ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-05-17T11:22:24Zhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/147Keama doesn't build on Free BSD 12.12023-05-17T11:22:24ZPeter DaviesKeama doesn't build on Free BSD 12.1Keama doesn't build on Free BSD 12.1
./configure
make
...
cd keama
make
cc -DHAVE_CONFIG_H -I. -I../includes -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/tmp/dhcp-4.4.2/bind/include -MT keama.o -MD -MP -MF .deps/k...Keama doesn't build on Free BSD 12.1
./configure
make
...
cd keama
make
cc -DHAVE_CONFIG_H -I. -I../includes -g -O2 -Wall -Werror -fno-strict-aliasing -I../includes -I/tmp/dhcp-4.4.2/bind/include -MT keama.o -MD -MP -MF .deps/keama.Tpo -c -o keama.o keama.c
keama.c:75:19: error: use of undeclared identifier 'AF_INET'
local_family = AF_INET;
^
keama.c:77:19: error: use of undeclared identifier 'AF_INET6'
local_family = AF_INET6;
^
See [RT #17269](https://support.isc.org/Ticket/Display.html?id=17269)4.5.0-betahttps://gitlab.isc.org/isc-projects/kea/-/issues/1530bump lib versions for 1.8.12020-11-27T06:38:00ZRazvan Becheriubump lib versions for 1.8.1bump lib versions for 1.8.1bump lib versions for 1.8.1kea1.8.1Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/146Add support for raw IP interface type2020-12-03T10:15:34ZFrancis DupontAdd support for raw IP interface typeSee !66 (issue created to host it).See !66 (issue created to host it).4.5.0-betaFrancis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2249Stop falling back to plain DNS on FORMERR+OPT2023-05-08T12:37:02ZMark AndrewsStop falling back to plain DNS on FORMERR+OPTThe number of servers on the Internet that have this mis-behaviour have fallen to negligible levels. FORMERR+OPT should now be treated as not meaning EDNS is not supported. Any remaining servers with this behaviour can be handled by ser...The number of servers on the Internet that have this mis-behaviour have fallen to negligible levels. FORMERR+OPT should now be treated as not meaning EDNS is not supported. Any remaining servers with this behaviour can be handled by server clauses.August 2021 (9.11.35, 9.11.35-S1, 9.16.20, 9.16.20-S1, 9.17.17)https://gitlab.isc.org/isc-projects/kea/-/issues/1529qualifying-suffix always being added.2021-08-05T17:22:50ZJoshua Prikoqualifying-suffix always being added.
**Describe the bug**
qualifying-suffix is always being added regardless if the DHCP request has a FQDN supplied or not for DDNS updates
```
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: Forward Change: yes
Nov 5 17:55:36 uschi1...
**Describe the bug**
qualifying-suffix is always being added regardless if the DHCP request has a FQDN supplied or not for DDNS updates
```
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: Forward Change: yes
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns: Forward Change: yes
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: Reverse Change: no
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: FQDN: [uschijosh99.group.on.group.on.]
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns: Reverse Change: no
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns: FQDN: [uschijosh99.group.on.group.on.]
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: IP Address: [10.63.8.247]
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns: IP Address: [10.63.8.247]
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: DHCID: [000101803779DDD1C0AEF430F3B4F24D73A3BF4F6B532F0F3E04D3113B1D6EFB7AA1D6]
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns: DHCID: [000101803779DDD1C0AEF430F3B4F24D73A3BF4F6B532F0F3E04D3113B1D6EFB7AA1D6]
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: Lease Expires On: 20201106015536
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns: Lease Expires On: 20201106015536
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns: Lease Length: 28800
Nov 5 17:55:36 uschi1vpldns01 kea-dhcp-ddns[21520]: Lease Length: 28800
```
**To Reproduce**
Steps to reproduce the behavior:
1.) Server sends DHCP request with FQDN provided.
**Expected behavior**
qualifying-suffix should not always be added if it's already part of the FQDN
**Environment:**
- Kea version: 1.6.3
- OS: CentOS 7
**Additional Information**
I am hopeful this is just a config issue on my side, or a miss-understanding of the docs, or even a miss-understanding how this is supposed to work.
```
"dhcp-ddns": {
"hostname-char-set": "[^A-Za-z0-9.-]",
"override-client-update": true,
"override-no-update": true,
"replace-client-name": "when-not-present",
"generated-prefix": "host",
"hostname-char-replacement": "x",
"enable-updates": true,
"qualifying-suffix": "group.on"
},
```kea1.9.11Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/1528hammer: add support for building kea on Ubuntu 20.102021-01-20T10:30:47ZMichal Nowikowskihammer: add support for building kea on Ubuntu 20.10kea1.9.4Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/1527hammer: add support for building kea on Fedora 332021-05-04T10:55:34ZMichal Nowikowskihammer: add support for building kea on Fedora 33kea1.9.4Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/1526bump up kea version to 1.8.12020-11-27T06:38:00ZMichal Nowikowskibump up kea version to 1.8.1https://gitlab.isc.org/isc-projects/kea/-/issues/1525Fix ChangeLog lint issues in premium ChangeLog in v1_8_02022-11-02T15:10:17ZThomas MarkwalderFix ChangeLog lint issues in premium ChangeLog in v1_8_0As of 1.9.0, pipeline now uses ChangeLog lint which complains about lines > 73 characters in length.
Premium's ChangeLog contains several lines that are too long but pipeline does not seem to complain about them. In a nutshell, we appe...As of 1.9.0, pipeline now uses ChangeLog lint which complains about lines > 73 characters in length.
Premium's ChangeLog contains several lines that are too long but pipeline does not seem to complain about them. In a nutshell, we appear to treat Kea ChangeLog differently than Premium's ChangeLog.backloghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2248Update serve-stale configuration defaults2021-02-03T08:25:09ZMatthijs Mekkingmatthijs@isc.orgUpdate serve-stale configuration defaultsUpdate the defaults to the RFC 8767 recommended values (`stale-answer-ttl 30`, `max-stale-ttl 1d`, `stale-refresh-time 30s` or higher).Update the defaults to the RFC 8767 recommended values (`stale-answer-ttl 30`, `max-stale-ttl 1d`, `stale-refresh-time 30s` or higher).February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2247Add serve-stale option to set client timeout2021-01-29T09:51:55ZMatthijs Mekkingmatthijs@isc.orgAdd serve-stale option to set client timeoutImplement `stale-answer-client-timeout`, which is the maximum amount of time a recursive resolver should allow between the receipt of a resolution request and sending its response (only to be used if `stale-answer-enable` is set).Implement `stale-answer-client-timeout`, which is the maximum amount of time a recursive resolver should allow between the receipt of a resolution request and sending its response (only to be used if `stale-answer-enable` is set).February 2021 (9.11.28, 9.11.28-S1, 9.16.12, 9.16.12-S1, 9.17.10)Diego dos Santos FronzaDiego dos Santos Fronzahttps://gitlab.isc.org/isc-projects/dhcp/-/issues/145DHCPD 4.4.2 5 bad IP checksums seen in 5 packets2020-12-03T15:25:55ZAndrea PostiglioneDHCPD 4.4.2 5 bad IP checksums seen in 5 packetsthis is the syslog dhcpd
```
Nov 4 20:05:32 thunderdome dhcpd[11327]: DHCPDISCOVER from 08:00:27:8a:48:da via br0
Nov 4 20:05:33 thunderdome dhcpd[11327]: DHCPOFFER on 192.168.178.149 to 08:00:27:8a:48:da via br0
Nov 4 20:05:46 thunderd...this is the syslog dhcpd
```
Nov 4 20:05:32 thunderdome dhcpd[11327]: DHCPDISCOVER from 08:00:27:8a:48:da via br0
Nov 4 20:05:33 thunderdome dhcpd[11327]: DHCPOFFER on 192.168.178.149 to 08:00:27:8a:48:da via br0
Nov 4 20:05:46 thunderdome dhcpd[11327]: DHCPDISCOVER from 08:00:27:8a:48:da via br0
Nov 4 20:05:47 thunderdome dhcpd[11327]: DHCPOFFER on 192.168.178.150 to 08:00:27:8a:48:da via br0
Nov 4 20:07:19 thunderdome dhcpd[11327]: DHCPDISCOVER from 08:00:27:8a:48:da via br0
Nov 4 20:07:20 thunderdome dhcpd[11327]: DHCPOFFER on 192.168.178.151 to 08:00:27:8a:48:da via br0
```
```
customsrescuecd ~ # dhclient -v eth0
Internet Systems Consortium DHCP Client 4.4.2 Gentoo-r2
Copyright 2004-2020 Internet Systems Consortium.
All rights reserved.
For info, please visit https://www.isc.org/software/dhcp/
Listening on LPF/eth0/08:00:27:8a:48:da
Sending on LPF/eth0/08:00:27:8a:48:da
Sending on Socket/fallback
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 3
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 8
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 12
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 16
5 bad IP checksums seen in 5 packets
DHCPDISCOVER on eth0 to 255.255.255.255 port 67 interval 10
No DHCPOFFERS received.
No working leases in persistent database - sleeping.
```
it seems that the udp packets generated by the server despite being a physical machine have the wrong checksum!
can someone help me?https://gitlab.isc.org/isc-projects/bind9/-/issues/2246Backport netmgr-related merge requests2021-08-12T09:36:56ZMichał KępieńBackport netmgr-related merge requestsThis issue contains a list of netmgr-related merge requests which should
be eventually backported to `v9_16`, but may need to wait in a queue for
a while before that happens.
**Merge requests that *must* be backported:**
- [x] ~~!378...This issue contains a list of netmgr-related merge requests which should
be eventually backported to `v9_16`, but may need to wait in a queue for
a while before that happens.
**Merge requests that *must* be backported:**
- [x] ~~!3781 Fix socket closing races.~~
- [x] !4318 (included in !4455) Resolve "Add netmgr functions to support outgoing DNS queries"
- [x] !4341 (included in !4455) Fix improper closed connection handling in tcpdns.
- [x] !4386 (included in !4455) Turn all the callback to be always asynchronous
- [x] **!4444 Refactor netmgr and add more unit tests**
- [x] !4452 (included in !4455) Avoid netievent allocations when the callbacks can be called directly
- [x] !4458 (included in !4455) Make netmgr initialize and cleanup Winsock itself
- [x] !4459 (included in !4455) Distribute queries among threads even on platforms without SO_REUSEPORT_LB
- [x] !4465 (included in !4455) Don't use stack allocated buffer for uv_write()
- [x] !4468 (included in !4455) Fix datarace when UDP/TCP connect fails and we are in nmthread
- [x] !4469 (included in !4455) Use sock->nchildren instead of mgr->nworkers when initializing NM
- [x] !4472 (included in !4455) Fix s/HAVE_REUSEPORT_LB/HAVE_SO_REUSEPORT_LB/ typo in #define
**Merge requests that *may* be backported:**
- [ ] !4115 Resolve "convert dig and friends to use the netmgr"
- [ ] !4246 use netmgr for xfrin
- [ ] !4374 address some possible shutdown races in xfrin
- [ ] !4397 Resolve ""dig" crashes when interrupted while waiting for a TCP connection"
- [ ] !4466 Configure the system-wide TCP connection timeout on OpenBSD
- [ ] !4633 Resolve "Incorrect size passed to isc_mem_put"
- [x] !4628 Improve reliability of the netmgr unit tests
- [x] !4845 netmgr: Make it possible to recover from ISC_R_TIMEDOUT (backported without the relevant changes to `dig`, `rndc`, or xfrin)
- [ ] !4898 Prevent the double xfrin_fail() call
- [x] !4930 ensure read timeouts are recoverable
- [ ] !4796 Add workaround for "nslookup segfaults for SERVFAIL"
- [x] !4918 Refactor taskmgr to run on top of netmgr
- [x] !4983 Destroy netmgr before destroying taskmgr
- [x] !4981 Add nanosleep and usleep Windows shims
- [ ] !4982 Add support for generating backtraces on Windows
- [x] !5009 Bump the netmgr quantum to 1024
- [x] !5013 initalise sock->cond
- [x] !5021 Fix the outgoing UDP socket selection on Windows
[^1]: likely made redundant by !4444September 2021 (9.16.21, 9.16.21-S1, 9.17.18)https://gitlab.isc.org/isc-projects/stork/-/issues/442deploy_demo job fails on copying agent-kea-many-subnets2020-11-04T14:47:07ZMarcin Siodelskideploy_demo job fails on copying agent-kea-many-subnetsThe deploy_demo CI job fails. See: https://gitlab.isc.org/isc-projects/stork/-/jobs/1272627The deploy_demo CI job fails. See: https://gitlab.isc.org/isc-projects/stork/-/jobs/12726270.13Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/441Sanity checks for 0.13.0 release2022-02-02T09:51:30ZMarcin SiodelskiSanity checks for 0.13.0 releasePlease do your sanity checks according to the steps below:
1. Download the tarball, verify it is sane, build it and run tests.<br>
Tarball: https://gitlab.isc.org/isc-projects/stork/-/jobs/1272748/artifacts/browse
2. Start the d...Please do your sanity checks according to the steps below:
1. Download the tarball, verify it is sane, build it and run tests.<br>
Tarball: https://gitlab.isc.org/isc-projects/stork/-/jobs/1272748/artifacts/browse
2. Start the demo with `rake docker_up` and follow the steps from: https://gitlab.isc.org/isc-projects/stork/-/wikis/Demo
3. Install server and agent locally e.g. on VMs from the binary packages:<br>
debs: https://gitlab.isc.org/isc-projects/stork/-/jobs/1272749/artifacts/browse <br>
rpms: https://gitlab.isc.org/isc-projects/stork/-/jobs/1272750/artifacts/browse0.13https://gitlab.isc.org/isc-projects/kea/-/issues/1524KEA 1.8 API config-write command not enough permissions on /etc/kea/kea-dhcp4...2021-01-26T20:29:58ZNiekKEA 1.8 API config-write command not enough permissions on /etc/kea/kea-dhcp4.conf, same permissions as in KEA 1.4---
name: Bug report
about: KEA 1.8 API config-write command not enough permissions on /etc/kea/kea-dhcp4.conf
---
If you believe your bug report is a security issue (e.g. a packet that can kill the server), DO NOT REPORT IT HERE. Plea...---
name: Bug report
about: KEA 1.8 API config-write command not enough permissions on /etc/kea/kea-dhcp4.conf
---
If you believe your bug report is a security issue (e.g. a packet that can kill the server), DO NOT REPORT IT HERE. Please use https://www.isc.org/community/report-bug/ instead or send mail to security-office(at)isc(dot)org.
**Describe the bug**
We currently run KEA 1.4 on Ubuntu 16.04 containers within our production environment. The KEA API is used with the write-config command to push an updated config to the KEA container. In version 1.4 this works perfect.
At the moment we are rebuilding our environment on new servers. KEA is still deployed in containers with LXC, except we upgraded to Ubuntu 20.04 and KEA 1.8. KEA is installed via the Cloudsmith repositories. The kea-ctrl agent is deployed and working correctly, except for the config-write command. When this command is executed in our new environment, we receive the following message:
result text
------ ----
1 Error during write-config:Unable to open file /etc/kea/kea-dhcp4.conf for writing
This problem is solved by editing the permissions on the file so that the _public_ has _write__ permissions on the file. In the old environment we didn't had to change the file permissions to make this work.
**To Reproduce**
Steps to reproduce the behavior:
1. Make sure the kea-ctrl-agent is working correctly.
2. The default file permissions on kea-dhcp4.conf in the /etc/kea/ folder is unchanged: so -rw-r--r-- (chmod 644).
3. Execute an API call with the config-write command and argument /etc/kea/kea-dhcp4.conf.
4. The following error is thrown: Error during write-config:Unable to open file /etc/kea/kea-dhcp4.conf for writing.
5. Change the file permissions on /etc/kea/kea-dhcp4.conf to: -rw-r--rw- (chmod 646).
6. Execute an API call with the config-write command and argument /etc/kea/kea-dhcp4.conf.
7. API call is successfull.
**Expected behavior**
KEA 1.4 on Ubuntu 16.04 with the same file permissions executes the config-write API call successfull with the default file permissions (-rw-r--r-- chmod 644)
The expected behavior in KEA 1.8 on Ubuntu 20.04 was the same. But we had to change the file permissions.
**Environment:**
- Kea version: 1.8
- OS: Ubuntu 20.04 host, KEA is running in LXC Ubuntu 20.04 containers.
- HA Hooks are loaded.
**Additional Information**
The actual questions is: Do we need to change the file permissions to execute some of the API calls, where this wasn't necessary on KEA 1.4. And if this is necessary, is this documented somewhere?
**Contacting you**
Contact us be reacting to this post please.kea1.9.4Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1523Release notes: add notes for required config changes on update2020-12-11T18:12:44ZChrisRelease notes: add notes for required config changes on update**Describe the bug**
When updating from 1.6 to 1.8, the logger configuration needs to be moved/updated. Without the configuration change Kea won't start leading to potentially unclear debugging, since only a syntax error is reported.
**...**Describe the bug**
When updating from 1.6 to 1.8, the logger configuration needs to be moved/updated. Without the configuration change Kea won't start leading to potentially unclear debugging, since only a syntax error is reported.
**To Reproduce**
Steps to reproduce the behavior:
1. Run Kea 1.6 dhcpv4 with logging configuration
2. Update to 1.8
3. See error
**Expected behavior**
A note in release notes informing of the required config change, detection of deprecated configuration and error message pointing it out.kea1.9.3Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/stork/-/issues/440add webui unittests for changes from !2372022-03-01T14:19:02ZMichal Nowikowskiadd webui unittests for changes from !237backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/439tests for kea statistics from #413 should be enabled2021-05-31T15:29:31ZMichal Nowikowskitests for kea statistics from #413 should be enabledCurrently there is a problem with GitLab CI and VM with LXD that runs only in IPv6. These tests and especially Kea needs IPv4.
Problem is probably connected with configuration of VM. It needs to be fixed, recreated and uploaded do regis...Currently there is a problem with GitLab CI and VM with LXD that runs only in IPv6. These tests and especially Kea needs IPv4.
Problem is probably connected with configuration of VM. It needs to be fixed, recreated and uploaded do registry.0.18Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1522update reference to rfc2845bis2020-12-04T11:51:25ZFrancis Dupontupdate reference to rfc2845bisThe reference is a bit obsolete: I propose to update it by the RFC 8945The reference is a bit obsolete: I propose to update it by the RFC 8945kea1.9.3Francis DupontFrancis Dupont