ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-08-02T08:27:07Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4229nextpart failed, set -e fallout?2023-08-02T08:27:07ZMark Andrewsnextpart failed, set -e fallout?Job [#3549936](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3549936) failed for c24edb125bc7eeb6ed4e86e336b27bab5d7092cd:Job [#3549936](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3549936) failed for c24edb125bc7eeb6ed4e86e336b27bab5d7092cd:August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)https://gitlab.isc.org/isc-projects/bind9/-/issues/4226dig help message https-plain-get vs http-plain-get2023-08-02T08:24:45ZOli Schacherdig help message https-plain-get vs http-plain-get### Summary
`dig -h` says:
```
+[no]https-plain-get (Use GET instead of default POST method while using plain HTTP)
```
but the option is actually called `+[no]http-plain-get`, without the s
### BIND version used
`DiG 9.18.17`...### Summary
`dig -h` says:
```
+[no]https-plain-get (Use GET instead of default POST method while using plain HTTP)
```
but the option is actually called `+[no]http-plain-get`, without the s
### BIND version used
`DiG 9.18.17`
### Steps to reproduce
run `dig -h`
or for the more adventurous:
```
dig @dns.switch.ch isc.org +https-plain-get
Invalid option: +https-plain-get
[....]
```
### What is the current *bug* behavior?
dig -h claims the option name is `+[no]https-plain-get`
### What is the expected *correct* behavior?
`dig -h` should say the option name is `+[no]http-plain-get`
### Relevant configuration files
n/a
### Relevant logs and/or screenshots
n/a
### Possible fixes
change https://gitlab.isc.org/isc-projects/bind9/-/blob/6a6f2e58e9e4a2e5d30ebb6113e429712dc09b34/bin/dig/dig.c#L228August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)Arаm SаrgsyаnArаm Sаrgsyаnhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4225SERVFAIL response to TKEY query2023-07-31T08:25:21ZTomas SimonaitisSERVFAIL response to TKEY query### Summary
(Summarize the bug encountered concisely.)
### BIND version used
9.16.42 (deb11u1)
9.18.16 (deb12u1~bpo11+1)
### Steps to reproduce
The example PCAP is attached.
### What is the current *bug* behavior?
The TKEY query f...### Summary
(Summarize the bug encountered concisely.)
### BIND version used
9.16.42 (deb11u1)
9.18.16 (deb12u1~bpo11+1)
### Steps to reproduce
The example PCAP is attached.
### What is the current *bug* behavior?
The TKEY query for domain which is not configured in the authoritative only DNS server
results in SERVFAIL response and log entry is:
9.18:
client @0x7fd9410d0368 XX.X.XXX.XX#59386 (2752-ms-7.986X-5052cb3.a4e0250c-2acc-11ee-4794-005056987d00): query failed (permission denied) for 2752-ms-7.986X-5052cb3.a4e0250c-2acc-11ee-4794-005056987d00/IN/TKEY at query.c:12326
9.16:
client @0x7fX13c24Xba0 XX.X.XXX.XX#51660 (2752-ms-7.1359-4fdedX.a4e0250c-2acX-11ee-4794-005056987d0X): query failed (permission denied) for 2752-ms-7.1359-4fdedX.a4e0250c-2acX-11ee-4794-005056987d0X/IN/TKEY at query.c:11891
### What is the expected *correct* behavior?
A REFUSED,FORMERR,NOTIMP response, but not a SERVFAIL.
### Relevant configuration files
```
acl "trusted" {
127.0.0.1/32;
192.0.2.65/32;
};
acl "probes" {
192.0.2.75/32;
212.224.66.61/32;
192.0.2.90/32;
};
acl "transfer-trusted" {
127.0.0.1/32;
192.0.2.65/32;
192.0.2.8/32;
};
logging {
channel "stats_log" {
null ;
};
channel "security_log" {
syslog "local1";
severity notice;
};
channel "query-errors-log" {
file "/var/log/dns/query-errors.log" versions 2 size 102400;
severity debug 1;
};
channel "rrl_log" {
syslog "local2";
severity notice;
};
channel "audit_log" {
syslog "local1";
severity info;
};
category "queries" {
"stats_log";
};
category "security" {
"security_log";
};
category "query-errors" {
"query-errors-log";
};
category "rate-limit" {
"rrl_log";
};
category "default" {
"audit_log";
};
category "general" {
"audit_log";
};
category "config" {
"audit_log";
};
category "resolver" {
"audit_log";
};
category "xfer-in" {
"audit_log";
};
category "xfer-out" {
"audit_log";
};
category "notify" {
"audit_log";
};
category "client" {
"audit_log";
};
category "network" {
"audit_log";
};
category "update" {
"audit_log";
};
category "lame-servers" {
"audit_log";
};
};
options {
blackhole {
10.0.0.0/8;
172.16.0.0/12;
192.168.0.0/16;
};
directory "/var/cache/bind";
hostname none;
interface-interval 0;
listen-on {
192.0.2.65/32;
192.0.2.60/32;
192.0.2.61/32;
};
listen-on-v6 {
"any";
};
serial-query-rate 20;
statistics-file "/var/cache/bind/named.stats";
version none;
auth-nxdomain no;
dnssec-validation no;
rate-limit {
errors-per-second 40;
ipv4-prefix-length 32;
ipv6-prefix-length 64;
max-table-size 30000;
responses-per-second 40;
slip 2;
window 60;
};
recursion no;
allow-query {
"trusted";
};
allow-transfer {
"transfer-trusted";
};
also-notify {
192.0.2.8;
};
notify explicit;
notify-source 192.0.2.60;
request-ixfr no;
transfer-source 192.0.2.65;
zone-statistics no;
};
zone "X" {
....
```
[tkey-servfail.pcap](/uploads/bbefe7dff2b23cdd875fc5e366b2ba91/tkey-servfail.pcap)August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/4215Add ISC_R_TIMEDOUT to the reasons to call dns_zonemgr_unreachableadd in xfrin2023-08-17T12:15:43ZMark AndrewsAdd ISC_R_TIMEDOUT to the reasons to call dns_zonemgr_unreachableadd in xfrinUse timeout as another reason to mark a primary as temporarily unreachable in xfrin.c. This should help the fall over to other primaries happen faster when one primary is not responding.Use timeout as another reason to mark a primary as temporarily unreachable in xfrin.c. This should help the fall over to other primaries happen faster when one primary is not responding.August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/4203run.gdb not found2023-07-28T11:53:56ZMark Andrewsrun.gdb not foundStack backtrace no produced because `run.gdb` was not found.
```
[New LWP 100128]
[New LWP 100256]
[New LWP 100257]
[New LWP 100323]
Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -c /builds/isc-projects/bind9/b...Stack backtrace no produced because `run.gdb` was not found.
```
[New LWP 100128]
[New LWP 100256]
[New LWP 100257]
[New LWP 100323]
Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -c /builds/isc-projects/bind9/b'.
Program terminated with signal SIGABRT, Aborted.
Sent by kill() from pid 2375 and user 1001.
#0 0x00000000002384f7 in control_recvmessage (result=ISC_R_SHUTTINGDOWN, arg=0x802659960, handle=<optimized out>) at controlconf.c:418
warning: Source file is more recent than executable.
418 if (conn->shuttingdown) {
[Current thread is 1 (LWP 100128)]
warning: run.gdb: No such file or directory
```August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)https://gitlab.isc.org/isc-projects/bind9/-/issues/4200Repeated crashes from BIND 9.16.40-S1 and 9.16.42.S1 consistently from either...2023-08-02T10:18:37ZCathy AlmondRepeated crashes from BIND 9.16.40-S1 and 9.16.42.S1 consistently from either db.c:1263 or db.c:138### Summary
This organisation run 20 or so servers, they are all on BIND 9.16.40-S1 and 9.16.42.S1. The servers that run 9.16.42-S1 are recently upgraded. The servers running 9.16.40-S1 have been doing so for almost as long as this ve...### Summary
This organisation run 20 or so servers, they are all on BIND 9.16.40-S1 and 9.16.42.S1. The servers that run 9.16.42-S1 are recently upgraded. The servers running 9.16.40-S1 have been doing so for almost as long as this version has been available. The crashes started around June 29/30, so something has changed that is triggering them.
Here is a sample of the crashes as reported in their logs:
```
mpcold1/named.log:2023-07-02T11:43:09+00:00 mpcold1 named[28600]: 02-Jul-2023 11:43:09.241 general: critical: db.c:1263: REQUIRE((__b
uiltin_expect(!!((db) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(db))->magic == ((('D') << 24 | ('N') << 16 |
('S') << 8 | ('D')))), 1))) failed
mpcold1/named.log:2023-07-02T11:43:09+00:00 mpcold1 named[28600]: 02-Jul-2023 11:43:09.241 general: critical: exiting (due to asserti
on failure)
mpcold2/named.log:2023-07-05T14:50:13+00:00 mpcold2 named[2841]: 05-Jul-2023 14:50:13.161 general: critical: db.c:138: REQUIRE((__bui
ltin_expect(!!((source) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(source))->magic == ((('D') << 24 | ('N') <
< 16 | ('S') << 8 | ('D')))), 1))) failed
mpcold2/named.log:2023-07-05T14:50:13+00:00 mpcold2 named[2841]: 05-Jul-2023 14:50:13.161 general: critical: exiting (due to assertio
n failure)
mpcold3/named.log:2023-07-02T09:18:11+00:00 mpcold3 named[60441]: 02-Jul-2023 09:18:11.174 general: critical: db.c:1263: REQUIRE((__b
uiltin_expect(!!((db) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(db))->magic == ((('D') << 24 | ('N') << 16 |
('S') << 8 | ('D')))), 1))) failed
mpcold3/named.log:2023-07-02T09:18:11+00:00 mpcold3 named[60441]: 02-Jul-2023 09:18:11.174 general: critical: exiting (due to asserti
on failure)
mpcold3/named.log:2023-07-04T19:41:07+00:00 mpcold3 named[28125]: 04-Jul-2023 19:41:07.874 general: critical: db.c:1263: REQUIRE((__b
uiltin_expect(!!((db) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(db))->magic == ((('D') << 24 | ('N') << 16 |
('S') << 8 | ('D')))), 1))) failed
mpcold3/named.log:2023-07-04T19:41:07+00:00 mpcold3 named[28125]: 04-Jul-2023 19:41:07.874 general: critical: exiting (due to asserti
on failure)
mpcold4/named.log:2023-07-02T09:54:16+00:00 mpcold4 named[81687]: 02-Jul-2023 09:54:16.146 general: critical: db.c:1263: REQUIRE((__b
uiltin_expect(!!((db) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(db))->magic == ((('D') << 24 | ('N') << 16 |
('S') << 8 | ('D')))), 1))) failed
mpcold4/named.log:2023-07-02T09:54:16+00:00 mpcold4 named[81687]: 02-Jul-2023 09:54:16.146 general: critical: exiting (due to asserti
on failure)
mpcold4/named.log:2023-07-03T06:39:10+00:00 mpcold4 named[14845]: 03-Jul-2023 06:39:10.816 general: critical: db.c:138: REQUIRE((__bu
iltin_expect(!!((source) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(source))->magic == ((('D') << 24 | ('N')
<< 16 | ('S') << 8 | ('D')))), 1))) failed
mpcold4/named.log:2023-07-03T06:39:10+00:00 mpcold4 named[14845]: 03-Jul-2023 06:39:10.816 general: critical: exiting (due to asserti
on failure)
mpcold4/named.log:2023-07-04T11:12:28+00:00 mpcold4 named[71958]: 04-Jul-2023 11:12:28.531 general: critical: db.c:1263: REQUIRE((__b
uiltin_expect(!!((db) != ((void *)0)), 1) && __builtin_expect(!!(((const isc__magic_t *)(db))->magic == ((('D') << 24 | ('N') << 16 |
('S') << 8 | ('D')))), 1))) failed
```
### BIND version used
9.16.40-S1 and 9.16.42-S1 (I don't have named -V, but can get this). Self-built and RPMs created that they install on their suite of resolvers. Stripped binaries - we're working on this as we have a lot of core dumps ...
### Steps to reproduce
No reproduction, just wait...
### What is the current *bug* behavior?
BIND crashes.
### What is the expected *correct* behavior?
BIND doesn't crash.
### Relevant configuration files
Significantly, what we have here is resolvers that are acting as proxies in front of Intranet auth servers. The queries they receive had originally been fielded by load-balancers, that flip the RD bit and then send them on to one of two views (one is auth only, the other accepts recursion). We're interested in the recursive side of things, and the fact the query header RD bit has been flipped is interesting for the background picture, but shouldn't affect the scenario that we have a resolver repeatedly crashing. The important components of the options are:
```
options {
directory "/var/named";
//listen-on port 53 { _obscured_; _obscured_; _obscured_; _obscured_; };
listen-on port 53 { _obscured_; _obscured_; _obscured_; _obscured_; _obscured_; _obscured_; };
query-source address _obscured_;
query-source-v6 address _obscured_;
dnssec-enable yes;
dnssec-validation no;
//edns-udp-size 1024;
version "";
stale-cache-enable no;
allow-update { none ; };
allow-transfer { none; };
transfer-source _obscured_;
transfers-per-ns 1;
transfers-in 10;
recursive-clients 5000;
tcp-idle-timeout 30;
tcp-clients 750;
notify no;
send-cookie no;
require-server-cookie no;
ecs-forward {any;};
ecs-zones { obscured; };
fetches-per-zone 35 drop;
fetch-quota-params 100 .1 .3 .7;
fetches-per-server 50 drop;
rate-limit {
slip 2; // Every other response truncated
window 15; // Seconds to bucket
responses-per-second 100; // # of good responses per prefix-length/sec
referrals-per-second 80; // referral responses
nodata-per-second 25; // nodata responses
nxdomains-per-second 20; // nxdomain responses
errors-per-second 25; // error responses
all-per-second 500; // When we drop all
log-only no; // Debugging mode
qps-scale 5000; // x / 1000 * per-second = new drop limit
//exempt-clients { 127.0.0.1; _obscured_; _obscured_ !};
ipv4-prefix-length 24; // Define the IPv4 block size
ipv6-prefix-length 56; // Define the IPv6 block size
max-table-size 1200000; // 40 bytes * this number = max memory
min-table-size 500; // pre-allocate to speed startup
};
};
```
### Relevant logs and/or screenshots
See crashes logged above.
Significantly in the one I first looked at, just ahead of the crash was this:
> Jul 4 11:22:09 mppacd2 named[2884]: client @0x7f7eb03864e0
> _obscured_#44786 (_obscured_): view Rec-
> instance: recursive-clients soft limit exceeded (4901/4900/5000),
> aborting oldest query
> Jul 4 11:22:09 mppacd2 named[2884]: client @0x7f7e7c720f20
> _obscured-different_#62182 (_obscured-different_): view Rec-
> instance: no more recursive clients (5000/4900/5000): quota reached
However, exploring further - this is not consistently associated with the crashes - the quota is being reached with no crashes, and the crashes occur without quota reached being logged.
Note however that both fetch-limits and RRL are being triggered.
More data is available from [Support ticket #22339](https://support.isc.org/Ticket/Display.html?id=22339)
### Possible fixes
I checked the crash code locations - here are my musings
db.c:1263
```
isc_result_t
dns_db_getservestalerefresh(dns_db_t *db, uint32_t *interval) {
REQUIRE(DNS_DB_VALID(db));
REQUIRE((db->attributes & DNS_DBATTR_CACHE) != 0);
if (db->methods->getservestalerefresh != NULL) {
return ((db->methods->getservestalerefresh)(db, interval));
}
return (ISC_R_NOTIMPLEMENTED);
}
```
db.c:138
```
dns_db_attach(dns_db_t *source, dns_db_t **targetp) {
/*
* Attach *targetp to source.
*/
REQUIRE(DNS_DB_VALID(source));
REQUIRE(targetp != NULL && *targetp == NULL);
(source->methods->attach)(source, targetp);
ENSURE(*targetp == source);
}
```
The crash is for the exact same reason in each - this test fails:
` REQUIRE(DNS_DB_VALID(source));`
But why do we not have a valid DB pointer? `dns_db_attach()` is used all over the place - too many for me to do anything useful with without stack traces that show me the circumstances around the call. But there are only a handful of locations where we call `dns_db_getservestalerefresh()` so I took a meander...
The likeliest candidate is in query.c from query_lookup(). Note that we're getting the pointer to the db from the client. (Aside: also that we're getting the value of the length of time in which stale answers are directly returned from cache before attempting to refresh them (in case a previous attempt in doing so has failed), without first checking if we're going to use stale content at all, or even if we have stale cache enabled. So this is unnecessary, except that we then decide what to do with the value. But this lookup from cache DB should work anyway.)
I'm bothered that the pointer to the cachedb is dud. Might this be a race between looking in cache to construct query response (on a timeout) versus the same client being dropped simultaneously because of hitting recursive clients quota?
```
(void)dns_db_getservestalerefresh(qctx->client->view->cachedb,
&stale_refresh);
```
That's the call - the pointer to cachedb that is invalid has come from the client structure. Why is that 'bad'? Where did we get the pointer to the client struct from, and why is only this operation crashing if this is a race between 'do something with this client' and 'this client is being dropped because of some quota or something'?
Looking at the other locations, I doubt that the crash has come from server.c - that's just a call with a direct pointer to the cache DB in order to get the value to output in response to an rndc query to get the values.
Meanwhile, I see in cache.c that the call to dns_db_getservestalerefresh() has a wrapper:
dns_cache_getservestalerefresh()
But I think this is also not useful. I see it used in server.c whilst checking what its value is to determine whether or not it's OK for two views to share the same cache. And see what dns_cache_getservestalerefresh() does before it calls dns_db_getservestalerefresh() - calls REQUIRE(VALID_CACHE(cache)). I do not think we passed this way in the direction of the crash...August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)https://gitlab.isc.org/isc-projects/bind9/-/issues/4059Oracle Linux 8 shell doesn't always restore environment variable correctly2023-08-02T08:49:35ZMark AndrewsOracle Linux 8 shell doesn't always restore environment variable correctlyJob [#3374668](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3374668) failed for 0592aaa4a97351f736418b2bbc53e89113a578c5:
I saw that dig was making AAAA queries instead of A queries by default a couple of times developing !7888. Ea...Job [#3374668](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3374668) failed for 0592aaa4a97351f736418b2bbc53e89113a578c5:
I saw that dig was making AAAA queries instead of A queries by default a couple of times developing !7888. Earlier in the resolver test we use `HOME="$(pwd)" dig_with_opts @10.53.0.4 . > dig.out.1.${n} || ret=1` a few times. This shouldn't have a long term effect on HOME but that is the only explanation that makes sense. Creating an explicit sub shell should fix the issue. For !7888 I explicitly set the type.
Note below the type was not specified but should default to A.
```
% more dig.out.60
; <<>> DiG 9.19.14-dev <<>> -p 14345 +tcp @10.53.0.5 options-formerr
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 54036
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 31786a72177b15f101000000645c36ee6cd499386040212e (good)
;; QUESTION SECTION:
;options-formerr. IN AAAA
;; AUTHORITY SECTION:
options-formerr. 1 IN SOA . . 0 0 0 0 0
;; Query time: 0 msec
;; SERVER: 10.53.0.5#14345(10.53.0.5) (TCP)
;; WHEN: Thu May 11 00:29:34 UTC 2023
;; MSG SIZE rcvd: 106
%
```August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)https://gitlab.isc.org/isc-projects/bind9/-/issues/4032Cannot change max-zone-ttl for dnssec-policy insecure2023-08-01T13:02:07ZKimmo SuominenCannot change max-zone-ttl for dnssec-policy insecure<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
The `insecure` DNSSEC policy cannot be successfully applied to a zone that contains TTLs larger than 1 day (86400). The zone will not be loaded due to the `max-zone-ttl` of `P1D` that apparently is part of the `insecure` policy.
### BIND version used
```
BIND 9.16.37-Debian (Extended Support Version) <id:2b2afb2>
running on Linux x86_64 5.10.0-21-amd64 #1 SMP Debian 5.10.162-1 (2023-01-21)
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--runstatedir=/run' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-t8MKLi/bind9-9.16.37=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 10.2.1 20210110
compiled with OpenSSL version: OpenSSL 1.1.1n 15 Mar 2022
linked to OpenSSL version: OpenSSL 1.1.1n 15 Mar 2022
compiled with libuv version: 1.40.0
linked to libuv version: 1.40.0
compiled with libxml2 version: 2.9.10
linked to libxml2 version: 20910
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
Change the configuration to apply `dnssec-policy insecure;` instead of a previous DNSSEC policy to a zone that has TTLs higher than 1 day.
### What is the current *bug* behavior?
Zone is not loaded due to the offending TTL.
### What is the expected *correct* behavior?
Either `max-zone-ttl unlimited;` should apply to `dnssec-policy insecure;`, or there needs to be a way to configure `max-zone-ttl` for the `insecure` policy.
### Relevant configuration files
```
zone "5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa" {
type master;
file "pri/2001.470.28.d85.rev";
dnssec-policy insecure;
inline-signing yes;
parental-agents {
"8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa";
};
notify yes;
allow-transfer {
"allow-transfer";
};
};
```
### Relevant logs and/or screenshots
KSK seen withdrawn here, `dnssec-policy insecure;` has already been applied:
```
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): reconfiguring zone keys
Apr 21 10:33:46 grendel named[2305]: keymgr: retire DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/22324 (KSK)
Apr 21 10:33:46 grendel named[2305]: keymgr: retire DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/45816 (ZSK)
Apr 21 10:33:46 grendel named[2305]: DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/22324 (KSK) is now inactive
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): next key event: 21-Apr-2023 11:33:46.003
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): checkds: empty DS response from 216.218.130.2#53
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): checkds: empty DS response from 216.66.1.2#53
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): checkds: empty DS response from 216.218.131.2#53
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): checkds: empty DS response from 216.218.132.2#53
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): checkds: empty DS response from 216.66.80.18#53
Apr 21 10:33:46 grendel named[2305]: keymgr: checkds DS for key 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/22324 seen withdrawn at Fri Apr 21 10:33:46 2023
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): reconfiguring zone keys
Apr 21 10:33:46 grendel named[2305]: keymgr: retire DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/22324 (KSK)
Apr 21 10:33:46 grendel named[2305]: keymgr: retire DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/45816 (ZSK)
Apr 21 10:33:46 grendel named[2305]: DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/22324 (KSK) is now inactive
Apr 21 10:33:46 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): next key event: 22-Apr-2023 12:33:46.583
```
Everything is still working here:
```
Apr 21 11:53:26 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): checkds: set 5 parentals
Apr 21 11:53:26 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): reconfiguring zone keys
Apr 21 11:53:26 grendel named[2305]: keymgr: retire DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/22324 (KSK)
Apr 21 11:53:26 grendel named[2305]: keymgr: retire DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/45816 (ZSK)
Apr 21 11:53:26 grendel named[2305]: DNSKEY 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/RSASHA256/22324 (KSK) is now inactive
Apr 21 11:53:26 grendel named[2305]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): next key event: 22-Apr-2023 12:33:46.725
```
Restarting here:
```
Apr 21 23:37:41 grendel named[2305]: received control channel command 'stop'
Apr 21 23:37:41 grendel named[2305]: no longer listening on 127.0.0.1#53
Apr 21 23:37:41 grendel named[2305]: no longer listening on <IPv4>#53
Apr 21 23:37:41 grendel named[2305]: no longer listening on ::1#53
Apr 21 23:37:41 grendel named[2305]: no longer listening on <Global IPv6>#53
Apr 21 23:37:41 grendel named[2305]: no longer listening on <Link Local IPv6>%2#53
Apr 21 23:37:41 grendel named[2305]: shutting down: flushing changes
Apr 21 23:37:41 grendel named[2305]: stopping command channel on 127.0.0.1#953
Apr 21 23:37:41 grendel named[2305]: exiting
Apr 21 23:37:41 grendel named[137244]: starting BIND 9.16.37-Debian (Extended Support Version) <id:2b2afb2>
```
With the restart, signed versions of zones failed to load due to DNSKEY records unexpectedly now having a TTL of 7 days:
```
Apr 21 23:37:41 grendel named[137244]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): checkds: set 5 parentals
Apr 21 23:37:41 grendel named[137244]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (unsigned): loaded serial 2021091700
Apr 21 23:37:41 grendel named[137244]: dns_master_load: TTL 604800 exceeds configured max-zone-ttl 86400
Apr 21 23:37:41 grendel named[137244]: dns_master_load: out of range
Apr 21 23:37:41 grendel named[137244]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): loading from master file pri/2001.470.28.d85.rev.signed failed: out of range
Apr 21 23:37:41 grendel named[137244]: zone 5.8.d.0.8.2.0.0.0.7.4.0.1.0.0.2.ip6.arpa/IN (signed): not loaded due to errors.
```
### Possible fixesAugust 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/3700consider deprecating "dialup" option2023-08-04T09:42:20ZPetr Špačekpspacek@isc.orgconsider deprecating "dialup" optionIt is unclear if [dialup](https://bind9.readthedocs.io/en/v9_19_7/reference.html#namedconf-statement-dialup) statement is useful in practice, and at the same time it adds fair amount of logic to zone refresh/notify handling.
Consider th...It is unclear if [dialup](https://bind9.readthedocs.io/en/v9_19_7/reference.html#namedconf-statement-dialup) statement is useful in practice, and at the same time it adds fair amount of logic to zone refresh/notify handling.
Consider the fun of finding out how following flags interact:
`lib/dns/zone.c`:
```c
19964 void
19965 dns_zone_setdialup(dns_zone_t *zone, dns_dialuptype_t dialup) {
19966 REQUIRE(DNS_ZONE_VALID(zone));
19967
19968 LOCK_ZONE(zone);
19969 DNS_ZONE_CLRFLAG(zone, DNS_ZONEFLG_DIALNOTIFY |
19970 DNS_ZONEFLG_DIALREFRESH |
19971 DNS_ZONEFLG_NOREFRESH);
19972 switch (dialup) {
19973 case dns_dialuptype_no:
19974 break;
19975 case dns_dialuptype_yes:
19976 DNS_ZONE_SETFLAG(zone, (DNS_ZONEFLG_DIALNOTIFY |
19977 DNS_ZONEFLG_DIALREFRESH |
19978 DNS_ZONEFLG_NOREFRESH));
19979 break;
19980 case dns_dialuptype_notify:
19981 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY);
19982 break;
19983 case dns_dialuptype_notifypassive:
19984 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALNOTIFY);
19985 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
19986 break;
19987 case dns_dialuptype_refresh:
19988 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_DIALREFRESH);
19989 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
19990 break;
19991 case dns_dialuptype_passive:
19992 DNS_ZONE_SETFLAG(zone, DNS_ZONEFLG_NOREFRESH);
19993 break;
19994 default:
19995 UNREACHABLE();
19996 }
19997 UNLOCK_ZONE(zone);
19998 }
```August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)https://gitlab.isc.org/isc-projects/stork/-/issues/1123Bug in handling an empty HA failure time2023-08-02T12:48:49ZSlawek FigielBug in handling an empty HA failure timeThe issue was reported by @marcin during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393110).
We introduced regression in the dashboard related to the `showHAFailureTime`:
![Zrzut_ekranu_2023-08-2_...The issue was reported by @marcin during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1122#note_393110).
We introduced regression in the dashboard related to the `showHAFailureTime`:
![Zrzut_ekranu_2023-08-2_o_12.55.44](https://gitlab.isc.org/isc-projects/stork/uploads/074f6cee431186acbd228f0f74e1988f/Zrzut_ekranu_2023-08-2_o_12.55.44.png)
The problem is we don't see services status beyond the first one that failed.
That's what I get in the console:
```
ERROR TypeError: n is null
showHAFailureTime http://localhost:8080/main.76ff0b13e4fb0d4e.js:1
Sfe http://localhost:8080/main.76ff0b13e4fb0d4e.js:1
```1.12Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4223dns_badcache uses yet another own hash table implementation2023-08-02T08:14:15ZOndřej Surýdns_badcache uses yet another own hash table implementation...replace it with isc_hashmap (or isc_ht)...replace it with isc_hashmap (or isc_ht)August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/stork/-/issues/1119Create shared network view in the UI2023-08-01T15:33:51ZMarcin SiodelskiCreate shared network view in the UIWe have to create similar view for the shared network to the subnet view created in #953. It also requires extending our API to pass the shared network-level parameters from the server to the UI.We have to create similar view for the shared network to the subnet view created in #953. It also requires extending our API to pass the shared network-level parameters from the server to the UI.1.12Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/1118CI pipelines stopped to prepare2023-07-18T11:55:41ZSlawek FigielCI pipelines stopped to prepareUnexpectedly the system test CI pipeline fails to build.
```
$ rake prepare:systemtest
/usr/bin/python3 -m venv /builds/isc-projects/stork/tools/python
Preparing: /builds/isc-projects/stork/tools/python/bin/pytest...
/builds/isc-project...Unexpectedly the system test CI pipeline fails to build.
```
$ rake prepare:systemtest
/usr/bin/python3 -m venv /builds/isc-projects/stork/tools/python
Preparing: /builds/isc-projects/stork/tools/python/bin/pytest...
/builds/isc-projects/stork/tools/python/bin/python --version
Python 3.8.10
/builds/isc-projects/stork/tools/python/bin/pip install -r /builds/isc-projects/stork/rakelib/init_deps/pytest.txt
Collecting attrs==22.2.0
Downloading attrs-22.2.0-py3-none-any.whl (60 kB)
Collecting iniconfig==1.1.1
Downloading iniconfig-1.1.1-py2.py3-none-any.whl (5.0 kB)
Collecting packaging==21.3
Downloading packaging-21.3-py3-none-any.whl (40 kB)
Collecting pluggy==1.0.0
Downloading pluggy-1.0.0-py2.py3-none-any.whl (13 kB)
Collecting py==1.11.0
Downloading py-1.11.0-py2.py3-none-any.whl (98 kB)
Collecting pyparsing==3.0.9
Downloading pyparsing-3.0.9-py3-none-any.whl (98 kB)
Collecting pytest==7.0.1
Downloading pytest-7.0.1-py3-none-any.whl (296 kB)
Collecting pytest-timeout==2.1.0
Downloading pytest_timeout-2.1.0-py3-none-any.whl (12 kB)
Collecting python-dateutil==2.8.2
Downloading python_dateutil-2.8.2-py2.py3-none-any.whl (247 kB)
Collecting pyyaml==6.0
Downloading PyYAML-6.0.tar.gz (124 kB)
Installing build dependencies: started
Installing build dependencies: finished with status 'done'
Getting requirements to build wheel: started
Getting requirements to build wheel: finished with status 'error'
ERROR: Command errored out with exit status 1:
command: /builds/isc-projects/stork/tools/python/bin/python3 /builds/isc-projects/stork/tools/python/lib/python3.8/site-packages/pip/_vendor/pep517/in_process/_in_process.py get_requires_for_build_wheel /tmp/tmpg1pma8o9
cwd: /tmp/pip-install-ldhuyl6g/pyyaml_7fdf76ff00324b1a89504cd91160274c
Complete output (48 lines):
running egg_info
writing lib/PyYAML.egg-info/PKG-INFO
writing dependency_links to lib/PyYAML.egg-info/dependency_links.txt
writing top-level names to lib/PyYAML.egg-info/top_level.txt
Traceback (most recent call last):
File "/builds/isc-projects/stork/tools/python/lib/python3.8/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 280, in <module>
main()
File "/builds/isc-projects/stork/tools/python/lib/python3.8/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 263, in main
json_out['return_val'] = hook(**hook_input['kwargs'])
File "/builds/isc-projects/stork/tools/python/lib/python3.8/site-packages/pip/_vendor/pep517/in_process/_in_process.py", line 114, in get_requires_for_build_wheel
return hook(config_settings)
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 341, in get_requires_for_build_wheel
return self._get_build_requires(config_settings, requirements=['wheel'])
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 323, in _get_build_requires
self.run_setup()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/build_meta.py", line 338, in run_setup
exec(code, locals())
File "<string>", line 288, in <module>
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/__init__.py", line 107, in setup
return distutils.core.setup(**attrs)
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/_distutils/core.py", line 185, in setup
return run_commands(dist)
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/_distutils/core.py", line 201, in run_commands
dist.run_commands()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/_distutils/dist.py", line 969, in run_commands
self.run_command(cmd)
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/dist.py", line 1234, in run_command
super().run_command(command)
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/_distutils/dist.py", line 988, in run_command
cmd_obj.run()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 314, in run
self.find_sources()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 322, in find_sources
mm.run()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 551, in run
self.add_defaults()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/command/egg_info.py", line 589, in add_defaults
sdist.add_defaults(self)
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/command/sdist.py", line 104, in add_defaults
super().add_defaults()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/_distutils/command/sdist.py", line 251, in add_defaults
self._add_defaults_ext()
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/_distutils/command/sdist.py", line 336, in _add_defaults_ext
self.filelist.extend(build_ext.get_source_files())
File "<string>", line 204, in get_source_files
File "/tmp/pip-build-env-2vmv0356/overlay/lib/python3.8/site-packages/setuptools/_distutils/cmd.py", line 107, in __getattr__
raise AttributeError(attr)
AttributeError: cython_sources
----------------------------------------
WARNING: Discarding https://files.pythonhosted.org/packages/36/2b/61d51a2c4f25ef062ae3f74576b01638bebad5e045f747ff12643df63844/PyYAML-6.0.tar.gz#sha256=68fb519c14306fec9720a2a5b45bc9f0c8d1b9c72adf45c37baedfcd949c35a2 (from https://pypi.org/simple/pyyaml/) (requires-python:>=3.6). Command errored out with exit status 1: /builds/isc-projects/stork/tools/python/bin/python3 /builds/isc-projects/stork/tools/python/lib/python3.8/site-packages/pip/_vendor/pep517/in_process/_in_process.py get_requires_for_build_wheel /tmp/tmpg1pma8o9 Check the logs for full command output.
ERROR: Could not find a version that satisfies the requirement pyyaml==6.0 (from versions: 3.10, 3.11, 3.12, 3.13b1, 3.13rc1, 3.13, 4.2b1, 4.2b2, 4.2b4, 5.1b1, 5.1b3, 5.1b5, 5.1, 5.1.1, 5.1.2, 5.2b1, 5.2, 5.3b1, 5.3, 5.3.1, 5.4b1, 5.4b2, 5.4, 5.4.1, 6.0b1, 6.0)
ERROR: No matching distribution found for pyyaml==6.0
WARNING: You are using pip version 21.1.1; however, version 23.2 is available.
You should consider upgrading via the '/builds/isc-projects/stork/tools/python/bin/python3 -m pip install --upgrade pip' command.
rake aborted!
```1.12Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1115Pipeline failures due to invalid 'bdist_wheel' (?)2023-07-11T13:23:29ZSlawek FigielPipeline failures due to invalid 'bdist_wheel' (?)Today, all pipelines in all MRs have started failing. They produce the below output.
```
$ rake prepare
mkdir -p /builds/isc-projects/stork/tools/golang/gopath
Preparing: /bin/sed...
Preparing: /bin/tar...
Preparing: /builds/isc-project...Today, all pipelines in all MRs have started failing. They produce the below output.
```
$ rake prepare
mkdir -p /builds/isc-projects/stork/tools/golang/gopath
Preparing: /bin/sed...
Preparing: /bin/tar...
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/dlv...
/usr/bin/wget --tries=inf --waitretry=3 --retry-on-http-error=429,500,503,504 --no-verbose https://dl.google.com/go/go1.19.7.linux-amd64.tar.gz -O go.tar.gz
2023-07-05 15:13:53 URL:https://dl.google.com/go/go1.19.7.linux-amd64.tar.gz [149010475/149010475] -> "go.tar.gz" [1]
tar -zxf go.tar.gz
rm go.tar.gz
touch -c /builds/isc-projects/stork/tools/golang/go/bin/go
/builds/isc-projects/stork/tools/golang/go/bin/go version
go version go1.19.7 linux/amd64
/builds/isc-projects/stork/tools/golang/go/bin/go install github.com/go-delve/delve/cmd/dlv@v1.20.1
go: downloading github.com/go-delve/delve v1.20.1
go: downloading github.com/sirupsen/logrus v1.6.0
go: downloading github.com/spf13/cobra v1.1.3
go: downloading github.com/mattn/go-isatty v0.0.3
go: downloading github.com/cosiner/argv v0.1.0
go: downloading github.com/derekparker/trie v0.0.0-20200317170641-1fdf38b7b0e9
go: downloading github.com/go-delve/liner v1.2.3-0.20220127212407-d32d89dd2a5d
go: downloading gopkg.in/yaml.v2 v2.4.0
go: downloading github.com/google/go-dap v0.6.0
go: downloading go.starlark.net v0.0.0-20220816155156-cfacd8902214
go: downloading github.com/hashicorp/golang-lru v0.5.4
go: downloading golang.org/x/arch v0.0.0-20190927153633-4e8777c89be4
go: downloading golang.org/x/sys v0.0.0-20220908164124-27713097b956
go: downloading github.com/mattn/go-runewidth v0.0.13
go: downloading github.com/cilium/ebpf v0.7.0
go: downloading github.com/cpuguy83/go-md2man/v2 v2.0.0
go: downloading github.com/spf13/pflag v1.0.5
go: downloading github.com/rivo/uniseg v0.2.0
go: downloading github.com/russross/blackfriday/v2 v2.0.1
go: downloading github.com/shurcooL/sanitized_anchor_name v1.0.0
/builds/isc-projects/stork/tools/golang/go/bin/dlv version
Delve Debugger
Version: 1.20.1
Build: $Id: 96e65b6c615845d42e0e31d903f6475b0e4ece6e $
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/gdlv...
/builds/isc-projects/stork/tools/golang/go/bin/go install github.com/aarzilli/gdlv@v1.9.0
go: downloading github.com/aarzilli/gdlv v1.9.0
go: downloading github.com/aarzilli/nucular v0.0.0-20220508071202-1e37c3d3f055
go: downloading github.com/go-delve/delve v1.2.0
go: downloading go.starlark.net v0.0.0-20200821142938-949cc6f4b097
go: downloading golang.org/x/mobile v0.0.0-20201217150744-e6ae53a27f4f
go: downloading github.com/BurntSushi/xgb v0.0.0-20160522181843-27f122750802
go: downloading github.com/golang/freetype v0.0.0-20170609003504-e2365dfdc4a0
go: downloading golang.org/x/image v0.0.0-20200618115811-c13761719519
go: downloading github.com/hashicorp/golang-lru v0.5.3
go: downloading golang.org/x/exp v0.0.0-20201221025956-e89b829e73ea
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/go...
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/govulncheck...
/builds/isc-projects/stork/tools/golang/go/bin/go install golang.org/x/vuln/cmd/govulncheck@latest
go: downloading golang.org/x/vuln v0.2.0
go: downloading golang.org/x/mod v0.10.0
go: downloading golang.org/x/tools v0.8.1-0.20230421161920-b9619ee54b47
go: downloading golang.org/x/sync v0.1.0
go: downloading golang.org/x/sys v0.7.0
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/mockery...
/builds/isc-projects/stork/tools/golang/go/bin/go install github.com/vektra/mockery/v2@v2.20.2
go: downloading github.com/vektra/mockery/v2 v2.20.2
go: downloading github.com/chigopher/pathlib v0.12.0
go: downloading github.com/mitchellh/go-homedir v1.1.0
go: downloading github.com/rs/zerolog v1.27.0
go: downloading github.com/spf13/viper v1.14.0
go: downloading github.com/pkg/errors v0.9.1
go: downloading github.com/spf13/cobra v1.4.0
go: downloading golang.org/x/crypto v0.0.0-20220525230936-793ad666bf5e
go: downloading golang.org/x/tools v0.5.0
go: downloading github.com/mitchellh/mapstructure v1.5.0
go: downloading github.com/spf13/afero v1.9.2
go: downloading github.com/spf13/cast v1.5.0
go: downloading github.com/spf13/jwalterweatherman v1.1.0
go: downloading github.com/fsnotify/fsnotify v1.6.0
go: downloading github.com/subosito/gotenv v1.4.1
go: downloading github.com/hashicorp/hcl v1.0.0
go: downloading gopkg.in/ini.v1 v1.67.0
go: downloading github.com/magiconair/properties v1.8.6
go: downloading github.com/pelletier/go-toml/v2 v2.0.5
go: downloading gopkg.in/yaml.v3 v3.0.1
go: downloading golang.org/x/sys v0.4.0
go: downloading golang.org/x/text v0.4.0
go: downloading github.com/pelletier/go-toml v1.9.5
go: downloading golang.org/x/term v0.0.0-20220526004731-065cf7ba2467
go: downloading github.com/mattn/go-colorable v0.1.12
go: downloading github.com/mattn/go-isatty v0.0.14
go: downloading golang.org/x/mod v0.7.0
/builds/isc-projects/stork/tools/golang/go/bin/mockery --version
05 Jul 23 15:14 UTC INF Starting mockery dry-run=false version=v2.20.2
05 Jul 23 15:14 UTC INF Using config: dry-run=false version=v2.20.2
v2.20.2
/builds/isc-projects/stork/tools/golang/go/bin/go install github.com/golang/mock/mockgen@v1.6.0
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/mockgen...
go: downloading github.com/golang/mock v1.6.0
go: downloading golang.org/x/mod v0.4.2
go: downloading golang.org/x/tools v0.1.1
go: downloading golang.org/x/xerrors v0.0.0-20200804184101-5ec99f83aff1
go: downloading golang.org/x/sys v0.0.0-20210510120138-977fb7262007
/builds/isc-projects/stork/tools/golang/go/bin/mockgen --version
v1.6.0
/builds/isc-projects/stork/tools/golang/go/bin/go install google.golang.org/protobuf/cmd/protoc-gen-go@v1.30.0
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/protoc-gen-go...
go: downloading google.golang.org/protobuf v1.30.0
/builds/isc-projects/stork/tools/golang/go/bin/protoc-gen-go --version
protoc-gen-go v1.30.0
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/protoc-gen-go-grpc...
/builds/isc-projects/stork/tools/golang/go/bin/go install google.golang.org/grpc/cmd/protoc-gen-go-grpc@v1.3.0
go: downloading google.golang.org/grpc/cmd/protoc-gen-go-grpc v1.3.0
go: downloading google.golang.org/grpc v1.3.0
go: downloading google.golang.org/protobuf v1.28.1
/builds/isc-projects/stork/tools/golang/go/bin/protoc-gen-go-grpc --version
protoc-gen-go-grpc 1.3.0
/builds/isc-projects/stork/tools/golang/go/bin/go install github.com/kyoh86/richgo@v0.3.12
Preparing: /builds/isc-projects/stork/tools/golang/go/bin/richgo...
go: downloading github.com/kyoh86/richgo v0.3.12
go: downloading github.com/wacul/ptr v1.0.0
go: downloading github.com/mattn/go-isatty v0.0.17
go: downloading github.com/kyoh86/xdg v1.2.0
go: downloading github.com/morikuni/aec v1.0.0
go: downloading golang.org/x/sys v0.5.0
/builds/isc-projects/stork/tools/golang/go/bin/richgo version
go version go1.19.7 linux/amd64
Preparing: /builds/isc-projects/stork/tools/golang/golangci-lint...
/usr/bin/wget --tries=inf --waitretry=3 --retry-on-http-error=429,500,503,504 --no-verbose https://github.com/golangci/golangci-lint/releases/download/v1.51.2/golangci-lint-1.51.2-linux-amd64.tar.gz -O golangci-lint.tar.gz
2023-07-05 15:14:21 URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/132145189/6f8aad9d-e3e5-454c-85c0-7124b41198bf?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230705%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230705T151421Z&X-Amz-Expires=300&X-Amz-Signature=d34f170cc8653bf8fdc121a7c80f8a6ed5debc99b45a2e40b65718db3f8c0ac4&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=132145189&response-content-disposition=attachment%3B%20filename%3Dgolangci-lint-1.51.2-linux-amd64.tar.gz&response-content-type=application%2Foctet-stream [9811454/9811454] -> "golangci-lint.tar.gz" [1]
mkdir tmp
/bin/tar -zxf golangci-lint.tar.gz -C tmp --strip-components=1
mv tmp/golangci-lint .
rm -rf tmp
rm -f golangci-lint.tar.gz
touch -c /builds/isc-projects/stork/tools/golang/golangci-lint
/builds/isc-projects/stork/tools/golang/golangci-lint --version
golangci-lint has version 1.51.2 built from 3e8facb4 on 2023-02-19T21:43:54Z
Preparing: /builds/isc-projects/stork/tools/golang/goswagger...
/usr/bin/wget --tries=inf --waitretry=3 --retry-on-http-error=429,500,503,504 --no-verbose https://github.com/go-swagger/go-swagger/releases/download/v0.30.4/swagger_linux_amd64 -O /builds/isc-projects/stork/tools/golang/goswagger
2023-07-05 15:14:35 URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/26726495/54d64c1b-57e8-4cc5-a575-964020df8a7a?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230705%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230705T151421Z&X-Amz-Expires=300&X-Amz-Signature=80132c9e210d3cab6b9b18272240c8f363448a828442055d43b46499e74fee42&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=26726495&response-content-disposition=attachment%3B%20filename%3Dswagger_linux_amd64&response-content-type=application%2Foctet-stream [16687104/16687104] -> "/builds/isc-projects/stork/tools/golang/goswagger" [1]
chmod u+x /builds/isc-projects/stork/tools/golang/goswagger
touch -c /builds/isc-projects/stork/tools/golang/goswagger
/builds/isc-projects/stork/tools/golang/goswagger version
version: v0.30.4
commit: df6da9b77aa9751f06bedb17fcf92b1ab67a7a47
Preparing: /builds/isc-projects/stork/tools/golang/protoc...
/usr/bin/wget --tries=inf --waitretry=3 --retry-on-http-error=429,500,503,504 --no-verbose https://github.com/protocolbuffers/protobuf/releases/download/v3.20.3/protoc-3.20.3-linux-x86_64.zip -O protoc.zip
2023-07-05 15:14:35 URL:https://objects.githubusercontent.com/github-production-release-asset-2e65be/23357588/f23d6b1b-e444-4b7b-8e5f-da7ca0cfa2de?X-Amz-Algorithm=AWS4-HMAC-SHA256&X-Amz-Credential=AKIAIWNJYAX4CSVEH53A%2F20230705%2Fus-east-1%2Fs3%2Faws4_request&X-Amz-Date=20230705T151435Z&X-Amz-Expires=300&X-Amz-Signature=0bcd1f12b978235f2e5ffeeaa73bad4646535d0da8b00188446e31871715ba55&X-Amz-SignedHeaders=host&actor_id=0&key_id=0&repo_id=23357588&response-content-disposition=attachment%3B%20filename%3Dprotoc-3.20.3-linux-x86_64.zip&response-content-type=application%2Foctet-stream [1713886/1713886] -> "protoc.zip" [1]
/usr/bin/unzip -o -j protoc.zip bin/protoc
Archive: protoc.zip
inflating: protoc
rm protoc.zip
/builds/isc-projects/stork/tools/golang/protoc --version
libprotoc 3.20.3
touch -c /builds/isc-projects/stork/tools/golang/protoc
mkdir -p /builds/isc-projects/stork/tools/nodejs
Preparing: /builds/isc-projects/stork/tools/nodejs/bin/node...
/usr/bin/wget --tries=inf --waitretry=3 --retry-on-http-error=429,500,503,504 --no-verbose https://nodejs.org/dist/v14.21.3/node-v14.21.3-linux-x64.tar.xz -O node.tar.xz
2023-07-05 15:14:36 URL:https://nodejs.org/dist/v14.21.3/node-v14.21.3-linux-x64.tar.xz [22187736/22187736] -> "node.tar.xz" [1]
/bin/tar -Jxf node.tar.xz --strip-components=1
rm node.tar.xz
touch -c /builds/isc-projects/stork/tools/nodejs/bin/node
/builds/isc-projects/stork/tools/nodejs/bin/node --version
v14.21.3
/builds/isc-projects/stork/tools/nodejs/bin/npm install -g --no-audit --no-progress npm@9.6.2
Preparing: /builds/isc-projects/stork/tools/nodejs/bin/npm...
/builds/isc-projects/stork/tools/nodejs/bin/npm -> /builds/isc-projects/stork/tools/nodejs/lib/node_modules/npm/bin/npm-cli.js
/builds/isc-projects/stork/tools/nodejs/bin/npx -> /builds/isc-projects/stork/tools/nodejs/lib/node_modules/npm/bin/npx-cli.js
+ npm@9.6.2
added 100 packages from 29 contributors, removed 321 packages and updated 137 packages in 4.704s
touch -c /builds/isc-projects/stork/tools/nodejs/bin/npm
/builds/isc-projects/stork/tools/nodejs/bin/npm --version
9.6.2
Preparing: /builds/isc-projects/stork/tools/nodejs/bin/npx...
/builds/isc-projects/stork/tools/nodejs/bin/npx --version
9.6.2
touch -c /builds/isc-projects/stork/tools/nodejs/bin/npx
/builds/isc-projects/stork/tools/nodejs/bin/npm install -g --no-audit --no-progress --prefix /builds/isc-projects/stork/tools/nodejs/node_modules storybook@6.5.16
Preparing: /builds/isc-projects/stork/tools/nodejs/node_modules/bin/sb...
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated trim@0.0.1: Use String.prototype.trim() instead
added 1039 packages in 20s
131 packages are looking for funding
run `npm fund` for details
touch -c /builds/isc-projects/stork/tools/nodejs/node_modules/bin/sb
/builds/isc-projects/stork/tools/nodejs/node_modules/bin/sb --version
6.5.16
/builds/isc-projects/stork/tools/nodejs/bin/npm install -g --no-audit --no-progress --prefix /builds/isc-projects/stork/tools/nodejs/node_modules yamlinc@0.1.10
Preparing: /builds/isc-projects/stork/tools/nodejs/node_modules/lib/node_modules/yamlinc/bin/yamlinc...
npm WARN deprecated source-map-url@0.4.1: See https://github.com/lydell/source-map-url#deprecated
npm WARN deprecated urix@0.1.0: Please see https://github.com/lydell/urix#deprecated
npm WARN deprecated resolve-url@0.2.1: https://github.com/lydell/resolve-url#deprecated
npm WARN deprecated source-map-resolve@0.5.3: See https://github.com/lydell/source-map-resolve#deprecated
npm WARN deprecated chokidar@2.1.8: Chokidar 2 does not receive security updates since 2019. Upgrade to chokidar 3 with 15x fewer dependencies
npm WARN deprecated cuid@2.1.8: Cuid and other k-sortable and non-cryptographic ids (Ulid, ObjectId, KSUID, all UUIDs) are all insecure. Use @paralleldrive/cuid2 instead.
added 200 packages in 2s
45 packages are looking for funding
run `npm fund` for details
touch -c /builds/isc-projects/stork/tools/nodejs/node_modules/lib/node_modules/yamlinc/bin/yamlinc
/builds/isc-projects/stork/tools/nodejs/node_modules/lib/node_modules/yamlinc/bin/yamlinc --version
Preparing: /builds/isc-projects/stork/tools/openapi-generator-cli.jar...
/usr/bin/wget --tries=inf --waitretry=3 --retry-on-http-error=429,500,503,504 --no-verbose https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/6.4.0/openapi-generator-cli-6.4.0.jar -O /builds/isc-projects/stork/tools/openapi-generator-cli.jar
2023-07-05 15:15:06 URL:https://repo1.maven.org/maven2/org/openapitools/openapi-generator-cli/6.4.0/openapi-generator-cli-6.4.0.jar [26995984/26995984] -> "/builds/isc-projects/stork/tools/openapi-generator-cli.jar" [1]
touch -c /builds/isc-projects/stork/tools/openapi-generator-cli.jar
Preparing: /builds/isc-projects/stork/tools/python/bin/flake8...
/usr/bin/python3 -m venv /builds/isc-projects/stork/tools/python
/builds/isc-projects/stork/tools/python/bin/python --version
Python 3.6.9
/builds/isc-projects/stork/tools/python/bin/pip install -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt
Collecting astroid==2.11.7 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 7))
Downloading https://files.pythonhosted.org/packages/e4/3b/f1aa1bd41e8188b3a3605d71b699b73695fc7ac862cbed23ed9dee707251/astroid-2.11.7-py3-none-any.whl (251kB)
Collecting dill==0.3.4 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 11))
Downloading https://files.pythonhosted.org/packages/b6/c3/973676ceb86b60835bb3978c6db67a5dc06be6cfdbd14ef0f5a13e3fc9fd/dill-0.3.4-py2.py3-none-any.whl (86kB)
Collecting flake8==5.0.4 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 15))
Downloading https://files.pythonhosted.org/packages/cf/a0/b881b63a17a59d9d07f5c0cc91a29182c8e8a9aa2bde5b3b2b16519c02f4/flake8-5.0.4-py2.py3-none-any.whl (61kB)
Collecting isort==5.10.1 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 17))
Downloading https://files.pythonhosted.org/packages/b8/5b/f18e227df38b94b4ee30d2502fd531bebac23946a2497e5595067a561274/isort-5.10.1-py3-none-any.whl (103kB)
Collecting lazy-object-proxy==1.7.1 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 21))
Downloading https://files.pythonhosted.org/packages/46/f1/0e4ccc88be5f58dbf1d6981d68f4e3abf3e3c1e7b44c0b35e4b53d014c0c/lazy_object_proxy-1.7.1-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (57kB)
Collecting mccabe==0.7.0 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 25))
Downloading https://files.pythonhosted.org/packages/27/1a/1f68f9ba0c207934b35b86a8ca3aad8395a3d6dd7921c0686e23853ff5a9/mccabe-0.7.0-py2.py3-none-any.whl
Collecting platformdirs==2.4.0 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 29))
Downloading https://files.pythonhosted.org/packages/b1/78/dcfd84d3aabd46a9c77260fb47ea5d244806e4daef83aa6fe5d83adb182c/platformdirs-2.4.0-py3-none-any.whl
Collecting pycodestyle==2.9.1 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 33))
Downloading https://files.pythonhosted.org/packages/67/e4/fc77f1039c34b3612c4867b69cbb2b8a4e569720b1f19b0637002ee03aff/pycodestyle-2.9.1-py2.py3-none-any.whl (41kB)
Collecting pyflakes==2.5.0 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 37))
Downloading https://files.pythonhosted.org/packages/dc/13/63178f59f74e53acc2165aee4b002619a3cfa7eeaeac989a9eb41edf364e/pyflakes-2.5.0-py2.py3-none-any.whl (66kB)
Collecting pylint==2.13.9 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 39))
Downloading https://files.pythonhosted.org/packages/03/09/7b710f4aab53e3ccc0d9596557bf020c5ad06312e54ec1b60402ec9d694f/pylint-2.13.9-py3-none-any.whl (438kB)
Collecting tomli==1.2.3 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 41))
Downloading https://files.pythonhosted.org/packages/05/e4/74f9440db36734d7ba83c574c1e7024009ce849208a41f90e94a134dc6d1/tomli-1.2.3-py3-none-any.whl
Collecting wrapt==1.15.0 (from -r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 45))
Downloading https://files.pythonhosted.org/packages/cf/b1/3c24fc0f6b589ad8c99cfd1cd3e586ef144e16aaf9381ed952d047a7ee54/wrapt-1.15.0-cp36-cp36m-manylinux_2_5_x86_64.manylinux1_x86_64.manylinux_2_17_x86_64.manylinux2014_x86_64.whl (75kB)
Collecting typing-extensions>=3.10; python_version < "3.10" (from astroid==2.11.7->-r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 7))
Downloading https://files.pythonhosted.org/packages/45/6b/44f7f8f1e110027cf88956b59f2fad776cca7e1704396d043f89effd3a0e/typing_extensions-4.1.1-py3-none-any.whl
Collecting typed-ast<2.0,>=1.4.0; implementation_name == "cpython" and python_version < "3.8" (from astroid==2.11.7->-r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 7))
Downloading https://files.pythonhosted.org/packages/f9/7e/a424029f350aa8078b75fd0d360a787a273ca753a678d1104c5fa4f3072a/typed_ast-1.5.5.tar.gz (252kB)
Requirement already satisfied: setuptools>=20.0 in ./tools/python/lib/python3.6/site-packages (from astroid==2.11.7->-r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 7))
Collecting importlib-metadata<4.3,>=1.1.0; python_version < "3.8" (from flake8==5.0.4->-r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 15))
Downloading https://files.pythonhosted.org/packages/22/51/52442c59db26637681148c21f8984eed58c9db67053a0a4783a047010c98/importlib_metadata-4.2.0-py3-none-any.whl
Collecting zipp>=0.5 (from importlib-metadata<4.3,>=1.1.0; python_version < "3.8"->flake8==5.0.4->-r /builds/isc-projects/stork/rakelib/init_deps/pylinters.txt (line 15))
Downloading https://files.pythonhosted.org/packages/bd/df/d4a4974a3e3957fd1c1fa3082366d7fff6e428ddb55f074bf64876f8e8ad/zipp-3.6.0-py3-none-any.whl
Building wheels for collected packages: typed-ast
Running setup.py bdist_wheel for typed-ast: started
Running setup.py bdist_wheel for typed-ast: finished with status 'error'
Complete output from command /builds/isc-projects/stork/tools/python/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-yqxocytj/typed-ast/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" bdist_wheel -d /tmp/tmpvkomy3gepip-wheel- --python-tag cp36:
usage: -c [global_opts] cmd1 [cmd1_opts] [cmd2 [cmd2_opts] ...]
or: -c --help [cmd1 cmd2 ...]
or: -c --help-commands
or: -c cmd --help
error: invalid command 'bdist_wheel'
----------------------------------------
Failed building wheel for typed-ast
Running setup.py clean for typed-ast
Failed to build typed-ast
Installing collected packages: typing-extensions, wrapt, lazy-object-proxy, typed-ast, astroid, dill, zipp, importlib-metadata, mccabe, pycodestyle, pyflakes, flake8, isort, platformdirs, tomli, pylint
Running setup.py install for typed-ast: started
Running setup.py install for typed-ast: finished with status 'error'
Complete output from command /builds/isc-projects/stork/tools/python/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-yqxocytj/typed-ast/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-ipzu998j-record/install-record.txt --single-version-externally-managed --compile --install-headers /builds/isc-projects/stork/tools/python/include/site/python3.6/typed-ast:
running install
running build
running build_py
creating build
creating build/lib.linux-x86_64-3.6
creating build/lib.linux-x86_64-3.6/typed_ast
copying typed_ast/conversions.py -> build/lib.linux-x86_64-3.6/typed_ast
copying typed_ast/ast3.py -> build/lib.linux-x86_64-3.6/typed_ast
copying typed_ast/ast27.py -> build/lib.linux-x86_64-3.6/typed_ast
copying typed_ast/__init__.py -> build/lib.linux-x86_64-3.6/typed_ast
package init file 'ast3/tests/__init__.py' not found (or not a regular file)
creating build/lib.linux-x86_64-3.6/typed_ast/tests
copying ast3/tests/test_basics.py -> build/lib.linux-x86_64-3.6/typed_ast/tests
running build_ext
building '_ast27' extension
creating build/temp.linux-x86_64-3.6
creating build/temp.linux-x86_64-3.6/ast27
creating build/temp.linux-x86_64-3.6/ast27/Parser
creating build/temp.linux-x86_64-3.6/ast27/Python
creating build/temp.linux-x86_64-3.6/ast27/Custom
x86_64-linux-gnu-gcc -pthread -DNDEBUG -g -fwrapv -O2 -Wall -g -fstack-protector-strong -Wformat -Werror=format-security -Wdate-time -D_FORTIFY_SOURCE=2 -fPIC -Iast27/Include -I/builds/isc-projects/stork/tools/python/include -I/usr/include/python3.6m -c ast27/Parser/acceler.c -o build/temp.linux-x86_64-3.6/ast27/Parser/acceler.o
In file included from ast27/Parser/acceler.c:13:0:
ast27/Parser/../Include/pgenheaders.h:8:10: fatal error: Python.h: No such file or directory
#include "Python.h"
^~~~~~~~~~
compilation terminated.
error: command 'x86_64-linux-gnu-gcc' failed with exit status 1
----------------------------------------
Command "/builds/isc-projects/stork/tools/python/bin/python3 -u -c "import setuptools, tokenize;__file__='/tmp/pip-build-yqxocytj/typed-ast/setup.py';f=getattr(tokenize, 'open', open)(__file__);code=f.read().replace('\r\n', '\n');f.close();exec(compile(code, __file__, 'exec'))" install --record /tmp/pip-ipzu998j-record/install-record.txt --single-version-externally-managed --compile --install-headers /builds/isc-projects/stork/tools/python/include/site/python3.6/typed-ast" failed with error code 1 in /tmp/pip-build-yqxocytj/typed-ast/
rake aborted!
Command failed with status (1): [/builds/isc-projects/stork/tools/python/bi...]
/builds/isc-projects/stork/rakelib/00_init.rake:1030:in `block in <top (required)>'
/builds/isc-projects/stork/rakelib/00_init.rake:148:in `block in find_and_prepare_deps'
/builds/isc-projects/stork/rakelib/00_init.rake:130:in `each'
/builds/isc-projects/stork/rakelib/00_init.rake:130:in `find_and_prepare_deps'
/builds/isc-projects/stork/rakelib/00_init.rake:1047:in `block in <top (required)>'
Tasks: TOP => /builds/isc-projects/stork/tools/python/bin/flake8 => /builds/isc-projects/stork/tools/python/bin/pylint
```1.12Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4194Extend DNS COOKIE support2023-08-02T08:10:44ZMark AndrewsExtend DNS COOKIE supportThe current EDNS COOKIE support does not return BADCOOKIE unless require-cookie is true. Start returning BADCOOKIE on all instances of bad server cookies.The current EDNS COOKIE support does not return BADCOOKIE unless require-cookie is true. Start returning BADCOOKIE on all instances of bad server cookies.August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)https://gitlab.isc.org/isc-projects/bind9/-/issues/4185The recursive CNAME resolving can block the thread for long time2023-07-28T11:55:05ZOndřej SurýThe recursive CNAME resolving can block the thread for long timeIt was noted that `query_cname()` chaining inside `ns_query` can take quite a lot of time which blocks the other clients (on the same thread) increasing the latency for waiting clients.
![perf.script.cut.combined.stacks-21.svg](/uploads...It was noted that `query_cname()` chaining inside `ns_query` can take quite a lot of time which blocks the other clients (on the same thread) increasing the latency for waiting clients.
![perf.script.cut.combined.stacks-21.svg](/uploads/aea0afd5f79d27d43d83dab687e24b79/perf.script.cut.combined.stacks-21.svg)August 2023 (9.16.43, 9.16.43-S1, 9.18.18, 9.18.18-S1, 9.19.16)https://gitlab.isc.org/isc-projects/stork/-/issues/1060Display of IPv6 subnets in Stork Server GUI2023-07-19T14:19:51Zbbuclin-attDisplay of IPv6 subnets in Stork Server GUIWhen listing subnets, or already on the home screen, /64 IPv6 subnet display is not too clean, as you can see in the screenshot attached. /64 subnets in an IPv6 network are the most frequent thing, and it would be nice to have a reasonab...When listing subnets, or already on the home screen, /64 IPv6 subnet display is not too clean, as you can see in the screenshot attached. /64 subnets in an IPv6 network are the most frequent thing, and it would be nice to have a reasonable display of those. Widening the left-most, “Subnet” table column might be a simple way of achieving it. The column should be sized to accommodate a complete /64 designation, eg. 2001:1234:5678:9abc::/64![Unknown](/uploads/1358ee0c08d607af94f41b92d6863d30/Unknown.png)1.12Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1059Stork 1.1.0 - BIND statistics exceed RPC message size limit2023-08-21T17:33:52ZBrandon ApplegateStork 1.1.0 - BIND statistics exceed RPC message size limitHello,
It seems that when stork-agent polls my BIND statistics channel, on one of my servers the message is too large:
```
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="rpc error: code = Res...Hello,
It seems that when stork-agent polls my BIND statistics channel, on one of my servers the message is too large:
```
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="rpc error: code = ResourceExhausted desc = grpc: received message larger than max (5625179 vs. 4194304)" file=" manager.go:110 " agent="1
27.0.0.1:8081"
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="Failed to send the following named statistics command: " file=" grpcli.go:328 " agent="127.0.0.1:8081" stats URL="http://127.0.0.1:8053/
json/v1"
Jun 9 18:58:37 ice stork-server[1280317]: time="2023-06-09 18:58:37" level="warning" msg="Problem retrieving stats from named: failed to send named statistics command via the agent 127.0.0.1:8081, the agent is still not responding" file=
" appbind9.go:59 "
```
I had posted on the mailing list and got some agreement that this is very likely the same issue as:
https://gitlab.isc.org/isc-projects/stork/-/issues/398
Except with BIND as opposed to Kea. I.e. these reponses should probably be gzipped as well.
Thanks.1.12Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/1058Filter host reservation list by subnet id2023-07-03T17:41:20ZMarcin SiodelskiFilter host reservation list by subnet idThe list of host reservations can be filtered by appId or a text. We'd like to be able to click in the subnet tab and be taken to the list of host reservations for the subnet. It requires filtering by subnetId (and perhaps also localSubn...The list of host reservations can be filtered by appId or a text. We'd like to be able to click in the subnet tab and be taken to the list of host reservations for the subnet. It requires filtering by subnetId (and perhaps also localSubnetId).1.12Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/1057Agent cannot detect RNDC key if the -c flag is not used.2023-07-25T12:26:31ZSlawek FigielAgent cannot detect RNDC key if the -c flag is not used.There are two related variables: bind9ConfPath and bind9ConfDir.
First one stores the full path to the named.conf file, and the second one is the path to a directory containing this file.
There are 4 different methods to detect where th...There are two related variables: bind9ConfPath and bind9ConfDir.
First one stores the full path to the named.conf file, and the second one is the path to a directory containing this file.
There are 4 different methods to detect where the named.conf file is located, executed one-by-one until success.
Unfortunately, the bind9ConfDir value is set before executing method number 3. It means if the named.conf is not detected by methods 1 and 2, the bind9ConfDir is empty.
The bind9ConfDir is used only in one place - to construct the rndc.key path. If it is empty, the resulting path is just rndc.key. It causes Stork looks up the rndc.key in the current working directory.
As a workaround you can:
Run the Bind 9 with the -c flag. This flag accepts the explicit path to the named.conf file.
Set the STORK_BIND9_CONFIG environment variable and provide the full path to the named.conf file as a value.1.12Slawek FigielSlawek Figiel