) != ((void *)0) && ((const isc__magic_t *)(ht))->magic == ((('H') << 24 | ('T') << 16 | ('a') << 8 | ('b'))))) failed
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.19.15-dev.so(isc_backtrace_log+0x39) [0x7fb70ba2e0d8]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/bin/named/.libs/lt-named() [0x422644]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.19.15-dev.so(isc_assertion_failed+0xa) [0x7fb70ba2dc9d]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.19.15-dev.so(isc_ht_find+0x9d) [0x7fb70ba3633f]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.19.15-dev.so(dns_catz_dbupdate_callback+0x84) [0x7fb70b43fe1c]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.19.15-dev.so(dns_db_endload+0x46) [0x7fb70b44de68]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.19.15-dev.so(+0x1aa38b) [0x7fb70b5aa38b]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.19.15-dev.so(+0x8a3c6) [0x7fb70b48a3c6]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.19.15-dev.so(+0x56230) [0x7fb70ba56230]
27-Jun-2023 06:41:51.371 /lib64/libuv.so.1(uv__work_done+0xad) [0x7fb709425afd]
27-Jun-2023 06:41:51.371 /lib64/libuv.so.1(+0x132f1) [0x7fb70942a2f1]
27-Jun-2023 06:41:51.371 /lib64/libuv.so.1(uv__io_poll+0x4c5) [0x7fb70943bd15]
27-Jun-2023 06:41:51.371 /lib64/libuv.so.1(uv_run+0x114) [0x7fb70942aa74]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.19.15-dev.so(+0x4072c) [0x7fb70ba4072c]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.19.15-dev.so(+0x4fdbb) [0x7fb70ba4fdbb]
27-Jun-2023 06:41:51.371 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.19.15-dev.so(+0x4fde4) [0x7fb70ba4fde4]
27-Jun-2023 06:41:51.371 /lib64/libpthread.so.0(+0x81da) [0x7fb7082f81da]
27-Jun-2023 06:41:51.371 /lib64/libc.so.6(clone+0x43) [0x7fb7075cbe73]
27-Jun-2023 06:41:51.371 exiting (due to assertion failure)
```July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4169Adding a META tag to the doc tree for Google Analytics/Bing2023-06-29T16:50:37ZDan MahoneyAdding a META tag to the doc tree for Google Analytics/BingThe only way we can track 404's on ReadTheDocs is with Google Search console (and the related BING tools, which validate using google, ie if you access to a thing in the google console, bing will also give you access to their tools with ...The only way we can track 404's on ReadTheDocs is with Google Search console (and the related BING tools, which validate using google, ie if you access to a thing in the google console, bing will also give you access to their tools with no extra work.
We cannot use the "upload an HTML file" to RTD, nor a TXT record, and the Google Analytics tag method isn't compatible. The META tag is pretty much the only option that works here.
Google Search Console wants us to add:
`<meta name="google-site-verification" content="0-DMrB_qDynsvXBKJhpsS5m8l5oVea8Qe2ojkudjtCY" />` to our default page (presently bind 9.18.16)
My reading of Sphinx implies that we need to add:
```
.. meta::
:google-site-verification: 0-DMrB_qDynsvXBKJhpsS5m8l5oVea8Qe2ojkudjtCY
```
to `doc/arm/index.rst` to cause this meta tag to be added. It's fine if this gets committed now and has to wait for the next release before it shows up in tree, i.e. for the release cut of 9.18.17July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4163nslookup performance in dnsutils 1:9.19.14-1+ubuntu22.04.1+isc+12023-07-05T08:19:56ZAndreas Perhabnslookup performance in dnsutils 1:9.19.14-1+ubuntu22.04.1+isc+1<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
nslookup in the newer version (9.19.14 vs 9.19.13) is way too slow
### BIND version used
```
BIND 9.19.14-1+ubuntu22.04.1+isc+1-Ubuntu (Development Release) <id:>
running on Linux x86_64 5.19.0-45-generic #46-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 09:08:58 UTC 2023
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-213IbN/bind9-9.19.14=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.3.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.13.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
```bash
docker run --rm internetsystemsconsortium/bind9:9.19 bash -c 'apt update && apt install dnsutils -y && time nslookup www.google.com && time nslookup www.google.com && named -V'
```
### What is the current *bug* behavior?
a typical run of `time nslookup www.google.com` now takes about 200ms
### What is the expected *correct* behavior?
with the previous version 9.19.13 (binary still on our backup images of our servers, unfortunately `apt install dnsutils=1:9.19.13-1+ubuntu22.04.1+isc+1 -y` does not work) we could see around 50ms for the first run of `time nslookup www.google.com` and below 10ms an immediate following run.
### Relevant configuration files
(Paste any relevant configuration files - please use code blocks (```)
to format console output. If submitting the contents of your
configuration file in a non-confidential Issue, it is advisable to
obscure key secrets: this can be done automatically by using
`named-checkconf -px`.)
### Relevant logs and/or screenshots
9.19.14
```
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.207s
user 0m0.005s
sys 0m0.005s
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.179s
user 0m0.002s
sys 0m0.008s
BIND 9.19.14-1+ubuntu22.04.1+isc+1-Ubuntu (Development Release) <id:>
running on Linux x86_64 5.19.0-45-generic #46-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 09:08:58 UTC 2023
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-213IbN/bind9-9.19.14=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.3.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.13.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
9.19.13
```
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.007s
user 0m0.003s
sys 0m0.003s
Server: 192.168.30.210
Address: 192.168.30.210#53
Non-authoritative answer:
Name: www.google.com
Address: 142.251.36.196
Name: www.google.com
Address: 2a00:1450:4016:809::2004
real 0m0.008s
user 0m0.007s
sys 0m0.000s
BIND 9.19.13-1+ubuntu22.04.1+isc+1-Ubuntu (Development Release) <id:>
running on Linux x86_64 5.19.0-45-generic #46-Ubuntu SMP PREEMPT_DYNAMIC Wed Jun 7 09:08:58 UTC 2023
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-CPF2uL/bind9-9.19.13=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.3.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.13.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Possible fixes
(If you can, link to the line of code that might be responsible for the
problem.)July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/2939bump up lib versions for 2.4.02023-07-17T13:58:20ZMarcin Godzinabump up lib versions for 2.4.0bump up lib versions for 2.4.0bump up lib versions for 2.4.0kea2.4.0Marcin GodzinaMarcin Godzinahttps://gitlab.isc.org/isc-projects/kea/-/issues/29382.4.0 release checklist2023-07-06T15:13:20ZMarcin Godzina2.4.0 release checklist# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of those checks and updates can be made before the actual fr...# Kea Release Checklist
This is thoroughly documented in [the Kea Release Process guide](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess).
## Pre-Release Preparation
Some of those checks and updates can be made before the actual freeze.
For new stable releases or maintenance releases, please don't use `kea-dev` build farm. Use dedicated build farm for each release cycle.
1. Check Jenkins results:
1. [x] Check Jenkins jobs for failures: [distcheck](https://jenkins.aws.isc.org/job/kea-dev/job/distcheck/), etc...
1. [x] Check [Jenkins Tests Report](https://jenkins.aws.isc.org/job/kea-dev/job/jenkins-tests-report/).
1. [x] Check [tarball check report](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/Kea_20Build_20Checks/)
1. [x] Check [Performance Test Results](https://jenkins.isc.org/job/kea-dev/job/performance/KeaPerformanceReport/) in Jenkins for drops in performance.
1. Check versioning, ask the development team if:
- the library versions are being updated
- `KEA_HOOKS_VERSION` is being updated
- [x] create an issue for that for developers in Gitlab
- script: [./tools/bump-lib-versions.sh](https://gitlab.isc.org/isc-projects/kea/-/blob/master/tools/bump-lib-versions.sh) Kea-q.w.e Kea-a.b.c (where `a.b.c` is the version to be released and `q.w.e` is the version previous to that)
1. [x] Look at the issue numbers in commit descriptions. Add to ChangeLog a mention about any change with visible impact that had not been mentioned already.
1. If any changes have been done to database schemas, then:
1. [x] ~~Check that a previously released schema has not been changed.~~
1. [x] Check that the additions to `dhcpdb_create.*sql`, and nothing more nor less than what was added in this release, is present in a `upgrade_*_to_*.sh.in` script that should also have been added in this release.
1. Prepare Release Notes
1. [x] Create Release Notes on Kea GitLab wiki and notify @tomek about that. It should be created under "release notes" directory, like this one: https://gitlab.isc.org/isc-projects/kea/-/wikis/release%20notes/release-notes-2.1.0
1. [x] Finish release notes and conduct its review. Also please notify @sgoldlust or @vicky that release notes are ready for review.
1. [x] Check that packges can be uploaded to cloudsmith.
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick the latest pkg build in the `Packages` field, and the corresponding tarball build in the `Tarball` field, leave the rest as they are `PrivPubRepos: "private"`, `TarballOrPkg: "packages"`, `TestProdRepos: "testing"` and click `Build`.
1. If a new Cloudsmith repository is used, then:
1. [x] Make sure freeradius packages are uploaded to the Cloudsmith repository or copied from a previous repository.
1. [x] Make sure access tokens have been synchronized from previous Cloudsmith repositories and to the [check-pkgs.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/pkgs-check/check-pkgs.py) QA tool.
1. [x] Check if ReadTheDocs can build Kea documentation. Alternatively, look for failures in emails if you know that the ReadTheDocs webhook is working.
1. Trigger rebuilding docs on [readthedocs.org](https://readthedocs.org/projects/kea/builds) and wait for the build to complete.
The following steps may involve changing files in the repository.
1. [x] Run [update-code-for-release.py](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/update-code-for-release.py) <br>
Example command: `GITLAB_TOKEN='...' ./update-code-for-release.py 1.9.7 --repo-dir ~/isc/repos/kea/` Use `--upload` to commit changes. <br>
Help: `GITLAB_TOKEN="..." ./update-code-for-release.py --help`<br>
This script makes the following changes and actions:
1. run prepare_kea_release.sh that does:
1. add release entries in ChangeLogs
1. update Kea version in configure.ac
1. update copyright years in files that were changed in current year
1. sort message files
1. regenerate message files headers
2. regenerate parsers using Bison from Docker<br>
With `--upload`:
3. create an issue in GitLab for release changes in kea repo
4. create branches and merge requests for kea and kea-premium
5. commit the changes in both repos
6. checkout created branches in both repos
7. commit and push the changes to GitLab server
1. Check manually User's Guide sections:
1. Chapter 1. Introduction
1. [x] On what platforms we are running tests using Jenkins? Update Supported Platforms in platforms.rst file.
1. [x] Did we add any additional 3rd party software? Update if needed
1. [x] Is there a new tool installed in bin or sbin released this time? If yes, is it documented?
1. Chapter 2. Quick Start
1. [x] Has the default installation process changed (for kea and hooks)? If yes, are those changes documented and highlighted in the release notes?
1. Chapter 3. Installation
1. [x] Check installation hierarchy (this is also automatically checked at the end of [ut-extended job](https://jenkins.aws.isc.org/job/kea-dev/job/ut-extended/))
1. [x] Check and update Build Requirements
1. [x] Check configure options against what `./configure -h` says
1. [x] Check ChangeLog entries in Kea main and premium: spelling, trailing whitespaces, etc.
1. [x] Check AUTHORS, INSTALL, README files in Kea main and premium.
- AUTHORS: update credits
- README: check "provides" with Release Notes, User Guide (1.3 Kea Software)
1. [x] If changes were made, commit the change, push the branch to the main repository and request a review. Once the changes have been approved, merge the MR to master.
## Build selection, tarballs upload and sanity checks
This is the last moment to freeze code! :snowflake:
1. [x] Go to [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/) Jenkins job and pick the last tarball built - it will be a release candidate.
1. [x] Check tarball before requesting sanity checks from the development team.
1. Download tarballs from picked Jenkins build
1. Check hook libraries.
1. Are there any new hook libraries installed in this release?
1. Are they in the proper tarball? Premium or subscription?
1. Do they have their own package?
1. Check sizes - is the new package reasonable?
1. Check installation tree, compare it with the previous release
1. Check installed libraries.
1. which were updated? (save results)
1. Do any of the libraries from the current release have lower version than in the previous release?
1. Uninstall Kea, check what left (there should be just configuration files)
1. Check if each of the installed binaries has a man page.
1. If not, is the binary included in the tarball? That might explain it.
1. Are man pages up to date?
1. Check if documentation is properly formatted, has correct versions and dates.
1. It's advised to search for previous version numbers, some of them are statically added in statements that are no longer valid.
1. [x] Upload tarballs to repo.isc.org using Jenkins and send sanity checks request.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick:
1. `rc1` if this is the first selected build for release, it will push the selected tarballs to repo.isc.org, to a directory suffixed with indicated rc#
1. next rc# if this is a respin after some fixes (note: it is not possible to pick previous rc number - it will result in an error)
1. Submit the job that will automatically:
1. Upload the tarballs <br>
and if this is not the final version:
1. Create a GitLab issue for sanity checks, put there the announcement
1. Send Sanity Checks announcement on the Kea/DHCP channel on Mattermost.<br>
The announcement includes:
- a link to chapter 4 Sanity Checks of the release process: [KeaReleaseProcess - SanityChecks](https://wiki.isc.org/bin/view/QA/KeaReleaseProcess#4.%20Sanity%20Checks)
- a link to the GitLab issue
- tarballs locations with SHA256 checksums
- rpm/deb packages locations and versions
## Releasing Tarballs and Packages
1. [x] Update Release Notes with ChangeLog entries
1. [x] Mark Jenkins jobs with release artifacts to be kept forever and update description of build by adding there version of released kea (e.g. Kea-2.2.2): <br>
Go to the following Jenkins jobs, click release build and then, on the build page, click `Keep this build forever` button and edit description: <br>
1. [build-tarball](https://jenkins.aws.isc.org/job/kea-dev/job/build-tarball/)
1. [pkg job](https://jenkins.aws.isc.org/job/kea-dev/job/pkg/)
1. [x] Upload final tarballs to repo.isc.org.
1. Go to [release-tarball-upload](https://jenkins.aws.isc.org/job/kea-dev/job/release-tarball-upload/) Jenkins job.
1. Click `Build with Parameters`.
1. In field `Tarball` select picked tarball build.
1. In field `Pkg` select the corresponding pkg job.
1. In field `Release_Candidate` pick `final`. <br>
This job will also:
- open an issue on [the signing repository](https://gitlab.isc.org/isc-private/signing/-/issues) for signing final tarballs on repo.isc.org
- create Git tags `Kea-a.b.c` in Kea main and premium repositories
- if release engineer is holding personal signing key, please use [sign, verify, and upload script](https://gitlab.isc.org/isc-private/qa-dhcp/-/blob/master/kea/build/sign_kea_and_upload_asc.sh)
- if release enginner do NOT have signing key, please contact team member.
1. [x] Upload final RPM & DEB packages, tarballs and sign files to cloudsmith.io
1. Go to [release-upload-to-cloudsmith](https://jenkins.aws.isc.org/job/kea-dev/job/release-upload-to-cloudsmith/).
1. Click `Build with Parameters`.
1. Pick your selected pkg build in the `Packages` field, the corresponding tarball build in the `Tarball` field, `PrivPubRepos: "both"`, `TarballOrPkg: "both"`, `TestProdRepos: "production"` and click `Build`.
- This step also verifies sign files.
1. When it finishes run check: [releases-pkgs-check](https://jenkins.aws.isc.org/job/kea-dev/job/release-pkgs-check/).
1. [x] Rebase v2_4 repo onto master
1. [x] Correct 2.4 tags in Kea and Premium
1. [x] Update ReadTheDocs
1. Trick ReadTheDocs into pulling the latest tags. Click `Build version` on [readthedocs.org](https://readthedocs.org/projects/kea/builds).
1. Publish currently released version. On the `Versions` tab, scroll down to `Activate a version`, search for `kea-a.b.c` and click `Activate`.
1. If it's a stable release, change the default version to point to this stable release. `Admin -> Advanced Settings -> Default version* -> Kea-a.b.c`.
1. [x] Create an issue and a merge request to bump up Kea version in `configure.ac` to next development version which could be, based on just released version `a.b.c`:
* `a.b.z-git` where `z == c + 1` most of the time, or
* `a.y.0-git` where `y == b + 2` if a new development series starts, or
* `x.1.0-git` where `x == a + 1` when the released minor version `b` is 9 and `a.b.c` was the last version in the development series and a new development version is coming up next.
1. [x] Send a request for publishing the release on the Support Mattermost channel linking the Signing issue and the release checklist issue.
## Cleaning up
1. [x] Disable redeploy on nexus repo
### On the Day of Public Release
- [x] ***(Support)*** Wait for clearance from Security Officer to proceed with the public release (if applicable).
- [x] ***(Support)*** Confirm that the tarballs have the checksums mentioned on the signing ticket.
- [x] ***(Support)*** Place tarballs in public location on FTP site.
- [x] ***(Support)*** Publish links to downloads on ISC website.
- [x] ***(Support)*** Write release email to *kea-announce*.
- [x] ***(Support)*** Write email to *kea-users* (if a major release).
- [x] ***(Support)*** Send eligible customers updated links to the Subscription software FTP site.
- [x] ***(Support)*** If it is a new `major.minor` version, SWENG will have created a new repo in Cloudsmith, which will need the customer tokens migrated from an existing repo. Then update support customers that this new private repo exists.
- [x] ***(Support)*** Update tickets in case of waiting for support customers.
- [x] ***(Support)*** Inform Marketing of the release.
- [x] ***(Marketing)*** If a new Cloudsmith repository is used, update the Zapier scripts.
- [x] ***(Marketing)*** Upload Premium hooks tarball to SendOwl. Create a new product if a new branch, otherwise update existing product. Send notifications to existing subscribers of the new version.
- [x] ***(Marketing)*** Announce on social media.
- [x] ***(Marketing)*** Update [Wikipedia entry for Kea](https://en.wikipedia.org/wiki/Kea_(software)).
- [x] ***(Marketing)*** Write blog article (if a major release).
- [ ] ~~***(Marketing)*** Update [Kea page on web site if any new hooks]~~(https://www.isc.org/kea/).
- [ ] ~~***(Marketing)*** Update Kea Premium and Kea Subscription data sheets if any new hooks.~~
- [x] ***(Marketing)*** Update [significant features matrix](https://kb.isc.org/docs/en/aa-01615) (if any significant new features).
- [x] ***(Marketing)*** Update [Kea documentation page in KB](https://kb.isc.org/docs/en/kea-administrator-reference-manual).kea2.4.0https://gitlab.isc.org/isc-projects/kea/-/issues/2937Hammer: add Fedora 38 support2023-07-17T13:58:20ZMarcin GodzinaHammer: add Fedora 38 supportRequired changes to add Fedora 38 support for hammer and building packages.Required changes to add Fedora 38 support for hammer and building packages.kea2.4.0Marcin GodzinaMarcin Godzinahttps://gitlab.isc.org/isc-projects/kea/-/issues/2935Hammer: add Fedora 37 support2023-07-17T13:58:20ZMarcin GodzinaHammer: add Fedora 37 supportRequired changes to add Fedora 37 support for hammer and building packages.Required changes to add Fedora 37 support for hammer and building packages.kea2.4.0Marcin GodzinaMarcin Godzinahttps://gitlab.isc.org/isc-projects/kea/-/issues/2931Host commands fetching hosts by IP address from the backends return partial data2023-07-17T13:58:20ZMarcin SiodelskiHost commands fetching hosts by IP address from the backends return partial dataSuppose you have a host reservation that includes IPv6 addresses, prefixes and DHCP options. Now, if you send a command to fetch the host reservation by one of the IPv6 addresses, you'll get the host reservation with this IPv6 address (l...Suppose you have a host reservation that includes IPv6 addresses, prefixes and DHCP options. Now, if you send a command to fetch the host reservation by one of the IPv6 addresses, you'll get the host reservation with this IPv6 address (lacking other IPv6 addresses), without the prefixes and probably with only one of the options.
The reason for it is the invalid query that performs a simple inner join and filters by the IPv6 address. The other addresses and prefixes are ignored (filtered out) because they don't match the specified address. It seems that the correct query should run a sub-query selecting the host-id and then the main query that filters the host by this id.
The original issue was described here: https://gitlab.isc.org/isc-projects/kea/-/issues/2881#note_380311kea2.4.0Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/4154Restore the ability to read old HMAC-MD5 key pair files.2023-06-29T20:05:02ZMark AndrewsRestore the ability to read old HMAC-MD5 key pair files.Reading of `K*+157+*` HMAC-MD5 files was accidentally broke when TSIG algorithm numbers where consolidated.
Also add deprecated warning when these files are use
See #3668 for detailsReading of `K*+157+*` HMAC-MD5 files was accidentally broke when TSIG algorithm numbers where consolidated.
Also add deprecated warning when these files are use
See #3668 for detailsJuly 2023 (9.18.17, 9.18.17-S1, 9.19.15)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/4151Add warning to BIND relnotes/documentation for 9.19.6 and 9.18.8 and newer - ...2023-07-04T12:51:42ZCathy AlmondAdd warning to BIND relnotes/documentation for 9.19.6 and 9.18.8 and newer - incompatible key files using HMAC-MD5 when upgrading### Summary
There is a surprise problem with old key files when upgrading to a version of BIND that includes feature #3541. That is, from something older to 9.18.8 or 9.16.34 or newer. Full details of the problem can be found in #3668...### Summary
There is a surprise problem with old key files when upgrading to a version of BIND that includes feature #3541. That is, from something older to 9.18.8 or 9.16.34 or newer. Full details of the problem can be found in #3668. This is a request to add an appropriate warning, somewhere ...
### BIND version used
N/AJuly 2023 (9.18.17, 9.18.17-S1, 9.19.15)https://gitlab.isc.org/isc-projects/bind9/-/issues/4150TSAN reports parser script issue2023-06-15T14:21:17ZArаm SаrgsyаnTSAN reports parser script issueThe `util/parse_tsan.py` script has an issue when translating the original mutex identifiers into new sequential identifiers.
For example, the `Cycle in lock order graph: M0 (0x7b2000014a20) => M1 (0x7b5400041be0) => M2 (0x7b2400024c78)...The `util/parse_tsan.py` script has an issue when translating the original mutex identifiers into new sequential identifiers.
For example, the `Cycle in lock order graph: M0 (0x7b2000014a20) => M1 (0x7b5400041be0) => M2 (0x7b2400024c78) => M3 (0x7b7c00003808) => M0` line is converted to `Cycle in lock order graph: M4 (0x000000000001) => M4 (0x000000000002) => M4 (0x000000000003) => M4 (0x000000000004) => M4`.
Quoting @michal:
>take a line like this:
>
>`Cycle in lock order graph: M0 (0x7b2000014a20) => M1 (0x7b5400041be0) => M2 (0x7b2400024c78) => M3 (0x7b7c00003808) => M0`
>
>what the code does is it creates a table of "mutex identifier translations":
>
>```
>"M0" => 1
>"M1" => 2
>"M2" => 3
>"M3" => 4
>```
>
>and then sequentially replaces all occurrences of "M0" with "M1", all occurrences of "M1" with "M2" etc.
>
>but the "target identifiers" already exist, so if the mutex numbers increase sequentially, after iterating through the entire table it will end up with all mutexes being known as "M4"July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/kea/-/issues/2916Hammer: add Debian 12 support2023-07-17T13:58:21ZMarcin GodzinaHammer: add Debian 12 supportkea2.4.0Marcin GodzinaMarcin Godzinahttps://gitlab.isc.org/isc-projects/bind9/-/issues/4149huge waste of space in lib/isc/result.c leading to large libisc.so2023-06-20T14:10:21ZAndreas Kinzlerhuge waste of space in lib/isc/result.c leading to large libisc.sowhen switching to bind9 9.18 on my Gentoo systems I was wondering about the huge increase in *.so sizes. I tracked the problem down to very inefficient space usage in lib/isc/result.c. The compiled object file is >5MB just because of the...when switching to bind9 9.18 on my Gentoo systems I was wondering about the huge increase in *.so sizes. I tracked the problem down to very inefficient space usage in lib/isc/result.c. The compiled object file is >5MB just because of the 2 lookup tables. I converted the file back to switch/case and the final solib libisc-9.18.15.so went down to <600 KB from over 5800 KB.July 2023 (9.18.17, 9.18.17-S1, 9.19.15)https://gitlab.isc.org/isc-projects/kea/-/issues/2915kea-premium should use the Kea CI image instead of a Stork image for Danger i...2023-06-19T07:43:06ZAndrei Pavelandrei@isc.orgkea-premium should use the Kea CI image instead of a Stork image for Danger in CIPremium CI uses image: `registry.gitlab.isc.org/isc-projects/stork/ci-danger`.
Images should be separate. Kea should use its own image.
This is the equivalent of #2559 which did it for core, but missed premium...Premium CI uses image: `registry.gitlab.isc.org/isc-projects/stork/ci-danger`.
Images should be separate. Kea should use its own image.
This is the equivalent of #2559 which did it for core, but missed premium...kea2.4.0https://gitlab.isc.org/isc-projects/bind9/-/issues/4141Only keys with key files should be used for signing2023-06-29T06:55:44ZMatthijs Mekkingmatthijs@isc.orgOnly keys with key files should be used for signingThe `find_zone_keys()` function iss not working properly for zones that use `inline-signing`. It only works if the DNSKEY records were also
published in the unsigned version of the zone. But this is not the case when you use `dnssec-poli...The `find_zone_keys()` function iss not working properly for zones that use `inline-signing`. It only works if the DNSKEY records were also
published in the unsigned version of the zone. But this is not the case when you use `dnssec-policy`: the DNSKEY records will only occur
in the signed version of the zone. Therefor, when looking for keys to sign the zone, only the newly added keys in the dynamic update
were found (which could be zero), ignoring existing keys.
Also, if a DNSKEY was added, it would try to sign the zone with just this new key, and this would only work if the key files for that key
were imported into the key-directory.
Instead of looking for DNSKEY records to then search for the matching key files, call `dns_dnssec_findmatchingkeys()` which just looks for the keys we have on disk for the given zone. It will also set the correct DNSSEC signing hints.July 2023 (9.18.17, 9.18.17-S1, 9.19.15)https://gitlab.isc.org/isc-projects/kea/-/issues/2913Section 8.2.10 of the ARM contains a typo2023-07-17T13:58:20ZDarren AnkneySection 8.2.10 of the ARM contains a typoThis [table](https://kea.readthedocs.io/en/kea-2.3.8/arm/dhcp4-srv.html#id3) contains a typo for option 50. It says the type is `ipv6-address`. It should be `ipv4-address`.
[RT22158](https://support.isc.org/Ticket/Display.html?id=22158)This [table](https://kea.readthedocs.io/en/kea-2.3.8/arm/dhcp4-srv.html#id3) contains a typo for option 50. It says the type is `ipv6-address`. It should be `ipv4-address`.
[RT22158](https://support.isc.org/Ticket/Display.html?id=22158)kea2.4.0Darren AnkneyDarren Ankneyhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4136rbtdb.c:1150: INSIST(((rbtdb->common.update_listeners).head == ((void *)0))) ...2023-11-08T15:17:44ZMichal Nowakrbtdb.c:1150: INSIST(((rbtdb->common.update_listeners).head == ((void *)0))) failed, back traceJob [#3454883](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3454883) failed for 36d019ffce55818142a819515278462d13bdf2c9.
`named` crashed around this check:
```
2023-06-09 01:16:59 INFO:catz I:catz_tmp_qsb_mka1:checking that dom...Job [#3454883](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3454883) failed for 36d019ffce55818142a819515278462d13bdf2c9.
`named` crashed around this check:
```
2023-06-09 01:16:59 INFO:catz I:catz_tmp_qsb_mka1:checking that dom13.example. is served by secondary and that it's still the one from ns1 (222)
2023-06-09 01:17:09 INFO:catz I:catz_tmp_qsb_mka1:failed
```
```
09-Jun-2023 01:16:59.212 catz: catalog2.example: reload start
09-Jun-2023 01:16:59.212 catz: updating catalog zone 'catalog2.example' with serial 2670950433
09-Jun-2023 01:16:59.212 catz: update_from_db: iteration finished: no more
09-Jun-2023 01:16:59.212 transfer of 'catalog2.example/IN/default' from 10.53.0.3#17382: received 145 bytes
09-Jun-2023 01:16:59.212 catz: iterating over 'dom13.example' from catalog 'catalog2.example'
09-Jun-2023 01:16:59.212 received message from 10.53.0.3#17382
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10119
;; flags: qr aa; QUESTION: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;catalog2.example. IN IXFR
;; ANSWER SECTION:
catalog2.example. 3600 IN SOA . . 2670950434 86400 3600 86400 3600
catalog2.example. 3600 IN NS invalid.
version.catalog2.example. 3600 IN TXT "1"
catalog2.example. 3600 IN SOA . . 2670950434 86400 3600 86400 3600
09-Jun-2023 01:16:59.212 transfer of 'catalog2.example/IN/default' from 10.53.0.3#17382: got nonincremental response
09-Jun-2023 01:16:59.212 catz: adding zone 'dom13.example' from catalog 'catalog2.example' - success
09-Jun-2023 01:16:59.212 catz: catalog2.example: update already queued or running
09-Jun-2023 01:16:59.212 dns_zone_verifydb: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_needdump: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_settimer: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 removing journal file
09-Jun-2023 01:16:59.212 zone catalog2.example/IN/default: replacing zone database
09-Jun-2023 01:16:59.212 zone catalog2.example/IN/default: zone transfer finished: success
09-Jun-2023 01:16:59.212 zone catalog2.example/IN/default: transferred serial 2670950434
09-Jun-2023 01:16:59.212 zone_needdump: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_settimer: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_settimer: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 transfer of 'catalog2.example/IN/default' from 10.53.0.3#17382: Transfer status: success
09-Jun-2023 01:16:59.212 transfer of 'catalog2.example/IN/default' from 10.53.0.3#17382: Transfer completed: 1 messages, 4 records, 145 bytes, 0.004 secs (36250 bytes/sec) (serial 2670950434)
09-Jun-2023 01:16:59.212 transfer of 'catalog2.example/IN/default' from 10.53.0.3#17382: freeing transfer context
09-Jun-2023 01:16:59.212 zone_timer: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_maintenance: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_dump: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_settimer: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 zone_gotwritehandle: zone catalog2.example/IN/default: enter
09-Jun-2023 01:16:59.212 catz: update_from_db: new zone merged
09-Jun-2023 01:16:59.212 catz: catalog2.example: new zone version came too soon, deferring update for 5 seconds
09-Jun-2023 01:16:59.212 calling free_rbtdb(catalog2.example)
09-Jun-2023 01:16:59.212 done free_rbtdb(catalog2.example)
09-Jun-2023 01:16:59.212 rbtdb.c:1150: INSIST(((rbtdb->common.update_listeners).head == ((void *)0))) failed, back trace
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.18.16-dev.so(isc_backtrace+0x1e) [0x7f13872aebe6]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/bin/named/.libs/named() [0x43bae9]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.18.16-dev.so(isc_assertion_failed+0xa) [0x7f13872add17]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.18.16-dev.so(+0xae94db) [0x7f13860e94db]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.18.16-dev.so(+0xaea073) [0x7f13860ea073]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.18.16-dev.so(+0xaeac1c) [0x7f13860eac1c]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.18.16-dev.so(dns_db_detach+0x12e) [0x7f1385eec6d4]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/dns/.libs/libdns-9.18.16-dev.so(+0x8da005) [0x7f1385eda005]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.18.16-dev.so(+0x242dfe) [0x7f1387242dfe]
09-Jun-2023 01:16:59.216 /lib64/libuv.so.1(+0xbf2f) [0x7f1386f6bf2f]
09-Jun-2023 01:16:59.216 /lib64/libuv.so.1(+0xbe65) [0x7f1386f6be65]
09-Jun-2023 01:16:59.216 /lib64/libuv.so.1(+0x1118f) [0x7f1386f7118f]
09-Jun-2023 01:16:59.216 /lib64/libuv.so.1(+0x2d5e3) [0x7f1386f8d5e3]
09-Jun-2023 01:16:59.216 /lib64/libuv.so.1(uv_run+0xb1) [0x7f1386f71c2d]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.18.16-dev.so(+0x2602a4) [0x7f13872602a4]
09-Jun-2023 01:16:59.216 /builds/isc-projects/bind9/lib/isc/.libs/libisc-9.18.16-dev.so(isc__trampoline_run+0x6a) [0x7f138735decc]
09-Jun-2023 01:16:59.216 /lib64/libc.so.6(+0x8c907) [0x7f1384439907]
09-Jun-2023 01:16:59.216 /lib64/libc.so.6(+0x112870) [0x7f13844bf870]
09-Jun-2023 01:16:59.216 exiting (due to assertion failure)
```
There's a core file in the CI artifact, but a backtrace wasn't generated.
I'll generate it soon.July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4135Data race lib/dns/zone.c:4127:26 in set_refreshkeytimer2023-12-08T07:49:51ZMichal NowakData race lib/dns/zone.c:4127:26 in set_refreshkeytimerJob [#3451385](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3451385) failed for 81c5f12e2f8d2379e8be07b68102fc9ff9a5de8c.
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1 (mutexes: write M2, ...Job [#3451385](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3451385) failed for 81c5f12e2f8d2379e8be07b68102fc9ff9a5de8c.
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1 (mutexes: write M2, read M2):
#0 set_refreshkeytimer lib/dns/zone.c:4127:26 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#1 sync_keyzone lib/dns/zone.c:4683:5 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#2 dns_zone_synckeyzone lib/dns/zone.c:4767:11
#3 view_loaded bin/named/./server.c:9692:14 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#4 call_loaddone lib/dns/zt.c:308:3 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#5 doneloading lib/dns/zt.c:597:3
#6 zone_asyncload lib/dns/zone.c:2404:3 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#7 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#8 isc_task_run lib/isc/task.c:953:10
#9 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#10 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#11 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#12 async_cb lib/isc/netmgr/netmgr.c:819:6
#13 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#14 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Previous read of size 4 at 0x000000000001 by thread T2:
#0 isc_time_compare lib/isc/unix/time.c:211:24 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#1 zone_maintenance lib/dns/zone.c:11440:7 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#2 zone_timer lib/dns/zone.c:15072:2 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#3 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#4 isc_task_run lib/isc/task.c:953:10
#5 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#6 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#7 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#8 async_cb lib/isc/netmgr/netmgr.c:819:6
#9 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#10 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Location is heap block of size 3289 at 0x000000000016 allocated by thread T1:
#0 malloc <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 default_memalloc lib/isc/mem.c:716:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 mem_get lib/isc/mem.c:625:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#3 mem_allocateunlocked lib/isc/mem.c:1290:8
#4 isc___mem_allocate lib/isc/mem.c:1310:7
#5 isc__mem_allocate lib/isc/mem.c:2406:10 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#6 isc___mem_get lib/isc/mem.c:1060:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#7 isc__mem_get lib/isc/mem.c:2385:10 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#8 dns_zone_create lib/dns/zone.c:1137:9 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#9 dns_zonemgr_createzone lib/dns/zone.c:18828:11 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#10 add_keydata_zone bin/named/./server.c:6789:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#11 configure_view_dnsseckeys bin/named/./server.c:1218:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#12 configure_view bin/named/./server.c:5515:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#13 load_configuration bin/named/./server.c:9136:3 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#14 loadconfig bin/named/./server.c:10322:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#15 named_server_reconfigcommand bin/named/./server.c:10724:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#16 named_control_docommand bin/named/control.c:252:12 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#17 control_recvmessage bin/named/controlconf.c:477:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#18 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#19 isc_task_run lib/isc/task.c:953:10
#20 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#21 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#22 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#23 async_cb lib/isc/netmgr/netmgr.c:819:6
#24 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#25 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Mutex M2 (0x000000000033) created at:
#0 pthread_mutex_init <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc__mutex_init lib/isc/pthreads/mutex.c:290:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 dns_zone_create lib/dns/zone.c:1142:2 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#3 dns_zonemgr_createzone lib/dns/zone.c:18828:11 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#4 add_keydata_zone bin/named/./server.c:6789:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#5 configure_view_dnsseckeys bin/named/./server.c:1218:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#6 configure_view bin/named/./server.c:5515:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#7 load_configuration bin/named/./server.c:9136:3 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#8 loadconfig bin/named/./server.c:10322:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#9 named_server_reconfigcommand bin/named/./server.c:10724:2 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#10 named_control_docommand bin/named/control.c:252:12 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#11 control_recvmessage bin/named/controlconf.c:477:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#12 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#13 isc_task_run lib/isc/task.c:953:10
#14 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#15 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#16 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#17 async_cb lib/isc/netmgr/netmgr.c:819:6
#18 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#19 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Mutex M2 (0x000000000037) created at:
#0 pthread_rwlock_init <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc_rwlock_init lib/isc/rwlock.c:41:2 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 dns_rbtdb_create lib/dns/rbtdb.c:8656:2 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#3 dns_db_create lib/dns/db.c:120:13 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#4 zone_load lib/dns/zone.c:2307:11 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#5 dns_zone_load lib/dns/zone.c:2380:10 (BuildId: fcbd6258d04361cb62bc32ccf87eff93722e9925)
#6 load_zones bin/named/./server.c:9754:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#7 named_server_reconfigcommand bin/named/./server.c:10726:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#8 named_control_docommand bin/named/control.c:252:12 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#9 control_recvmessage bin/named/controlconf.c:477:13 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#10 task_run lib/isc/task.c:859:5 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#11 isc_task_run lib/isc/task.c:953:10
#12 process_netievent lib/isc/netmgr/netmgr.c (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#13 process_queue lib/isc/netmgr/netmgr.c:1009:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#14 process_all_queues lib/isc/netmgr/netmgr.c:790:25 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#15 async_cb lib/isc/netmgr/netmgr.c:819:6
#16 uv__async_io /usr/src/libuv-v1.44.1/src/unix/async.c:163:5 (BuildId: 120c450d14885aa5308bc95c4ea77de2c2b1cc36)
#17 isc__trampoline_run lib/isc/trampoline.c:213:11 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
Thread T1 (running) created by main thread at:
#0 pthread_create <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc_thread_create lib/isc/pthreads/thread.c:81:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:355:3 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#3 isc_managers_create lib/isc/managers.c:28:2 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#4 create_managers bin/named/./main.c:1065:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#5 setup bin/named/./main.c:1397:11
#6 main bin/named/./main.c:1711:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null> (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#1 isc_thread_create lib/isc/pthreads/thread.c:81:8 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:355:3 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#3 isc_managers_create lib/isc/managers.c:28:2 (BuildId: 6899e3b78cd26e2e0be1758888e5b949c65bdb33)
#4 create_managers bin/named/./main.c:1065:11 (BuildId: dbafb0d25d480c1049a7bd687a3c53a6f4aeace4)
#5 setup bin/named/./main.c:1397:11
#6 main bin/named/./main.c:1711:2
SUMMARY: ThreadSanitizer: data race lib/dns/zone.c:4127:26 in set_refreshkeytimer
```July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Tony FinchTony Finchhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4134Zonefile on read-only filesystem gives "unexpected error"2023-06-20T14:05:41ZMidnight VeilZonefile on read-only filesystem gives "unexpected error"### Summary
Zonefile on read-only filesystem gives "unexpected error" as does not handle `EROFS` error.
```
named[266149]: errno2result.c:119:isc___errno2result(): unexpected error:
named[266149]: stdio.c
```
### BIND version used
<de...### Summary
Zonefile on read-only filesystem gives "unexpected error" as does not handle `EROFS` error.
```
named[266149]: errno2result.c:119:isc___errno2result(): unexpected error:
named[266149]: stdio.c
```
### BIND version used
<details><summary>details (v. 9.18.14) </summary>
```
IND 9.18.14 (Extended Support Version) <id:2c5e22f>
running on Linux x86_64 6.1.30 #1-NixOS SMP PREEMPT_DYNAMIC Wed May 24 16:32:53 UTC 2023
compiled by GCC 12.2.0
compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.51.0
linked to libnghttp2 version: 1.51.0
compiled with libxml2 version: 2.10.4
linked to libxml2 version: 21004
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /nix/store/ywv0pi4c10ib0kmndr34fh86dhf4wax1-bind-9.18.14/etc/named.conf
rndc configuration: /nix/store/ywv0pi4c10ib0kmndr34fh86dhf4wax1-bind-9.18.14/etc/rndc.conf
DNSSEC root key: /nix/store/ywv0pi4c10ib0kmndr34fh86dhf4wax1-bind-9.18.14/etc/bind.keys
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/named.pid
named lock file: /var/run/named/named.lock
```
</details>
### Steps to reproduce
named.conf with
```
zone example.com {
type master;
file /path/to/file/on/read-only-fs;
}
```
<details><summary>Where the bug was encountered</summary>
Specifically, this was encountered when using bind9 with NixOS, where the nix store exists on a read-only filesystem. (The solution is for the bind-file *not* to be in the nix store, but this is not the bug)
```nix
services.bind = {
enable = true;
zones."example.com" = {
# v this creates a file in the nix store
file = builtins.toFile "named.conf" "pretend there is a zone ffile here";
master = true;
};
};
```
</details>
### What is the current *bug* behavior?
```
named[266149]: errno2result.c:119:isc___errno2result(): unexpected error:
named[266149]: stdio.c
```
### What is the expected *correct* behavior?
Probably whatever the output of `ISC_R_NOPERM` would be.
### Relevant configuration files
See above.
### Relevant logs and/or screenshots
See above.
### Possible fixes
https://users.isc.org/~each/doxygen/bind9/errno2result_8c-source.html#l00037
The following patch should fix it:
[0001-bug-Handle-POSIX-errorcode-EROFS-when-writing-to-a-r.patch](/uploads/efa1f4024ed3001277a6b2628642a0cf/0001-bug-Handle-POSIX-errorcode-EROFS-when-writing-to-a-r.patch)July 2023 (9.18.17, 9.18.17-S1, 9.19.15)Tony FinchTony Finch