ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2021-10-05T07:10:16Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1459masterformat test failure on Solaris2021-10-05T07:10:16ZWitold Krecickimasterformat test failure on Solarismasterformat system tests fails on "checking corrupt map files fail to load (bad node data)" subtest.
We use 'stomp' to write over specific (constant) bytes in map format - but those are platform-specific, and in this case we don't overw...masterformat system tests fails on "checking corrupt map files fail to load (bad node data)" subtest.
We use 'stomp' to write over specific (constant) bytes in map format - but those are platform-specific, and in this case we don't overwrite anything important.https://gitlab.isc.org/isc-projects/stork/-/issues/101update primeng dependency to latest 8.1.12019-12-30T17:36:04ZMichal Nowikowskiupdate primeng dependency to latest 8.1.1update other UI deps as wellupdate other UI deps as wellStork-0.3Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/kea/-/issues/1047Kea 1.6.1 and 1.7.2, mysql configuration backend, clients not always getting ...2020-01-30T17:40:18ZGhost UserKea 1.6.1 and 1.7.2, mysql configuration backend, clients not always getting a gatewayWe have paid for the premier hooks, so were running kea with the mysql configuration backend for hosts, subnets and leases. This is a dhcp4 only environment.
Our environment consists of around 300 subnets
We have a test host with a out...We have paid for the premier hooks, so were running kea with the mysql configuration backend for hosts, subnets and leases. This is a dhcp4 only environment.
Our environment consists of around 300 subnets
We have a test host with a out of band management device that is set to use our new kea server via dhcp helper address.
If we update kea, via posting a subnet config to the agent controller, for this management network, we can restart the out-of-band management device and it gets an address and a gateway
If we add a few more subnets, again, posting a subnet config to the agent controller, we can restart the OOB device and it gets an IP address and a gateway
This is where things get weird.
If we add all 300+ subnets, and restart the OOB device, it does not get a gateway. It gets a leased ip address, but no gateway.
Our packet captures during these events shows our OOB device requesting a gateway, but kea never sends one:
```
20:54:46.558258 IP (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto UDP (17), length 328)
10.17.232.2.bootps > dhcp-srv-1.example.net.bootps: [udp sum ok] BOOTP/DHCP, Request from d0:94:66:22:8d:32 (oui Unknown), length 300, hops 1, xid 0xfd9d1412, Flags [none] (0x0000)
Gateway-IP 10.17.232.2
Client-Ethernet-Address d0:94:66:22:8d:32 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Discover
Client-ID Option 61, length 7: ether d0:94:66:22:8d:32
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP, Vendor-Option
Classless-Static-Route, Classless-Static-Route-Microsoft
Vendor-Class Option 60, length 5: "iDRAC"
Hostname Option 12, length 13: "idrac-abc1234"
END Option 255, length 0
PAD Option 0, length 0, occurs 9
20:54:46.574260 IP (tos 0x0, ttl 64, id 24939, offset 0, flags [DF], proto UDP (17), length 314)
dhcp-srv-1.example.net.bootps > 10.17.232.2.bootps: [bad udp cksum 0x1f28 -> 0xbe43!] BOOTP/DHCP, Reply, length 286, hops 1, xid 0xfd9d1412, Flags [none] (0x0000)
Your-IP 10.17.232.6
Gateway-IP 10.17.232.2
Client-Ethernet-Address d0:94:66:22:8d:32 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Subnet-Mask Option 1, length 4: 255.255.248.0
Hostname Option 12, length 13: "idrac-abc1234"
Lease-Time Option 51, length 4: 172800
Server-ID Option 54, length 4: dhcp-srv-1.example.net
Client-ID Option 61, length 7: ether d0:94:66:22:8d:32
END Option 255, length 0
```
If we re-add that OOB subnet though, the OOB device will get a gateway:
```
21:19:27.005872 IP (tos 0x0, ttl 60, id 0, offset 0, flags [DF], proto UDP (17), length 331)
10.17.232.3.bootps > dhcp-srv-1.example.net.bootps: [udp sum ok] BOOTP/DHCP, Request from d0:94:66:22:8d:32 (oui Unknown), length 303, hops 1, xid 0x4eafdb02, Flags [none] (0x0000)
Gateway-IP 10.17.232.3
Client-Ethernet-Address d0:94:66:22:8d:32 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Request
Client-ID Option 61, length 7: ether d0:94:66:22:8d:32
Requested-IP Option 50, length 4: 10.17.232.6
Server-ID Option 54, length 4: dhcp-srv-1.example.net
MSZ Option 57, length 2: 576
Parameter-Request Option 55, length 10:
Subnet-Mask, Default-Gateway, Domain-Name-Server, Hostname
Domain-Name, BR, NTP, Vendor-Option
Classless-Static-Route, Classless-Static-Route-Microsoft
Vendor-Class Option 60, length 5: "iDRAC"
Hostname Option 12, length 13: "idrac-abc1234"
END Option 255, length 0
21:19:27.010985 IP (tos 0x0, ttl 64, id 5150, offset 0, flags [DF], proto UDP (17), length 364)
dhcp-srv-1.example.net.bootps > 10.17.232.3.bootps: [bad udp cksum 0x1f5b -> 0x9adb!] BOOTP/DHCP, Reply, length 336, hops 1, xid 0x4eafdb02, Flags [none] (0x0000)
Your-IP 10.17.232.6
Gateway-IP 10.17.232.3
Client-Ethernet-Address d0:94:66:22:8d:32 (oui Unknown)
Vendor-rfc1048 Extensions
Magic Cookie 0x63825363
DHCP-Message Option 53, length 1: Offer
Subnet-Mask Option 1, length 4: 255.255.248.0
Default-Gateway Option 3, length 4: 10.17.232.1
Domain-Name-Server Option 6, length 12: ns1.example.net,ns2.example.net,ns3.example.net
Hostname Option 12, length 13: "idrac-abc1234"
Domain-Name Option 15, length 14: "oob.example.net"
NTP Option 42, length 12: ns-1.example.net,ns-2.example.net,ns-3.example.net
Lease-Time Option 51, length 4: 172800
Server-ID Option 54, length 4: dhcp-srv-1.example.net
Client-ID Option 61, length 7: ether d0:94:66:22:8d:32
END Option 255, length 0
```
If we then re-add all 300 subnets, our OOB device will not get a gateway.
We would really like to understand why this happens.
For the last bit of info, this is our OOB subnet config:
```
[
{
"arguments": {
"count": 1,
"subnets": [
{
"4o6-interface": "",
"4o6-interface-id": "",
"4o6-subnet": "",
"id": 506,
"metadata": {
"server-tags": [
"all"
]
},
"option-data": [
{
"always-send": false,
"code": 3,
"csv-format": true,
"data": "10.17.232.1",
"name": "routers",
"space": "dhcp4"
},
{
"always-send": false,
"code": 15,
"csv-format": true,
"data": "oob.example.net",
"name": "domain-name",
"space": "dhcp4"
},
{
"always-send": false,
"code": 119,
"csv-format": true,
"data": "example.net",
"name": "domain-search",
"space": "dhcp4"
},
{
"always-send": false,
"code": 42,
"csv-format": true,
"data": "10.1.43.10, 10.1.45.10, 10.1.42.10",
"name": "ntp-servers",
"space": "dhcp4"
},
{
"always-send": false,
"code": 6,
"csv-format": true,
"data": "10.1.241.220, 10.1.241.221, 10.1.241.222",
"name": "domain-name-servers",
"space": "dhcp4"
}
],
"pools": [
{
"option-data": [],
"pool": "10.17.232.6-10.17.239.254"
}
],
"relay": {
"ip-addresses": []
},
"shared-network-name": null,
"subnet": "10.17.232.0/21",
"user-context": {
"location": "oob"
}
}
]
},
"result": 0,
"text": "IPv4 subnet 10.17.232.0/21 found."
}
]
```
All of our subnets use the same template.kea1.7.4https://gitlab.isc.org/isc-projects/dhcp/-/issues/66Cannot unpack the tar file2019-12-11T11:39:33ZGhost UserCannot unpack the tar fileHello,
I am trying to install the dhcp relay agent on the console server Opengear/IM72xx which is built on uCLinux. After I scp'd the file to the server, I am not able to untar it and I am getting the following error. I checked the md5 o...Hello,
I am trying to install the dhcp relay agent on the console server Opengear/IM72xx which is built on uCLinux. After I scp'd the file to the server, I am not able to untar it and I am getting the following error. I checked the md5 of the file on the server against my computer and it matches. Also I am able to untar it on my local mac laptop.
tar: corrupted octal value in tar header
Can someone please help in resolving this issue?https://gitlab.isc.org/isc-projects/bind9/-/issues/1458Intermittent failure in the forward system test2019-12-09T17:15:55ZOndřej SurýIntermittent failure in the forward system test```
T:forward:1:A
A:forward:System test forward
I:forward:PORTRANGE:8200 - 8299
I:forward:checking that a forward zone overrides global forwarders
I:forward:checking that a forward first zone no forwarders recurses
I:forward:checking tha...```
T:forward:1:A
A:forward:System test forward
I:forward:PORTRANGE:8200 - 8299
I:forward:checking that a forward zone overrides global forwarders
I:forward:checking that a forward first zone no forwarders recurses
I:forward:checking that a forward only zone no forwarders fails
I:forward:checking that global forwarders work
I:forward:checking that a forward zone works
I:forward:checking that forwarding doesn't spontaneously happen
I:forward:checking that a forward zone with no specified policy works
I:forward:checking that a forward only doesn't recurse
I:forward:checking for negative caching of forwarder response
I:forward:checking that forward only zone overrides empty zone
I:forward:checking that DS lookups for grafting forward zones are isolated
I:forward:checking that rfc1918 inherited 'forward first;' zones are warned about
I:forward:checking that ULA inherited 'forward first;' zones are warned about
I:forward:checking that a forwarder timeout prevents it from being reused in the same fetch context
I:forward:checking that priming queries are not forwarded
I:forward:failed
I:forward:checking recovery from forwarding to a non-recursive server
I:forward:exit status: 1
R:forward:FAIL
E:forward:Thu Dec 5 17:19:35 UTC 2019
```
Full CI job:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/455922December 2019 (9.11.14, 9.14.9, 9.15.7)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/1046easy parsing mode in perfdhcp2020-03-20T16:23:05ZWlodzimierz Wenceleasy parsing mode in perfdhcpas for today perfdhcp is generating a lot of output when using -t mode e.g:
```
Running: perfdhcp -4 -p 7 -R 20000000 -r 1514 -l eno3 -t 1
Scenario: basic.
Multi-thread mode enabled.
sent: 1513/1513; received: 1513/1512; drops: 0/1; reje...as for today perfdhcp is generating a lot of output when using -t mode e.g:
```
Running: perfdhcp -4 -p 7 -R 20000000 -r 1514 -l eno3 -t 1
Scenario: basic.
Multi-thread mode enabled.
sent: 1513/1513; received: 1513/1512; drops: 0/1; rejected: 0/0
sent: 3027/3027; received: 3027/3026; drops: 0/1; rejected: 0/0
sent: 4541/4541; received: 4541/4540; drops: 0/1; rejected: 0/0
sent: 6056/6055; received: 6055/6054; drops: 1/1; rejected: 0/0
sent: 7570/7569; received: 7569/7568; drops: 1/1; rejected: 0/0
sent: 9084/9083; received: 9083/9083; drops: 1/0; rejected: 0/0
***Rate statistics***
Rate: 1513.44 4-way exchanges/second, expected rate: 1514
***Statistics for: DISCOVER-OFFER***
sent packets: 10597
received packets: 10597
drops: 0
drops ratio: 0 %
orphans: 0
rejected leases: 0
min delay: 0.159 ms
avg delay: 0.236 ms
max delay: 7.737 ms
std deviation: 0.278 ms
collected packets: 0
***Statistics for: REQUEST-ACK***
sent packets: 10597
received packets: 10596
drops: 1
drops ratio: 0.009 %
orphans: 0
rejected leases: 0
min delay: 0.335 ms
avg delay: 0.459 ms
max delay: 8.015 ms
std deviation: 0.232 ms
collected packets: 0
```
my goal is to add new option that would cause generating data that would be super easy to parse and generate charts, e.g:
```
1513 1513 1513 1512 0 1
3027 3027 3027 3026 0 1
4541 4541 4541 4540 0 1
6056 6055 6055 6054 1 1
7570 7569 7569 7568 1 1
9084 9083 9083 9083 1 0
```kea1.7.6Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1457Intermittent failure in the autosign system test2020-01-23T08:15:47ZOndřej SurýIntermittent failure in the autosign system test```
T:autosign:1:A
A:autosign:System test autosign
I:autosign:PORTRANGE:5800 - 5899
I:autosign:generating keys and preparing zones
I:autosign:setting up zone: secure.example
I:autosign:setting up zone: secure.nsec3.example
I:autosign:set...```
T:autosign:1:A
A:autosign:System test autosign
I:autosign:PORTRANGE:5800 - 5899
I:autosign:generating keys and preparing zones
I:autosign:setting up zone: secure.example
I:autosign:setting up zone: secure.nsec3.example
I:autosign:setting up zone: nsec3.nsec3.example
I:autosign:setting up zone: jitter.nsec3.example
I:autosign:setting up zone: optout.nsec3.example
I:autosign:setting up zone: nsec3.example
I:autosign:setting up zone: autonsec3.example
I:autosign:setting up zone: secure.optout.example
I:autosign:setting up zone: nsec3.optout.example
I:autosign:setting up zone: optout.optout.example
I:autosign:setting up zone: optout.example
I:autosign:setting up zone: rsasha256.example
I:autosign:setting up zone: rsasha512.example
I:autosign:setting up zone: nsec.example
I:autosign:setting up zone: oldsigs.example
I:autosign:setting up zone: nsec3-to-nsec.example
I:autosign:setting up zone: secure-to-insecure.example
I:autosign:setting up zone: secure-to-insecure2.example
I:autosign:setting up zone: prepub.example
I:autosign:setting up zone: ttl1.example
I:autosign:setting up zone: ttl2.example
I:autosign:setting up zone: ttl3.example
I:autosign:setting up zone: ttl4.example
I:autosign:setting up zone: delay.example
I:autosign:setting up zone: nozsk.example
I:autosign:setting up zone: inaczsk.example
I:autosign:setting up zone: reconf.example
I:autosign:setting up zone: sync.example
I:autosign:setting up zone: kskonly.example
I:autosign:setting up zone: inacksk2.example
I:autosign:setting up zone: inaczsk2.example
I:autosign:setting up zone: inacksk3.example
I:autosign:setting up zone: inaczsk3.example
I:autosign:setting up zone: delzsk.example
I:autosign:setting up zone: dname-at-apex-nsec3.example
I:autosign:waiting for autosign changes to take effect
I:autosign:waiting ... (1)
I:autosign:waiting ... (2)
I:autosign:Initial counts of RRSIG expiry fields values for auto signed zones
I:autosign:zone .
I:autosign:9 20191216111640
I:autosign:2 20191219005033
I:autosign:7 20191221054639
I:autosign:4 20200104153803
I:autosign:2 20200104153804
I:autosign:zone bar.
I:autosign:11 20191214012142
I:autosign:6 20191215102444
I:autosign:10 20191216144014
I:autosign:10 20191218035812
I:autosign:7 20200103224447
I:autosign:2 20200104153750
I:autosign:1 20200104153752
I:autosign:zone example.
I:autosign:10 20191221125810
I:autosign:11 20191222050514
I:autosign:10 20191222183230
I:autosign:7 20191225093539
I:autosign:10 20191226020704
I:autosign:11 20191228060720
I:autosign:2 20200104153750
I:autosign:1 20200104153752
I:autosign:zone private.secure.example.
I:autosign:18 20200104143747
I:autosign:zone inacksk2.example.
I:autosign:6 20191213051741
I:autosign:7 20191217164950
I:autosign:1 20200104153753
I:autosign:1 20200104153754
I:autosign:zone inacksk3.example
I:autosign:6 20191228115129
I:autosign:7 20191230032301
I:autosign:1 20200104153753
I:autosign:1 20200104153754
I:autosign:zone inaczsk2.example.
I:autosign:7 20191220025036
I:autosign:6 20200103014047
I:autosign:1 20200104153753
I:autosign:1 20200104153754
I:autosign:zone inaczsk3.example
I:autosign:6 20191220185245
I:autosign:7 20191222195223
I:autosign:2 20200104153753
I:autosign:1 20200104153754
I:autosign:check that zone with active and inactive KSK and active ZSK is properly
I:autosign:resigned after the active KSK is deleted - stage 1: Verify that DNSKEY
I:autosign:is initially signed with a KSK and not a ZSK. (1)
I:autosign:check that zone with active and inactive ZSK and active KSK is properly
I:autosign:resigned after the active ZSK is deleted - stage 1: Verify that zone
I:autosign:is initially signed with a ZSK and not a KSK. (2)
I:autosign:checking NSEC->NSEC3 conversion prerequisites (3)
I:autosign:checking NSEC3->NSEC conversion prerequisites (4)
I:autosign:converting zones from nsec to nsec3
I:autosign:preset nsec3param in unsigned zone via nsupdate (5)
I:autosign:checking for nsec3param in unsigned zone (5)
I:autosign:checking for nsec3param signing record (6)
I:autosign:resetting nsec3param via rndc signing (7)
I:autosign:signing preset nsec3 zone
I:autosign:waiting for changes to take effect
I:autosign:converting zone from nsec3 to nsec
I:autosign:waiting for change to take effect
I:autosign:checking that expired RRSIGs from missing key are not deleted (8)
I:autosign:checking that expired RRSIGs from inactive key are not deleted (9)
I:autosign:checking that non-replaceable RRSIGs are logged only once (missing private key) (10)
I:autosign:checking that non-replaceable RRSIGs are logged only once (inactive private key) (11)
I:autosign:dumping zone files
I:autosign:checking expired signatures were updated (12)
I:autosign:checking expired signatures were jittered correctly (13)
I:autosign:202 20191206
I:autosign:202 20191207
I:autosign:296 20191208
I:autosign:303 20191209
I:autosign:203 20191210
I:autosign:303 20191212
I:autosign:101 20191213
I:autosign:202 20191214
I:autosign:checking whether all frequencies fall into <31;421> range
I:autosign:checking NSEC->NSEC3 conversion succeeded (14)
I:autosign:checking direct NSEC3 autosigning succeeded (15)
I:autosign:checking NSEC->NSEC3 conversion failed with NSEC-only key (16)
I:autosign:checking NSEC3->NSEC conversion succeeded (17)
I:autosign:checking NSEC3->NSEC conversion with 'rndc signing -nsec3param none' (18)
I:autosign:checking TTLs of imported DNSKEYs (no default) (19)
I:autosign:checking TTLs of imported DNSKEYs (with default) (20)
I:autosign:checking TTLs of imported DNSKEYs (mismatched) (21)
I:autosign:checking TTLs of imported DNSKEYs (existing RRset) (22)
I:autosign:checking positive validation NSEC (23)
I:autosign:checking positive validation NSEC3 (24)
I:autosign:checking positive validation OPTOUT (25)
I:autosign:checking negative validation NXDOMAIN NSEC (26)
I:autosign:checking negative validation NXDOMAIN NSEC3 (27)
I:autosign:checking negative validation NXDOMAIN OPTOUT (28)
I:autosign:checking negative validation NODATA NSEC (29)
I:autosign:checking negative validation NODATA NSEC3 (30)
I:autosign:checking negative validation NODATA OPTOUT (31)
I:autosign:checking 1-server insecurity proof NSEC (32)
I:autosign:checking 1-server negative insecurity proof NSEC (33)
I:autosign:checking multi-stage positive validation NSEC/NSEC (34)
I:autosign:checking multi-stage positive validation NSEC/NSEC3 (35)
I:autosign:checking multi-stage positive validation NSEC/OPTOUT (36)
I:autosign:checking multi-stage positive validation NSEC3/NSEC (37)
I:autosign:checking multi-stage positive validation NSEC3/NSEC3 (38)
I:autosign:checking multi-stage positive validation NSEC3/OPTOUT (39)
I:autosign:checking multi-stage positive validation OPTOUT/NSEC (40)
I:autosign:checking multi-stage positive validation OPTOUT/NSEC3 (41)
I:autosign:checking multi-stage positive validation OPTOUT/OPTOUT (42)
I:autosign:checking empty NODATA OPTOUT (43)
I:autosign:checking 2-server insecurity proof (44)
I:autosign:checking 2-server insecurity proof with a negative answer (45)
I:autosign:checking security root query (46)
I:autosign:checking positive validation RSASHA256 NSEC (47)
I:autosign:checking positive validation RSASHA512 NSEC (48)
I:autosign:checking that positive validation in a privately secure zone works (49)
I:autosign:checking that negative validation in a privately secure zone works (50)
I:autosign:checking privately secure to nxdomain works (51)
I:autosign:checking that validation returns insecure due to revoked trusted key (52)
I:autosign:checking that revoked key is present (53)
I:autosign:checking that revoked key self-signs (54)
I:autosign:checking for unpublished key (55)
I:autosign:checking for activated but unpublished key (56)
I:autosign:checking that standby key does not sign records (57)
I:autosign:checking that deactivated key does not sign records (58)
I:autosign:checking insertion of public-only key (59)
I:autosign:checking key deletion (60)
I:autosign:checking secure-to-insecure transition, nsupdate (61)
I:autosign:checking secure-to-insecure transition, scheduled (62)
I:autosign:checking jitter in a newly signed NSEC3 zone (63)
I:autosign:308 20191206
I:autosign:315 20191207
I:autosign:84 20191208
I:autosign:231 20191209
I:autosign:147 20191210
I:autosign:192 20191211
I:autosign:176 20191212
I:autosign:167 20191213
I:autosign:160 20191214
I:autosign:checking whether all frequencies fall into <-16;410> range
I:autosign:checking that serial number and RRSIGs are both updated (rt21045) (64)
I:autosign:preparing to test key change corner cases
I:autosign:removing a private key file
I:autosign:preparing ZSK roll
I:autosign:revoking key to duplicated key ID
I:autosign:waiting for changes to take effect
I:autosign:checking former standby key 35792 is now active (65)
I:autosign:checking former standby key has only signed incrementally (66)
I:autosign:checking that signing records have been marked as complete (67)
I:autosign:forcing full sign
I:autosign:waiting for change to take effect
I:autosign:checking former standby key has now signed fully (68)
I:autosign:checking SOA serial number has been incremented (69)
I:autosign:checking delayed key publication/activation (70)
I:autosign:checking scheduled key publication, not activation (71)
I:autosign:waiting for changes to take effect
I:autosign:failed
I:autosign:checking scheduled key activation (72)
I:autosign:waiting for changes to take effect
I:autosign:checking former active key was removed (73)
I:autosign:checking private key file removal caused no immediate harm (74)
I:autosign:checking revoked key with duplicate key ID (failure expected) (75)
I:autosign:not yet implemented
I:autosign:checking key event timers are always set (76)
I:autosign:checking automatic key reloading interval (77)
I:autosign:checking for key reloading loops (78)
I:autosign:forcing full sign with unreadable keys (79)
I:autosign:test turning on auto-dnssec during reconfig (80)
I:autosign:ns3 zone 'reconf.example' reconfigured.
I:autosign:
I:autosign:test CDS and CDNSKEY auto generation (81)
I:autosign:test 'dnssec-dnskey-kskonly no' affects DNSKEY/CDS/CDNSKEY (82)
I:autosign:test 'dnssec-dnskey-kskonly yes' affects DNSKEY/CDS/CDNSKEY (83)
I:autosign:setting CDS and CDNSKEY deletion times and calling 'rndc loadkeys'
I:autosign:checking that the CDS and CDNSKEY are deleted (84)
I:autosign:check that dnssec-settime -p Dsync works (85)
I:autosign:check that dnssec-settime -p Psync works (86)
I:autosign:check that zone with inactive KSK and active ZSK is properly autosigned (87)
I:autosign:check that zone with inactive ZSK and active KSK is properly autosigned (88)
I:autosign:check that zone with active and inactive KSK and active ZSK is properly
I:autosign:resigned after the active KSK is deleted - stage 2: Verify that DNSKEY
I:autosign:is now signed with the ZSK. (89)
I:autosign:check that zone with active and inactive ZSK and active KSK is properly
I:autosign:resigned after the active ZSK is deleted - stage 2: Verify that zone
I:autosign:is now signed with the KSK. (90)
I:autosign:checking for out-of-zone NSEC3 records after ZSK removal (91)
I:autosign:check that DNAME at apex with NSEC3 is correctly signed (auto-dnssec maintain) (92)
I:autosign:checking that DNAME is not treated as a delegation when signing (93)
I:autosign:checking key maintenance events were logged correctly (94)
I:autosign:exit status: 1
R:autosign:FAIL
E:autosign:Thu Dec 5 15:38:56 UTC 2019
```
Full builds here:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/455770
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/455771December 2019 (9.11.14, 9.14.9, 9.15.7)https://gitlab.isc.org/isc-projects/bind9/-/issues/1456always check return from isc_refcount_decrement2020-08-04T09:45:08ZMark Andrewsalways check return from isc_refcount_decrementCoverity, correctly, complains that isc_refcount_decrement return is not always checked.
Additionally isc_refcount_decrement shouldn't be calling inside INSIST, INSIST should not
have side effects as it can be compiled out.Coverity, correctly, complains that isc_refcount_decrement return is not always checked.
Additionally isc_refcount_decrement shouldn't be calling inside INSIST, INSIST should not
have side effects as it can be compiled out.August 2020 (9.11.22, 9.11.22-S1, 9.16.6, 9.17.4)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/1455addzone test failed: checking rndc reload with a normally-loaded redirect zone2022-01-07T09:36:17ZMark Andrewsaddzone test failed: checking rndc reload with a normally-loaded redirect zoneJob Failed #453300
```
I:addzone:checking rndc reload with a normally-loaded redirect zone (17)
I:addzone:failed
```Job Failed #453300
```
I:addzone:checking rndc reload with a normally-loaded redirect zone (17)
I:addzone:failed
```December 2019 (9.11.14, 9.14.9, 9.15.7)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/1453The zero system test timeouts intermittently2019-12-09T17:41:28ZOndřej SurýThe zero system test timeouts intermittentlySee following jobs for evidence:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/452936
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/452931
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/452945See following jobs for evidence:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/452936
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/452931
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/452945December 2019 (9.11.14, 9.14.9, 9.15.7)https://gitlab.isc.org/isc-projects/kea/-/issues/1044PgSQL lease connection pool2019-12-05T15:52:51ZFrancis DupontPgSQL lease connection poolCreate a connection pool for the PostgreSQL lease manager making it thread safe.Create a connection pool for the PostgreSQL lease manager making it thread safe.kea1.7.3Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/1452Crash in inline system test, but test passed2019-12-06T14:08:07ZOndřej SurýCrash in inline system test, but test passed* https://gitlab.isc.org/isc-projects/bind9/-/jobs/450324* https://gitlab.isc.org/isc-projects/bind9/-/jobs/450324December 2019 (9.11.14, 9.14.9, 9.15.7)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/kea/-/issues/1043Possible short coming in SharedNetworkListParserTest.iface2020-07-08T11:29:11ZFrancis DupontPossible short coming in SharedNetworkListParserTest.ifaceThe new SharedNetworkListParserTest.iface unit test uses the eth0 interface name. At least on Alpine it fails because this interface exists in the system.
A new interface should be added into iface_mgr_test_config.cc with a name which v...The new SharedNetworkListParserTest.iface unit test uses the eth0 interface name. At least on Alpine it fails because this interface exists in the system.
A new interface should be added into iface_mgr_test_config.cc with a name which very unlikely already exists in any systems and this new name used for in system not existence tests.kea1.7.10Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/stork/-/issues/100UI bug: closing add user panel doesn't close anything2019-12-04T13:55:27ZTomek MrugalskiUI bug: closing add user panel doesn't close anythingI found two small bugs in the user management code.
First is trivial. The "Create UserAccount" is missing space between User and Account.
The second one is a bit more involved.
STEPS TO REPRODUCE
1. log in, click on Configuration => u...I found two small bugs in the user management code.
First is trivial. The "Create UserAccount" is missing space between User and Account.
The second one is a bit more involved.
STEPS TO REPRODUCE
1. log in, click on Configuration => users
2. Click Create UserAccount
3. There's new tab "New Account" with X on it. Click the X.
Only the tab header will disappear, but not the tab content.Stork-0.2Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/1450named-checkzone could use the filename for zone name if there's only one argu...2021-10-05T07:09:00ZEvan Huntnamed-checkzone could use the filename for zone name if there's only one argumentThis was a suggestion on twitter from Paul Wouters. `dnssec-signzone` does this, but `named-checkzone` doesn't.This was a suggestion on twitter from Paul Wouters. `dnssec-signzone` does this, but `named-checkzone` doesn't.Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/1449Unit tests should not "pass" when cmocka is missing2020-10-16T20:13:46ZMichal NowakUnit tests should not "pass" when cmocka is missingWhen the cmocka library is missing (like on our [Jessie images](https://gitlab.isc.org/isc-projects/bind9/-/jobs/449281)) `make unit` exits with zero although [no testing was done](https://gitlab.isc.org/isc-projects/bind9/-/jobs/449303)...When the cmocka library is missing (like on our [Jessie images](https://gitlab.isc.org/isc-projects/bind9/-/jobs/449281)) `make unit` exits with zero although [no testing was done](https://gitlab.isc.org/isc-projects/bind9/-/jobs/449303). It might be OKish for manual runs but in the CI it's misleading. I'd prefer if the 'unit' target failed (and, as a consequence, failing `unit:...` jobs were removed from the CI).https://gitlab.isc.org/isc-projects/bind9/-/issues/1448named-checkconf crashes with invalid configuration files2021-10-05T07:08:14ZStephen Morrisnamed-checkconf crashes with invalid configuration filesThe attached tarball contains a number of (invalid) fuzzer-generated configuration files that cause named-checkconf to crash. Although there is probably a common cause, each file in the tarball causes named-checkconf to exit with a segme...The attached tarball contains a number of (invalid) fuzzer-generated configuration files that cause named-checkconf to crash. Although there is probably a common cause, each file in the tarball causes named-checkconf to exit with a segmentation fault at a different location (or with different reported arguments to the function that crashed).
The version of BIND tested was 9.15.6, running on Fedora 29, but the crash also happens on macOS.
[configs.tar.gz](/uploads/c064790bf2c8ddeb5b1dca131a90a872/configs.tar.gz)https://gitlab.isc.org/isc-projects/kea/-/issues/1042CI automate git commit message2019-12-27T17:01:52ZTomek MrugalskiCI automate git commit messageWe discussed this on MM. We need a script to automate adding merge [#123] to the commit log.We discussed this on MM. We need a script to automate adding merge [#123] to the commit log.kea1.7.3Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/1447BIND unresponsive during large IXFR and RPZ transfers2020-05-09T18:07:44ZStephen MorrisBIND unresponsive during large IXFR and RPZ transfersDuring a large IXFR, or during the transfer of a response policy zone (regardless of whether it is done by AXFR or IXFR), BIND can become unresponsive for a few seconds.
For more details, see this [internal ISC report](https://wiki.isc....During a large IXFR, or during the transfer of a response policy zone (regardless of whether it is done by AXFR or IXFR), BIND can become unresponsive for a few seconds.
For more details, see this [internal ISC report](https://wiki.isc.org/bin/view/Main/QueryLatencyTransferEffect).
This may be related to #1194.April 2020 (9.11.18, 9.16.2, 9.17.1)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/kea/-/issues/1041kea daemons could expose some runtime information for stork2021-11-30T15:47:57ZMichal Nowikowskikea daemons could expose some runtime information for storkit could be a new command: runtime-info-get or something like that
Information could include:
- pid
- start time or uptime
- current, running user
- last config reload time
- etc.it could be a new command: runtime-info-get or something like that
Information could include:
- pid
- start time or uptime
- current, running user
- last config reload time
- etc.kea1.7.3Marcin SiodelskiMarcin Siodelski