ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2020-08-04T13:23:19Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2024A single hung outgoing TCP connection causes resolution to time out with defa...2020-08-04T13:23:19ZMichał KępieńA single hung outgoing TCP connection causes resolution to time out with default settingsWhen named acting as a resolver connects to an authoritative server over
TCP, it [sets][1] the idle timeout for that connection to 20 seconds.
This fixed timeout was [picked][2] back when the default processing
timeout for each client qu...When named acting as a resolver connects to an authoritative server over
TCP, it [sets][1] the idle timeout for that connection to 20 seconds.
This fixed timeout was [picked][2] back when the default processing
timeout for each client query was [hardcoded][3] to 30 seconds. Commit
000a8970f840a0c27c5cc404826853c4674362ac made this processing timeout
configurable through `resolver-query-timeout` and decreased its default
value to 10 seconds, but the idle TCP timeout was not adjusted to
reflect that change. As a result, with the current defaults in effect,
a single hung TCP connection will consistently cause the resolution
process for a given query to time out.
[1]: https://gitlab.isc.org/isc-projects/bind9/-/blob/c53bfb30e84498559dd004cb674fafb47235a05b/lib/dns/resolver.c#L3020
[2]: 09b45f7b5800c4dbb86846dea35e8aba0a25b0d0
[3]: https://gitlab.isc.org/isc-projects/bind9/-/blob/7f950d7cb71c8816168654f5a28edbb67ee27553/lib/dns/resolver.c#L3320August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1989'rndc dnstap --roll' with too big a argument (>128) can cause a buffer overflow.2020-08-04T11:14:51ZMark Andrews'rndc dnstap --roll' with too big a argument (>128) can cause a buffer overflow.```
1158 if (versions > 0) {
1159 /*
1160 * First we fill 'to_keep' structure using insertion sort
1161 */
5. index_parm: Indexing array of size 2048 with versions minus an offse...```
1158 if (versions > 0) {
1159 /*
1160 * First we fill 'to_keep' structure using insertion sort
1161 */
5. index_parm: Indexing array of size 2048 with versions minus an offset in call to memset. [Note: The source code implementation of the function has been overridden by a builtin model.]
1162 memset(to_keep, 0, versions * sizeof(long long));
1163 while (isc_dir_read(&dir) == ISC_R_SUCCESS) {
```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/bind9/-/issues/2033'rndc dnstap --roll' fix was incomplete2020-08-04T11:02:59ZMark Andrews'rndc dnstap --roll' fix was incomplete```
1178 }
21. Condition i < versions, taking true branch.
1179 if (i < versions) {
CID 305429 (#1 of 1): Out-of-bounds read (OVERRUN)
22. overrun-l...```
1178 }
21. Condition i < versions, taking true branch.
1179 if (i < versions) {
CID 305429 (#1 of 1): Out-of-bounds read (OVERRUN)
22. overrun-local: Overrunning array of 2048 bytes at byte offset 2048 by dereferencing pointer &to_keep[i + 1]. [Note: The source code implementation of the function has been overridden by a builtin model.]
1180 memmove(&to_keep[i + 1],
1181 &to_keep[i],
1182 sizeof(to_keep[0]) *
1183 (versions - i -
1184 1));
1185 to_keep[i] = version;
1186 }
1187 }
1188 }
```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/48Drop $SYSTEMTESTTOP from bin/tests/system/2020-08-04T10:01:40ZMichał KępieńDrop $SYSTEMTESTTOP from bin/tests/system/This was suggested by @ondrej in !7.
The `$SYSTEMTESTTOP` shell variable if often set to `..` in various shell scripts inside `bin/tests/system/`, but most of the time it is only used one line later, while sourcing `conf.sh`. This hard...This was suggested by @ondrej in !7.
The `$SYSTEMTESTTOP` shell variable if often set to `..` in various shell scripts inside `bin/tests/system/`, but most of the time it is only used one line later, while sourcing `conf.sh`. This hardly improves code readability.
`$SYSTEMTESTTOP` is also used for the purpose of referencing scripts/files living in `bin/tests/system/`, but given that the variable is always set to a short, relative path, we could ponder dropping it altogether and replacing all of its occurrences with the relative path without really adversely affecting code readability.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2038Bind not handling interfaces changes correctly when listen-on-v6 any specified2020-08-04T09:47:10ZPeter DaviesBind not handling interfaces changes correctly when listen-on-v6 any specifiedBind not handling interfaces changes correctly when listen-on-v6 any is specified:
Ref: [RT #16753](https://support.isc.org/Ticket/Display.html?id=16753)
Interfaces changes not being correctly handled on ipv6 changes, when the l...Bind not handling interfaces changes correctly when listen-on-v6 any is specified:
Ref: [RT #16753](https://support.isc.org/Ticket/Display.html?id=16753)
Interfaces changes not being correctly handled on ipv6 changes, when the listen-on-v6 statement is defined as "any".
After network reconfiguration bind stopped listening on an previously active ipv6 socket.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/bind9/-/issues/1456always check return from isc_refcount_decrement2020-08-04T09:45:08ZMark Andrewsalways check return from isc_refcount_decrementCoverity, correctly, complains that isc_refcount_decrement return is not always checked.
Additionally isc_refcount_decrement shouldn't be calling inside INSIST, INSIST should not
have side effects as it can be compiled out.Coverity, correctly, complains that isc_refcount_decrement return is not always checked.
Additionally isc_refcount_decrement shouldn't be calling inside INSIST, INSIST should not
have side effects as it can be compiled out.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/kea/-/issues/1319MySQL error 1452 in kea-admin tests2020-08-04T08:36:05ZFrancis DupontMySQL error 1452 in kea-admin testsThe last MySQAL test mysql_unused_subnet_id_test raised an error which does not make it to fail:
```
Processing /tmp/k1196/src/share/database/scripts/mysql/upgrade_9.1_to_9.2.sh file...
ERROR 1452 (23000) at line 8: Cannot add or update ...The last MySQAL test mysql_unused_subnet_id_test raised an error which does not make it to fail:
```
Processing /tmp/k1196/src/share/database/scripts/mysql/upgrade_9.1_to_9.2.sh file...
ERROR 1452 (23000) at line 8: Cannot add or update a child row: a foreign key constraint fails (`keatest`.`#sql-22f3_4b5d`, CONSTRAINT `fk_dhcp4_options_subnet` FOREIGN KEY (`dhcp4_subnet_id`) REFERENCES `dhcp4_subnet` (`subnet_id`) ON DELETE CASCADE ON UPDATE CASCADE)
Processing /tmp/k1196/src/share/database/scripts/mysql/upgrade_9.2_to_9.3.sh file...
This script upgrades 9.2 to 9.3. Reported version is 9.1. Skipping upgrade.
Database version reported after upgrade: 9.1
Wiping whole database keatest
PASSED mysql.unused_subnet_id_test
```
I think the second (subnet) new constraint fails, something as having a subnet option when the subnet itself does not exist.kea1.8.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2026README.md -- typo2020-08-04T02:23:56ZRay KrebsREADME.md -- typotypo - fixing missing space between command and argument
-`xcode-select--install`. (Note that an Apple ID may be required to access the download
+`xcode-select --install`. (Note that an Apple ID may be required to access the download
[...typo - fixing missing space between command and argument
-`xcode-select--install`. (Note that an Apple ID may be required to access the download
+`xcode-select --install`. (Note that an Apple ID may be required to access the download
[0001-typo-fixing-missing-space-between-command-and-argume.patch](/uploads/d3b24a4b51146f772f34f95aed4b2b81/0001-typo-fixing-missing-space-between-command-and-argume.patch)August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/stork/-/issues/252Stork needs to show LPS statistic2020-08-03T13:00:02ZTomek MrugalskiStork needs to show LPS statisticWith the completion of #226 we now have a dashboard that shows subnets and pool utilization. We should extend it with leases per second statistic. Here's a mockup made by @godfryd how this could possibly look like.
![dashboard-mockup](/...With the completion of #226 we now have a dashboard that shows subnets and pool utilization. We should extend it with leases per second statistic. Here's a mockup made by @godfryd how this could possibly look like.
![dashboard-mockup](/uploads/15b7c7f88b7c8291949b58f32526fd8a/dashboard-mockup.png)
The ability to show it in the last 5 or 15 mins and some larger timescale (24h maybe) would be very useful.
This will require some small design. Here's couple caveats that's worth considering:
- should we keep the historic (last 24h) data in stork or in kea?
- what if Kea is restarted?
- if we implement something new in Kea, how can this work with older Kea releases?
- Kea doesn't have explicit LPS statistic, but has the ability to store multiple observations of addresses-assigned with timestamp. This can be used to estimate LPS. But is it precise enough? If there's a lot of traffic, the observations are only split second apart. If there's no traffic at all, there are no observations.
- Kea has a mechanism for storing multiple observations. If it's useful, perhaps we could use it. If not, maybe we could get rid of it altogether?0.10Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/1349lease commands should not accept invalid lease (PD in declined state)2020-08-03T12:12:50ZRazvan Becheriulease commands should not accept invalid lease (PD in declined state)related to #1065related to #1065kea1.8.0Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2063nsupdate fails on check-names while using comma in non-interactive mode2020-08-02T21:17:26ZFelix Stuppnsupdate fails on check-names while using comma in non-interactive mode<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
I tried to add an entry for the domain `,` (FQDN used in this issue: `,.example.com`) to my DNS server. For configuring domains I use Ansible which builds a file compatible to nsupdate and calls nsupdate respectively. However nsupdate fails and manual testing showed that the file was built correctly, however not accepted by nsupdate in non-interactive mode.
### BIND version used
```
BIND 9.16.5-Debian (Stable Release) <id:c00b458>
running on Linux x86_64 4.19.0-5-amd64 #1 SMP Debian 4.19.37-5+deb10u1 (2019-07-19)
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/usr/include' '--mandir=/usr/share/man' '--infodir=/usr/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-silent-rules' '--libdir=/usr/lib/x86_64-linux-gnu' '--libexecdir=/usr/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--enable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=/usr' '--with-libidn2' '--with-libjson-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -fdebug-prefix-map=/build/bind9-9.16.5=. -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 8.3.0
compiled with OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
linked to OpenSSL version: OpenSSL 1.1.1d 10 Sep 2019
compiled with libxml2 version: 2.9.4
linked to libxml2 version: 20904
compiled with json-c version: 0.12.1
linked to json-c version: 0.12.1
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.3.2
compiled with protobuf-c version: 1.3.1
linked to protobuf-c version: 1.3.1
threads support is enabled
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
This is an example configuration change in place of what I was to apply:
```
zone example.com.
ttl 86400
update delete ,.example.com. 0 IN A
update add ,.example.com. 86400 IN A 0.0.0.0
send
```
On a server running BIND enabled with dynamic updates and local-host mode support enabled for the zone `example.com`, store the configuration from above in a file and call `nsupdate -l [file]` or `< [file] nsupdate -l`.
### What is the current *bug* behavior?
nsupdate called with the file like exampled above fails with following error:
```
check-names failed: bad owner ',.example.com'
syntax error
```
### What is the expected *correct* behavior?
Change the `A` record for `,.example.com` to `0.0.0.0`.
### Relevant configuration files
Seems to be an issue of nsupdate and not BIND, so configuration files should not matter.https://gitlab.isc.org/isc-projects/kea/-/issues/941Incorrect handling of backslashes2020-08-01T10:38:52ZFGIncorrect handling of backslashesIn debian packages for KEA 1.6.0, the provided default config file contain the following logger:
```
"loggers": [
{
"debuglevel": 0,
"name": "kea-dhcp4",
"output_options": [
{
"out...In debian packages for KEA 1.6.0, the provided default config file contain the following logger:
```
"loggers": [
{
"debuglevel": 0,
"name": "kea-dhcp4",
"output_options": [
{
"output": "stdout",
"pattern": "%-5p %mn"
}
],
"severity": "INFO"
}
],
```
The pattern probably should be `"pattern": "%-5p %m\n"` instead. Same issue in DHCPv6 conf file.
This create unreadable logs in journald (missing line break)kea1.8.0https://gitlab.isc.org/isc-projects/bind9/-/issues/2062Building BIND 9.16.4 encounters build error for mips type2020-07-31T19:31:36ZWayne La ForgeBuilding BIND 9.16.4 encounters build error for mips type<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
This may not be a bug, but I don't know where else to go to get help.
I am attempting to build BIND 9.16.4 for two target types, linux_x86-64 and linux_mips. Compilation of the source takes place on linux_x86 machine such that no cross-compiling is needed for the linux_x86-64 target, but it is needed for the linux_mips target.
For the build system type of x86_64-unknown-linux-gnu, and host system type of x86_64-unknown-linux-gnu the build is successful.
But for the build system of type i686-pc-linux-gnu and host system type of mips-wrs-linux-gnu, the build fails:
`uv-compat.h:24: error: static declaration of 'uv_handle_get_data' follows non-static declaration
/home_nbu/wcl/970762/obj/linux_mips/sde/tpp/STOW/linux_mips/LU3Plibuv/opt/LU3P/include/uv.h:448: error: previous
declaration of 'uv_handle_get_data' was here`
The libuv version I am using is 1.34.0.
In addition to the compilation error, I ran into another problem with the linking phase of the build. I edited the libuv file ev.h from as an experiment:
'UV_EXTERN void* uv_handle_get_data(const uv_handle_t* handle);`
to:
`UV_EXTERN static void* uv_handle_get_data(const uv_handle_t* handle);`
The result:
libuv.so: undefined reference to `epoll_create1'
../dns/.libs/libdns.so: undefined reference to `__sync_fetch_and_add_1'
./dns/.libs/libdns.so: undefined reference to `__sync_val_compare_and_swap_1'
Again, the build for the linux_x86-64 type was successful.
### BIND version used
9.16.4
### Steps to reproduce
Cross compile with target = mips on build machine linux_x86 using BIND 9.16.4 with libuv 1.34.0
### What is the current *bug* behavior?
Build Failure as reported in the summary.
### What is the expected *correct* behavior?
Build to be successful just as it is for linux_x86-64 target.
### Relevant configuration files
Not sure what I can provide here. Please advise and I will supply the information requested.
### Relevant logs and/or screenshots
Not sure what I can provide here. Please advise and I will supply the information requested.
### Possible fixeshttps://gitlab.isc.org/isc-projects/dhcp/-/issues/124user can not setup lease time while using DHCP with IPV6, the time is fixed a...2020-07-31T06:46:46Zlove_cyjuser can not setup lease time while using DHCP with IPV6, the time is fixed at 7200s, it does not apply to many scenarios,so the lease time can setup by user?https://gitlab.isc.org/isc-projects/bind9/-/issues/2020configure call needs to be cleaned up main: gcc:centos6:amd642020-07-31T06:26:12ZMark Andrewsconfigure call needs to be cleaned up main: gcc:centos6:amd64Job [#1019080](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1019080) failed for c91dc92410f15d1c93c70d2c596350eee7748958:
Unrecognized options:
--with-libtool, --without-make-clean, --with-python, --without-pythonJob [#1019080](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1019080) failed for c91dc92410f15d1c93c70d2c596350eee7748958:
Unrecognized options:
--with-libtool, --without-make-clean, --with-python, --without-pythonAugust 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/kea/-/issues/1324Client Class Reservation for selecting pool/subnet with Kea 1.6.2 does not work2020-07-30T18:12:12ZMike KazantsevClient Class Reservation for selecting pool/subnet with Kea 1.6.2 does not work
**Describe the bug**
Selecting pool or subnet by using "client-classes" in "reservations" section (global or not) does not work with DHCPv4 server.
Simply copying example from [latest "Pool Selection with Client Class Reservations" se...
**Describe the bug**
Selecting pool or subnet by using "client-classes" in "reservations" section (global or not) does not work with DHCPv4 server.
Simply copying example from [latest "Pool Selection with Client Class Reservations" section of the DHCPv4 Server documentation](https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#pool-selection-with-client-class-reservations) (and fixing syntax error there) does not work with stable ISC Kea 1.6.2.
Adopting similar example of class assignment for reservations from stable docs does not seem to work with current-stable Kea DHCPv4 server either.\
(tried using global reservations, only-if-required/require-client-classes, shared networks and other variants, none of which seem to change the outcome)
**To Reproduce**
Steps to reproduce the behavior:
1. Save following configuration to e.g. kea.json file:
```json
{
"Dhcp4": {
// Added for a local setup
"interfaces-config": {"interfaces": ["kea"]},
"loggers": [{
"name": "kea-dhcp4",
"severity": "DEBUG",
"debuglevel": 99,
"output_options": [{"output": "stdout"}]
}],
// Example from docs, with fixed syntax and '"interface": "kea",' line added
// https://kea.readthedocs.io/en/latest/arm/dhcp4-srv.html#pool-selection-with-client-class-reservations
"client-classes": [
{
"name": "reserved_class"
},
{
"name": "unreserved_class",
"test": "not member('reserved_class')"
}
],
"subnet4": [
{
"subnet": "192.0.2.0/24",
"interface": "kea",
"reservations": [{
"hw-address": "52:54:00:12:34:64",
"client-classes": [ "reserved_class" ]
}],
"pools": [
{
"pool": "192.0.2.10-192.0.2.20",
"client-class": "reserved_class"
},
{
"pool": "192.0.2.30-192.0.2.40",
"client-class": "unreserved_class"
}
]
}
]
}
}
```
2. Replace "52:54:00:12:34:64" MAC address in above configuration with MAC address of the DHCP client and "kea" with the name of the interface that kea should handle DHCP requests on.
3. Start Kea DHCPv4 daemon with this configuration file: `KEA_PIDFILE_DIR=/run KEA_LOCKFILE_DIR=/run/lock/kea kea-dhcp4 -c kea.json`
4. Run DHCPv4 client on the same network, e.g. udhcpc from busybox: `busybox udhcpc -fi ens3`
5. Observe logging output in terminal from both kea-dhcp4 and udhcpc, started in previous two steps.
**Expected behavior**
1. kea-dhcp4 responds with IP address from pool 192.0.2.10-192.0.2.20 to client with MAC address 52:54:00:12:34:64 (with verbatim config above).
2. kea-dhcp4 assigns "reserved_class" class to that client and logs it in debug output, same as it does with other classes.
**Actual result**
kea-dhcp4 responds with IP address from pool 192.0.2.30-192.0.2.40 and assigns "unreserved_class" to that client.
Verbose logging output has these lines:
```
2020-07-14 19:15:23.491 DEBUG [kea-dhcp4.packets/4807] DHCP4_BUFFER_RECEIVED received buffer from 0.0.0.0:68 to 255.255.255.255:67 over interface kea
2020-07-14 19:15:23.491 DEBUG [kea-dhcp4.options/4807] DHCP4_BUFFER_UNPACK parsing buffer received from 0.0.0.0 to 255.255.255.255 over interface kea
2020-07-14 19:15:23.492 DEBUG [kea-dhcp4.eval/4807] EVAL_DEBUG_MEMBER Checking membership of 'reserved_class', pushing result 'false'
2020-07-14 19:15:23.492 DEBUG [kea-dhcp4.eval/4807] EVAL_DEBUG_NOT Popping 'false' pushing 'true'
2020-07-14 19:15:23.492 INFO [kea-dhcp4.options/4807] EVAL_RESULT Expression unreserved_class evaluated to 1
...
2020-07-14 19:15:23.493 DEBUG [kea-dhcp4.packets/4807] DHCP4_PACKET_RECEIVED [hwtype=1 52:54:00:12:34:64], cid=[01:52:54:00:12:34:64], tid=0xbecc140b: DHCPDISCOVER (type 1) received from 0.0.0.0 to 255.255.255.255 on interface kea
...
2020-07-14 19:15:23.494 DEBUG [kea-dhcp4.hosts/4807] HOSTS_CFG_GET_ALL_IDENTIFIER get all hosts with reservations using identifier: hwaddr=525400123464
2020-07-14 19:15:23.494 DEBUG [kea-dhcp4.hosts/4807] HOSTS_CFG_GET_ALL_IDENTIFIER_HOST using identifier: hwaddr=525400123464, found host: hwaddr=525400123464 ipv4_subnet_id=1 hostname=(empty) ipv4_reservation=(no) siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) dhcp4_class0=reserved_class
...
2020-07-14 19:15:23.495 DEBUG [kea-dhcp4.dhcp4/4807] DHCP4_CLASS_ASSIGNED [hwtype=1 52:54:00:12:34:64], cid=[01:52:54:00:12:34:64], tid=0xbecc140b: client packet has been assigned to the following class(es): KNOWN
2020-07-14 19:15:23.495 DEBUG [kea-dhcp4.dhcp4/4807] DHCP4_CLASS_ASSIGNED [hwtype=1 52:54:00:12:34:64], cid=[01:52:54:00:12:34:64], tid=0xbecc140b: client packet has been assigned to the following class(es): ALL, VENDOR_CLASS_udhcp 1.31.1, unreserved_class, KNOWN
```
Last one in particular suggests that incorrect (unexpected) class gets assigned, and correct (expected) one does not.
**Environment:**
- Kea version: 1.6.2 compiled locally from .tar.gz release.
- OS: bult and ran on current Arch Linux
- "./configure" was used without any --enable or --with options. Full PKGBUILD script used (simple bash): http://ix.io/2rBN
- Configuration file above loads no extra hooks, as far as I know.
**Additional Information**
Full log file with debug options above from Kea when running udhcpc is attached.
As mentioned, also tried global reservations and moving them around in general to no avail.
Also tried delaying class evaluation with only-if-required and require-client-classes, couldn't get that to work either - no custom classes get evaluated/assigned there at all, despite being listed in "require-client-classes" in the "subnet4" section.
In a somewhat similar report - https://gitlab.isc.org/isc-projects/kea/-/issues/1314 - issue seemed to be Kea not prioritizing class, but note that here it explicitly picks the wrong (unexpected) class.\
Removing unreserved_class entirely makes allocation fail and denies service despite matching hw-address for reserved_class.
"kea" network interface in this testing setup uses VLAN tagging (created using `ip link add link ens3 name kea type vlan id 1`).\
hw-address match doesn't seem to mind that and matches MAC address part just fine.
Docs for stable Kea 1.6.2 (["Reserving Client Classes in DHCPv4" section](https://kea.readthedocs.io/en/kea-1.6.2/arm/dhcp4-srv.html#reserving-client-classes-in-dhcpv4)) only have example for using such reserved-host classes for adding options, and suggest using delayed class rules evaluation with "only-if-required" and "require-client-classes" for selecting pool/subnet, but as mentioned, it doesn't seem to work either.
I'm not entirely sure if selecting pools/subnets from reservations is supposed to work at all, so maybe just a clear "not supported in 1.6.x" response would do here (and maybe should be more prominent in the docs as well, if that's the case).
It's not a production setup of any kind, just trying out Kea in a couple VMs, and can definitely try anything on it, if issue seem to be with this setup specifically - let me know.\
Do plan to try Kea 1.7.x, see if maybe there's no such issue there, though if I understand Kea versioning correctly, it's more of a beta branch, not really intended for production use, so 1.6.x should probably have fixes from there too.
Thanks!
[kea.log](/uploads/0e8836a1dbe64a9ece9fe5a2f2cfcaee/kea.log)https://gitlab.isc.org/isc-projects/kea/-/issues/1280Kea D2 -DDNS fails in updating the Power DNS records.2020-07-30T15:41:29ZvarsrajaKea D2 -DDNS fails in updating the Power DNS records.Hi All,
Iam using Kea 1.6.2 and PowerDNS 4.0.8
Initial condition: For a device there is already a DNS entry in the DNS made by DHCP (this is successful).
Now when a new IP is assigned to same device Iam seeing this error .
DHCP ha...Hi All,
Iam using Kea 1.6.2 and PowerDNS 4.0.8
Initial condition: For a device there is already a DNS entry in the DNS made by DHCP (this is successful).
Now when a new IP is assigned to same device Iam seeing this error .
DHCP has given a new IP for the device but the DNS entry is not updated.
The DHCID is autogenerated by the Kea DHCP server.
I see the following error code in Kea D2 DDNS update request
2020-06-18T17:54:03.481895214Z 2020-06-18 17:54:03.481 ERROR [kea-dhcp-ddns.d2-to-dns/64] DHCP_DDNS_FORWARD_REPLACE_REJECTED DNS Request ID 000001B13A3A0E8D7BA3C3844FEBD743E5262E8B35B9CBD37FB12A405586E8FA6F89EF: Server, 20.4.0.20 port:53, rejected a DNS update request to replace the address mapping for FQDN, hang-q6v8-fvcs.abc.net., with an RCODE: 8
And the corresponding DNS logs
Jun 18 17:53:54 UPDATE (42311) from 20.4.0.50 for abc.net: Failed PreRequisites check, returning 6
Jun 18 17:53:54 UPDATE (28718) from 20.4.0.50 for abc.net: Failed PreRequisites check, returning NXRRSet
Can you please tell why this is happening and what I have to do to fix this issue.https://gitlab.isc.org/isc-projects/bind9/-/issues/2050Add libuv version to "named -V" output2020-07-30T12:47:13ZMichal NowakAdd libuv version to "named -V" outputAdd libuv version to "named -V" output, e.g.:
```
compiled with libuv version: 1.38.0
linked to libuv version: 1.38.0
```Add libuv version to "named -V" output, e.g.:
```
compiled with libuv version: 1.38.0
linked to libuv version: 1.38.0
```August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)https://gitlab.isc.org/isc-projects/bind9/-/issues/1727Drop use of "$FEATURETEST --have-dlopen"2020-07-30T12:38:06ZMichał KępieńDrop use of "$FEATURETEST --have-dlopen"The following discussion from !985 should be addressed:
- [ ] @michal started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/985#note_121125):
> `dlopen()` support seems to be a hard build-time requireme...The following discussion from !985 should be addressed:
- [ ] @michal started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/985#note_121125):
> `dlopen()` support seems to be a hard build-time requirement now, so I
> would drop all uses of `$FEATURETEST --have-dlopen` (a follow-up MR is
> fine).August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/116keama compilation on Fedora 32 fails2020-07-30T12:32:00ZMichal Nowikowskikeama compilation on Fedora 32 fails```
gcc -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/vagrant/bind/include -o keama keama.o data.o conflex.o json.o confparse.o parse.o options.o reduce.o print.o eval.o
/usr/bin/ld: conflex.o:/vagrant/keama/keama.h:...```
gcc -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/vagrant/bind/include -o keama keama.o data.o conflex.o json.o confparse.o parse.o options.o reduce.o print.o eval.o
/usr/bin/ld: conflex.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: conflex.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: json.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: json.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: confparse.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: confparse.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: parse.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: parse.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: options.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: options.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: reduce.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: reduce.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: print.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: print.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
/usr/bin/ld: eval.o:/vagrant/keama/keama.h:61: multiple definition of `parses'; keama.o:/vagrant/keama/keama.h:61: first defined here
/usr/bin/ld: eval.o:/vagrant/keama/keama.h:38: multiple definition of `resolve'; keama.o:/vagrant/keama/keama.h:38: first defined here
collect2: error: ld returned 1 exit status
```Francis DupontFrancis Dupont