ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2021-05-28T10:27:35Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2721interfacemgr shutdown race2021-05-28T10:27:35ZMark Andrewsinterfacemgr shutdown raceJob [#1748465](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1748465) failed for 80ca95a95c72012d2fbaaed102844f6921d9e192:
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1 (mutexes: write M1):...Job [#1748465](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1748465) failed for 80ca95a95c72012d2fbaaed102844f6921d9e192:
```
WARNING: ThreadSanitizer: data race
Write of size 8 at 0x000000000001 by thread T1 (mutexes: write M1):
#0 memset <null>
#1 memset /usr/include/x86_64-linux-gnu/bits/string_fortified.h:71:10
#2 mem_put lib/isc/mem.c:361:3
#3 isc__mem_free lib/isc/mem.c:1012:2
#4 isc__mem_put lib/isc/mem.c:777:3
#5 ns_interface_destroy lib/ns/interfacemgr.c:713:2
#6 ns_interface_detach lib/ns/interfacemgr.c:730:3
#7 purge_old_interfaces lib/ns/interfacemgr.c:770:4
#8 ns_interfacemgr_shutdown lib/ns/interfacemgr.c:401:2
#9 shutdown_server bin/named/server.c:10086:2
#10 task_run lib/isc/task.c:816:5
#11 isc_task_run lib/isc/task.c:896:10
#12 isc__nm_async_task lib/isc/netmgr/netmgr.c:863:11
#13 process_netievent lib/isc/netmgr/netmgr.c:942:3
#14 process_queue lib/isc/netmgr/netmgr.c:1032:16
#15 process_all_queues lib/isc/netmgr/netmgr.c:783:25
#16 async_cb lib/isc/netmgr/netmgr.c:812:6
#17 <null> <null>
#18 isc__trampoline_run lib/isc/trampoline.c:184:11
Previous read of size 8 at 0x000000000001 by thread T2:
#0 memmove <null>
#1 isc___nmhandle_get lib/isc/netmgr/netmgr.c
#2 isc__nm_get_read_req lib/isc/netmgr/netmgr.c:2130:18
#3 isc__nm_tcpdns_processbuffer lib/isc/netmgr/tcpdns.c:787:8
#4 processbuffer lib/isc/netmgr/netmgr.c:2257:11
#5 isc__nm_process_sock_buffer lib/isc/netmgr/netmgr.c:2282:25
#6 isc__nm_resume_processing lib/isc/netmgr/netmgr.c:2338:2
#7 nmhandle_detach_cb lib/isc/netmgr/netmgr.c:1864:4
#8 isc__nmhandle_detach lib/isc/netmgr/netmgr.c:1804:3
#9 isc___nm_uvreq_put lib/isc/netmgr/netmgr.c:2462:3
#10 isc__nm_async_sendcb lib/isc/netmgr/netmgr.c:2748:2
#11 process_netievent lib/isc/netmgr/netmgr.c:994:3
#12 process_queue lib/isc/netmgr/netmgr.c:1032:16
#13 process_all_queues lib/isc/netmgr/netmgr.c:783:25
#14 async_cb lib/isc/netmgr/netmgr.c:812:6
#15 <null> <null>
#16 isc__trampoline_run lib/isc/trampoline.c:184:11
Location is heap block of size 1392 at 0x000000000032 allocated by thread T1:
#0 malloc <null>
#1 default_memalloc lib/isc/mem.c:411:8
#2 mem_get lib/isc/mem.c:343:8
#3 mem_allocateunlocked lib/isc/mem.c:918:7
#4 isc__mem_allocate lib/isc/mem.c:935:7
#5 isc__mem_get lib/isc/mem.c:740:11
#6 ns_interface_create lib/ns/interfacemgr.c:412:8
#7 ns_interface_setup lib/ns/interfacemgr.c:599:11
#8 do_scan lib/ns/interfacemgr.c:1199:14
#9 ns_interfacemgr_scan0 lib/ns/interfacemgr.c:1258:11
#10 ns_interfacemgr_scan lib/ns/interfacemgr.c:1306:11
#11 load_configuration bin/named/server.c:9110:11
#12 run_server bin/named/server.c:10054:2
#13 task_run lib/isc/task.c:816:5
#14 isc_task_run lib/isc/task.c:896:10
#15 isc__nm_async_task lib/isc/netmgr/netmgr.c:863:11
#16 process_netievent lib/isc/netmgr/netmgr.c:942:3
#17 process_queue lib/isc/netmgr/netmgr.c:1032:16
#18 process_all_queues lib/isc/netmgr/netmgr.c:783:25
#19 async_cb lib/isc/netmgr/netmgr.c:812:6
#20 <null> <null>
#21 isc__trampoline_run lib/isc/trampoline.c:184:11
Mutex M1 is already destroyed.
Thread T1 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:79:8
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:347:3
#3 isc_managers_create lib/isc/managers.c:39:2
#4 create_managers bin/named/main.c:941:11
#5 setup bin/named/main.c:1216:11
#6 main bin/named/main.c:1507:2
Thread T2 (running) created by main thread at:
#0 pthread_create <null>
#1 isc_thread_create lib/isc/pthreads/thread.c:79:8
#2 isc__netmgr_create lib/isc/netmgr/netmgr.c:347:3
#3 isc_managers_create lib/isc/managers.c:39:2
#4 create_managers bin/named/main.c:941:11
#5 setup bin/named/main.c:1216:11
#6 main bin/named/main.c:1507:2
SUMMARY: ThreadSanitizer: data race in memset
```June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2722bad sizeof declaration in main2021-05-26T08:10:47ZMark Andrewsbad sizeof declaration in main```
** CID 331858: Incorrect expression (SIZEOF_MISMATCH)
/lib/ns/interfacemgr.c: 274 in ns_interfacemgr_create()
________________________________________________________________________________________________________
*** CID 331858...```
** CID 331858: Incorrect expression (SIZEOF_MISMATCH)
/lib/ns/interfacemgr.c: 274 in ns_interfacemgr_create()
________________________________________________________________________________________________________
*** CID 331858: Incorrect expression (SIZEOF_MISMATCH)
/lib/ns/interfacemgr.c: 274 in ns_interfacemgr_create()
268 #else /* ifdef USE_ROUTE_SOCKET */
269 isc_refcount_init(&mgr->references, 1);
270 #endif /* ifdef USE_ROUTE_SOCKET */
271 mgr->magic = IFMGR_MAGIC;
272 *mgrp = mgr;
273
CID 331858: Incorrect expression (SIZEOF_MISMATCH)
Passing argument "mgr->ncpus * 184UL /* sizeof (*mgr->clientmgrs[0]) */" to function "isc__mem_get" and then casting the return value to "ns_clientmgr_t **" is suspicious.
274 mgr->clientmgrs = isc_mem_get(mgr->mctx,
275 mgr->ncpus * sizeof(*mgr->clientmgrs[0]));
276 for (size_t i = 0; i < (size_t)mgr->ncpus; i++) {
277 result = ns_clientmgr_create(mgr->sctx, mgr->taskmgr,
278 mgr->timermgr, mgr->aclenv, (int)i,
279 &mgr->clientmgrs[i]);
________________________________________________________________________________________________________
```June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)https://gitlab.isc.org/isc-projects/bind9/-/issues/2723TLS key logging2021-12-22T20:08:49ZPetr Špačekpspacek@isc.orgTLS key logging### Description
Use-case: DoT/DoH debugging
Debugging encrypted transports is very hard because we do not see in the traffic, so plain PCAPs are useless.
### Request
Introduce a new logging channel for TLS keys, which would produce st...### Description
Use-case: DoT/DoH debugging
Debugging encrypted transports is very hard because we do not see in the traffic, so plain PCAPs are useless.
### Request
Introduce a new logging channel for TLS keys, which would produce stream of TLS pre-master secrets which can be used with Wireshark to decrypt TLS traffic. (Volume of the logged data can be significant so it's important to have some size limits on the file size - that's why I'm proposing to reuse logging machinery we have already.)
Open question is if it should somehow take into account `SSLKEYLOGFILE` environment variable as it is customary in [GnuTLS](https://gnutls.org/manual/html_node/Debugging-and-auditing.html) and [NSS](https://developer.mozilla.org/en-US/docs/Mozilla/Projects/NSS/Key_Log_Format). The reason is that environment variable will be easier to use when debugging something in an automated test systems (as opposed to modifying named.conf). Maybe `SSLKEYLOGFILE` environment variable could, if present, just generate in-memory logging config snippet?
### Links / references
- https://wiki.wireshark.org/TLS#Using_the_.28Pre.29-Master-Secret
- https://www.openssl.org/docs/man1.1.0/man3/SSL_SESSION_print_keylog.htmlJanuary 2022 (9.16.25, 9.16.25-S1, 9.17.22)https://gitlab.isc.org/isc-projects/bind9/-/issues/2724statschannel system test sometimes hangs2021-06-02T22:39:47ZMichal Nowakstatschannel system test sometimes hangsThe `statschannel` sometimes hungs and the system test CI job is terminated by CI's 1 hour timeout, see a job on [`main`](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1749344/raw) (Debian Buster)
```
S:statschannel:2021-05-26T04:40:0...The `statschannel` sometimes hungs and the system test CI job is terminated by CI's 1 hour timeout, see a job on [`main`](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1749344/raw) (Debian Buster)
```
S:statschannel:2021-05-26T04:40:00+0000
T:statschannel:1:A
A:statschannel:System test statschannel
I:statschannel:PORTS:24535,24536,24537,24538,24539,24540,24541,24542,24543,24544,24545,24546,24547
I:statschannel:starting servers
I:statschannel:checking consistency between named.stats and xml/json (1)
I:statschannel:checking malloced memory statistics xml/json (2)
I:statschannel:checking consistency between regular and compressed output (3)
I:statschannel:checking if compressed output is really compressed (4)
I:statschannel:fetching zone stats data after zone maintenance at startup (5)
I:statschannel:... using xml
I:statschannel:... using json
I:statschannel:fetching zone stats data after dynamic update (6)
I:statschannel:... using xml
I:statschannel:... using json
I:statschannel:fetch zone stats data after updating DNSKEY RRset (7)
I:statschannel:... using xml
I:statschannel:... using json
I:statschannel:exit status: 0
I:statschannel:stopping servers
I:statschannel:starting servers
D:statschannel:============================= test session starts ==============================
D:statschannel:platform linux -- Python 3.7.3, pytest-3.10.1, py-1.7.0, pluggy-0.8.0 -- /usr/bin/python3
D:statschannel:rootdir: /builds/isc-projects/bind9/bin/tests/system/statschannel, inifile:
D:statschannel:collecting ... collected 4 items
D:statschannel:
D:statschannel:tests-xml.py::test_zone_timers_primary_xml PASSED [ 25%]
D:statschannel:tests-xml.py::test_zone_timers_secondary_xml PASSED [ 50%]
D:statschannel:tests-xml.py::test_zone_with_many_keys_xml PASSED [ 75%]
D:statschannel:tests-xml.py::test_traffic_xml PASSED [100%]
D:statschannel:
D:statschannel:=========================== 4 passed in 0.08 seconds ===========================
I:statschannel:stopping servers
I:statschannel:starting servers
D:statschannel:============================= test session starts ==============================
D:statschannel:platform linux -- Python 3.7.3, pytest-3.10.1, py-1.7.0, pluggy-0.8.0 -- /usr/bin/python3
D:statschannel:rootdir: /builds/isc-projects/bind9/bin/tests/system/statschannel, inifile:
D:statschannel:collecting ... collected 4 items
D:statschannel:
D:statschannel:tests-json.py::test_zone_timers_primary_json PASSED [ 25%]
D:statschannel:tests-json.py::test_zone_timers_secondary_json PASSED [ 50%]
```
and [`v9_16`](https://gitlab.isc.org/isc-projects/bind9/-/jobs/1749328/raw) (openSUSE Tumbleweed):
```
S:statschannel:2021-05-26T04:37:15+0000
T:statschannel:1:A
A:statschannel:System test statschannel
I:statschannel:PORTRANGE:12700 - 12799
I:statschannel:starting servers
I:statschannel:checking consistency between named.stats and xml/json (1)
I:statschannel:checking malloced memory statistics xml/json (2)
I:statschannel:checking consistency between regular and compressed output (3)
I:statschannel:checking if compressed output is really compressed (4)
I:statschannel:fetching zone stats data after zone maintenance at startup (5)
I:statschannel:... using xml
I:statschannel:... using json
I:statschannel:fetching zone stats data after dynamic update (6)
I:statschannel:... using xml
I:statschannel:... using json
I:statschannel:fetch zone stats data after updating DNSKEY RRset (7)
I:statschannel:... using xml
I:statschannel:... using json
I:statschannel:exit status: 0
I:statschannel:stopping servers
I:statschannel:starting servers
D:statschannel:============================= test session starts ==============================
D:statschannel:platform linux -- Python 3.8.10, pytest-6.2.4, py-1.10.0, pluggy-0.13.1 -- /usr/bin/python3.8
D:statschannel:rootdir: /builds/isc-projects/bind9/bin/tests/system/statschannel
D:statschannel:collecting ... collected 4 items
D:statschannel:
D:statschannel:tests-xml.py::test_zone_timers_primary_xml PASSED [ 25%]
D:statschannel:tests-xml.py::test_zone_timers_secondary_xml PASSED [ 50%]
```
I started noticing this hang this or the week before.
Looking at the system test itself, there were no significant changes for some time.
Unfortunately, with timeout termination there are no job artifacts.June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)https://gitlab.isc.org/isc-projects/bind9/-/issues/2726inline signed zone journal goes out of sync if zone is modified when restarti...2021-05-27T22:30:22ZMichel Lespinasseinline signed zone journal goes out of sync if zone is modified when restarting bind9### Summary
When restarting bind9, it seems to be easy for inline signed zones to go out of sync with their journal. Note, the issue does not happen when reloading bind9.
### BIND version used
Debian buster-backports package version 1...### Summary
When restarting bind9, it seems to be easy for inline signed zones to go out of sync with their journal. Note, the issue does not happen when reloading bind9.
### BIND version used
Debian buster-backports package version 1:9.16.15-1~bpo10+1
### Steps to reproduce
- configure some inline signed zone. Mine are master zones with a dnssec-policy applied.
- start bind (using /etc/init.d/named start)
- edit the zone file
- restart bind (using /etc/init.d/named restart)
- the modified zone fails to load:
~~~
zone test.lespinasse.org/IN/public (unsigned): journal rollforward failed: journal out of sync with zone
zone test.lespinasse.org/IN/public (unsigned): not loaded due to errors.
~~~
Note, everything works fine if one reloads bind (using etc/init.d/named reload, or just rndc reload). Also, the server restats without issue if one edits the zone file, reloads bind to sync up the journal, and then issues the restart.
### What is the current *bug* behavior?
any edited zone fails to load when the server is restarted, without having been reloaded first.
### What is the expected *correct* behavior?
reload and restart should both pick up the current zone file.
### Relevant configuration files
### Relevant logs and/or screenshots
I think I covered the basics; I can provide more details on request.https://gitlab.isc.org/isc-projects/bind9/-/issues/2727dig package for Windows2023-11-02T16:24:19ZVicky Riskvicky@isc.orgdig package for WindowsWe plan to end support for Windows with 9.18. It seems like there are a number of users who need dig on Windows, so if we can build a dig package for Windows and host that on our website for download, that would be very useful.We plan to end support for Windows with 9.18. It seems like there are a number of users who need dig on Windows, so if we can build a dig package for Windows and host that on our website for download, that would be very useful.Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2728BIND-9.16 and managed-keys-zone2022-06-24T20:22:48ZStanislav LevinBIND-9.16 and managed-keys-zone<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
Wrong cache for `managed-keys` database.
### BIND version used
```console
[root@master1 /]# named -v
BIND 9.16.15-RH (Stable Release) <id:4469e3e>
```
### Steps to reproduce
This is the imitation of first run.
```console
[root@master1 /]# systemctl stop named
# remove current managed-keys
[root@master1 /]# rm -f /var/named/dynamic/managed-keys.bind*
# set forwarders with not existed or not available(offline), in my example I set it to '8.8.8.123' and forward policy 'only'
forward only;
forwarders {8.8.8.123;};
dnssec-validation auto(or yes);
[root@master1 /]# systemctl start named
[root@master1 /]# dig +dnssec mirrors.fedoraproject.org
; <<>> DiG 9.16.15-RH <<>> +dnssec mirrors.fedoraproject.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 23320
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; COOKIE: 9297a095e3be13020100000060ae6af11adeea19e019f898 (good)
;; QUESTION SECTION:
;mirrors.fedoraproject.org. IN A
;; Query time: 3000 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed May 26 15:36:17 UTC 2021
;; MSG SIZE rcvd: 82
[root@master1 /]# cat /var/named/data/dnssec.log
26-May-2021 15:36:13.254 warning: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
[root@master1 /]# cat /var/named/dynamic/managed-keys.bind
$ORIGIN .
$TTL 0 ; 0 seconds
@ IN SOA . . (
2 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
0 ; minimum (0 seconds)
)
KEYDATA 20210526163613 19700101000000 19700101000000 0 0 0 (
) ; ZSK; alg = 0; key id = 0
; next refresh: Wed, 26 May 2021 16:36:13 GMT
; no trust
# make the forwarder online
forwarders {8.8.8.8;};
[root@master1 /]# systemctl restart named
[root@master1 /]# dig +dnssec mirrors.fedoraproject.org
; <<>> DiG 9.16.15-RH <<>> +dnssec mirrors.fedoraproject.org
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 21419
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags: do; udp: 1232
; COOKIE: 20598bf16da011a90100000060ae6b9240e3281a7a1f4680 (good)
;; QUESTION SECTION:
;mirrors.fedoraproject.org. IN A
;; Query time: 171 msec
;; SERVER: 127.0.0.1#53(127.0.0.1)
;; WHEN: Wed May 26 15:38:58 UTC 2021
;; MSG SIZE rcvd: 82
[root@master1 /]# cat /var/named/dynamic/managed-keys.bind
$ORIGIN .
$TTL 0 ; 0 seconds
@ IN SOA . . (
2 ; serial
0 ; refresh (0 seconds)
0 ; retry (0 seconds)
0 ; expire (0 seconds)
0 ; minimum (0 seconds)
)
KEYDATA 20210526163613 19700101000000 19700101000000 0 0 0 (
) ; ZSK; alg = 0; key id = 0
; next refresh: Wed, 26 May 2021 16:36:13 GMT
; no trust
[root@master1 /]# cat /var/named/data/dnssec.log
26-May-2021 15:36:13.254 warning: managed-keys-zone: Unable to fetch DNSKEY set '.': timed out
26-May-2021 15:38:54.052 info: managed-keys-zone: DNSKEY set for zone '.' could not be verified with current keys
26-May-2021 15:38:58.312 info: validating org/DS: no valid signature found
26-May-2021 15:38:58.312 info: validating org/DNSKEY: bad cache hit (org/DS)
[root@master1 /]# cat /var/named/data/query_errors.log
26-May-2021 15:36:17.818 info: client @0x7f8154000cc8 ::1#48423 (mirrors.fedoraproject.org): query failed (timed out) for mirrors.fedoraproject.org/IN/A at ../../../lib/ns/query.c:7360
26-May-2021 15:36:17.818 info: client @0x7f81440104c8 127.0.0.1#50230 (mirrors.fedoraproject.org): query failed (timed out) for mirrors.fedoraproject.org/IN/A at ../../../lib/ns/query.c:7360
26-May-2021 15:38:58.313 info: client @0x7fd9d00104c8 127.0.0.1#59004 (mirrors.fedoraproject.org): query failed (broken trust chain) for mirrors.fedoraproject.org/IN/A at ../../../lib/ns/query.c:7360
```
### What is the current *bug* behavior?
In this case BIND answers SERVFAIL to all queries unless I stop it and manually remove managed-keys.bind and its journal.
In my opinion `managed-keys` zone should automatically be reconfigured since it's empty.July 2021 (9.11.34, 9.11.34-S1, 9.16.19, 9.16.19-S1, 9.17.16)Brian ConryBrian Conryhttps://gitlab.isc.org/isc-projects/kea/-/issues/1897Add callout points in the D2 server for GSS-TSIG hook2021-09-07T05:37:23ZFrancis DupontAdd callout points in the D2 server for GSS-TSIG hookkea1.9.11Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2729[FreeBSD] could not listen on UDP socket: permission denied ; creating IPv4 i...2021-05-27T03:38:35Zyuri@FreeBSD[FreeBSD] could not listen on UDP socket: permission denied ; creating IPv4 interface sk0 failed; interface ignoredI am getting these messages in ```/var/log/messages```:
```
$ grep named /var/log/messages
May 25 18:43:06 yv named[1416]: could not listen on UDP socket: permission denied
May 25 18:43:06 yv named[1416]: creating IPv4 interface sk0 fail...I am getting these messages in ```/var/log/messages```:
```
$ grep named /var/log/messages
May 25 18:43:06 yv named[1416]: could not listen on UDP socket: permission denied
May 25 18:43:06 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
May 25 19:43:06 yv named[1416]: could not listen on UDP socket: permission denied
May 25 19:43:06 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
May 25 20:43:06 yv named[1416]: could not listen on UDP socket: permission denied
May 25 20:43:06 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
May 25 21:43:06 yv named[1416]: could not listen on UDP socket: permission denied
May 25 21:43:06 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
May 25 22:43:06 yv named[1416]: could not listen on UDP socket: permission denied
May 25 22:43:06 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
May 25 23:43:06 yv named[1416]: could not listen on UDP socket: permission denied
May 25 23:43:06 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
May 26 00:17:03 yv named[1416]: could not listen on UDP socket: permission denied
May 26 00:17:03 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
May 26 00:17:03 yv named[1416]: could not listen on UDP socket: permission denied
May 26 00:17:03 yv named[1416]: creating IPv4 interface sk0 failed; interface ignored
```
```sockstat``` shows that ```named``` listens on the DNS socket:
```
$ sudo sockstat -l | grep named
bind named 1416 21 tcp6 *:53 *:*
bind named 1416 22 tcp4 127.0.0.1:953 *:*
bind named 1416 23 tcp6 ::1:953 *:*
bind named 1416 512 udp6 *:53 *:*
bind named 1416 513 udp6 *:53 *:*
bind named 1416 514 udp6 *:53 *:*
bind named 1416 515 udp6 *:53 *:*
bind named 1416 516 udp6 *:53 *:*
bind named 1416 517 udp6 *:53 *:*
bind named 1416 518 udp6 *:53 *:*
```
bind911-9.11.31 (installed from the port)
FreeBSD 13https://gitlab.isc.org/isc-projects/bind9/-/issues/2730[ISC-support #18552] Logging category for notify/xfer related messages2024-03-27T13:17:04ZChuck Stearns[ISC-support #18552] Logging category for notify/xfer related messages### Description
Logging category for notify/xfer related messages
### Request
The notify category does not include some messages that end up in the general category. There are also some messages that might be better placed in xfer-in....### Description
Logging category for notify/xfer related messages
### Request
The notify category does not include some messages that end up in the general category. There are also some messages that might be better placed in xfer-in. For instance, "notify from" and "refused notify from non-master". The intent is to have all messages useful for troubleshooting an aspect of operation in one log. For example, if troubleshooting zone transfer issues, the relevant messages would be in the transfer.log. This segregation also facilitates some noise reduction when using dynamic severity.
### Links / referencesNot plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2731possible crash after answering DNS64 query with stale data2021-05-31T09:02:56ZEvan Huntpossible crash after answering DNS64 query with stale dataWhen a stale answer is sent to a client, the server continues processing the recursive query in hopes of getting a real answer. If an answer does arrive afterward, and DNS64 is enabled, an assertion failure can occur because `client->que...When a stale answer is sent to a client, the server continues processing the recursive query in hopes of getting a real answer. If an answer does arrive afterward, and DNS64 is enabled, an assertion failure can occur because `client->query.dns64_aaaa` was already set by the stale answer.June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)https://gitlab.isc.org/isc-projects/bind9/-/issues/2732Zone dumping is blocking the networking IO2021-06-07T12:43:40ZOndřej SurýZone dumping is blocking the networking IOJune 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/stork/-/issues/547Slightly malformed http header in response: date2021-06-01T15:38:47ZTomek MrugalskiSlightly malformed http header in response: dateWhen reviewing #530, I discovered that the API call return slightly malformed Date in http headers.
Here's what I got:
```
connection: keep-alive
content-length: 252
content-type: application/json
date: Thu27 May 2021 09:13:25 GMT
serv...When reviewing #530, I discovered that the API call return slightly malformed Date in http headers.
Here's what I got:
```
connection: keep-alive
content-length: 252
content-type: application/json
date: Thu27 May 2021 09:13:25 GMT
server: nginx/1.19.7
```
There should be a coma after Thu and a space. Reference [RFC7231](https://datatracker.ietf.org/doc/html/rfc7231#section-7.1.1.2).
I don't think this bothers anyone, reporting for completeness.outstandinghttps://gitlab.isc.org/isc-projects/dhcp/-/issues/189outdated ISC address in license section in 4.4.2 and 4.1-ESV2022-01-20T11:04:51ZWlodzimierz Wenceloutdated ISC address in license section in 4.4.2 and 4.1-ESVExample from code:
```
/*$
* Copyright (c) 2017 by Internet Systems Consortium, Inc. ("ISC")$
*$
* This Source Code Form is subject to the terms of the Mozilla Public$
* License, v. 2.0. If a copy of the MPL was not distributed with ...Example from code:
```
/*$
* Copyright (c) 2017 by Internet Systems Consortium, Inc. ("ISC")$
*$
* This Source Code Form is subject to the terms of the Mozilla Public$
* License, v. 2.0. If a copy of the MPL was not distributed with this$
* file, You can obtain one at http://mozilla.org/MPL/2.0/.$
*$
* THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES$
* WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF$
* MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR$
* ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES$
* WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN$
* ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT$
* OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.$
*$
* Internet Systems Consortium, Inc.$
* 950 Charter Street$
* Redwood City, CA 94063$
* <info@isc.org>$
* https://www.isc.org/$
*$
*/$
```
we have outdated address, either change it to current or remove completely.4.4.3-beta1Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/2733"stale-answer-client-timeout" > 0 can cause crashes when prefetch is enabled2021-06-03T12:55:33ZMichał Kępień"stale-answer-client-timeout" > 0 can cause crashes when prefetch is enabled`named` can crash in the following scenario:
1. Assume that `stale-answer-client-timeout` is set to a positive value
and that in the course of resolving a `cname.example/A` query, the
following records were cached:
```
...`named` can crash in the following scenario:
1. Assume that `stale-answer-client-timeout` is set to a positive value
and that in the course of resolving a `cname.example/A` query, the
following records were cached:
```
cname.example. CNAME a.example. ; TTL=10
a.example. A 192.0.2.1 ; TTL=12
```
2. 10 seconds pass, causing the relevant cache contents to become:
```
cname.example. CNAME a.example. ; expired
a.example. A 192.0.2.1 ; TTL=2
```
3. The resolver is queried for `cname.example/A` again.
4. `cname.example/CNAME` is expired, so recursion starts. As a part of
this process, the `DNS_FETCHOPT_TRYSTALE_ONTIMEOUT` flag is [set][1]
in `client->query.fetchoptions`.
5. The authoritative response for `cname.example/CNAME` arrives before
`a.example/A` expires from the cache.
6. Query processing is restarted for `a.example/A` (the CNAME target).
7. `a.example/A` is found in the cache with a positive TTL which falls
below the default prefetch trigger (2 seconds).
8. A prefetch for `a.example/A` is started with
`DNS_FETCHOPT_TRYSTALE_ONTIMEOUT` still being set. This causes the
"try stale" timer to be started for the prefetch query.
9. No response to the prefetch query arrives before the "try stale"
timeout fires.
10. `prefetch_done()` is called and is passed an event of type
`DNS_EVENT_TRYSTALE`.
11. The `REQUIRE(event->ev_type == DNS_EVENT_FETCHDONE);` [assertion][2]
fails, causing `named` to crash.
See: https://support.isc.org/Ticket/Display.html?id=18536
[1]: https://gitlab.isc.org/isc-projects/bind9/-/blob/e7f5c9582a8b3c441f57c33785ad8113b59428c0/lib/ns/query.c#L6429-6434
[2]: https://gitlab.isc.org/isc-projects/bind9/-/blob/e7f5c9582a8b3c441f57c33785ad8113b59428c0/lib/ns/query.c#L2491June 2021 (9.11.33, 9.11.33-S1, 9.16.17/9.16.18, 9.16.17-S1/9.16.18-S1, 9.17.14/9.17.15)https://gitlab.isc.org/isc-projects/kea/-/issues/1898bump up kea version2021-05-27T14:34:34ZWlodzimierz Wencelbump up kea versionto kea 1.9.9-gitto kea 1.9.9-gitkea1.9.9https://gitlab.isc.org/isc-projects/kea/-/issues/1899warnings during compilation2021-06-02T16:51:50ZWlodzimierz Wencelwarnings during compilationReported by @razvan on isc-projects/kea#1891 (1.9.8 sanity checks)
minor:
```
In file included from json_config_parser.cc:14:
../../../src/bin/dhcp4/dhcp4_srv.h:386:10: warning: 'shutdown' overrides a member function but is not marked '...Reported by @razvan on isc-projects/kea#1891 (1.9.8 sanity checks)
minor:
```
In file included from json_config_parser.cc:14:
../../../src/bin/dhcp4/dhcp4_srv.h:386:10: warning: 'shutdown' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
void shutdown();
^
../../../src/lib/process/daemon.h:74:18: note: overridden virtual function is here
virtual void shutdown();
^
```
```
In file included from json_config_parser.cc:17:
../../../src/bin/dhcp6/dhcp6_srv.h:203:10: warning: 'shutdown' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
void shutdown();
^
../../../src/lib/process/daemon.h:74:18: note: overridden virtual function is here
virtual void shutdown();
^
```
```
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:283:25: warning: 'getConfigSummary' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
virtual std::string getConfigSummary(const uint32_t selection);
^
../../../src/lib/process/d_cfg_mgr.h:165:25: note: overridden virtual function is here
virtual std::string getConfigSummary(const uint32_t selection) = 0;
^
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:295:5: warning: 'parse' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
parse(isc::data::ConstElementPtr config, bool check_only);
^
../../../src/lib/process/d_cfg_mgr.h:226:40: note: overridden virtual function is here
virtual isc::data::ConstElementPtr parse(isc::data::ConstElementPtr config,
^
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:303:18: warning: 'setCfgDefaults' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
virtual void setCfgDefaults(isc::data::ElementPtr mutable_config);
^
../../../src/lib/process/d_cfg_mgr.h:188:18: note: overridden virtual function is here
virtual void setCfgDefaults(isc::data::ElementPtr mutable_config);
^
In file included from d2_update_mgr.cc:9:
In file included from ../../../src/bin/d2/d2_update_mgr.h:16:
../../../src/bin/d2/d2_cfg_mgr.h:314:32: warning: 'createNewContext' overrides a member function but is not marked 'override' [-Winconsistent-missing-override]
virtual process::ConfigPtr createNewContext();
^
../../../src/lib/process/d_cfg_mgr.h:199:23: note: overridden virtual function is here
virtual ConfigPtr createNewContext() = 0;
^
4 warnings generated.
```kea1.9.9Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1900update AUTHORS file2021-06-23T14:37:02ZWlodzimierz Wencelupdate AUTHORS fileReported in isc-projects/kea#1891 (1.9.8 sanity checks)
I think AUTHORS file should be extended, some hooks are missing. e.g lease query, legal logging, HA+MT is worth mentioning as wellReported in isc-projects/kea#1891 (1.9.8 sanity checks)
I think AUTHORS file should be extended, some hooks are missing. e.g lease query, legal logging, HA+MT is worth mentioning as wellkea1.9.9Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/kea/-/issues/1901Remove the "Active development" warning from the ARM in HA+MT section2021-06-17T09:45:56ZThomas MarkwalderRemove the "Active development" warning from the ARM in HA+MT sectionThe warning can be removed. In addition, the MT section for core should point to the HA+MT section so people realized there are more knobs to turn when using HA.The warning can be removed. In addition, the MT section for core should point to the HA+MT section so people realized there are more knobs to turn when using HA.kea1.9.9Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/1902HA+Mt HttpClient incorrectly reports number of threads as 02021-06-25T14:05:33ZThomas MarkwalderHA+Mt HttpClient incorrectly reports number of threads as 0The following log statement in http/client.cc it currently reports the number of threads as zero:
LOG_DEBUG(http_logger, isc::log::DBGLVL_TRACE_BASIC, HTTP_CLIENT_MT_STARTED)
.arg(getThreadCount());
In fa...The following log statement in http/client.cc it currently reports the number of threads as zero:
LOG_DEBUG(http_logger, isc::log::DBGLVL_TRACE_BASIC, HTTP_CLIENT_MT_STARTED)
.arg(getThreadCount());
In fact, the threads have not yet been created because the thread pool start is deferred. It should be moved from HttpClientImpl ctor to HttpClientImpl::start().kea1.9.9Razvan BecheriuRazvan Becheriu