ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2020-09-18T14:35:17Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/1414only clear client classes which are evaluated2020-09-18T14:35:17ZFrancis Dupontonly clear client classes which are evaluatedFrom #1333
Addressed by !857, it is a clear improvement and in some cases a bug fix as for instance a client class set by a hook can be cleared. Note the fix is very limited (i.e. there are other things to do).From #1333
Addressed by !857, it is a clear improvement and in some cases a bug fix as for instance a client class set by a hook can be cleared. Note the fix is very limited (i.e. there are other things to do).kea1.9.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1413Incorrect inheritance of the not existing interface global parameter.2020-09-15T18:00:36ZFrancis DupontIncorrect inheritance of the not existing interface global parameter.From #1333
Addressed in !856, note the cost is in O(log(N)) where N is the number of existing global parameters (N has a lower bound as some global parameters have a default so always exist) and of course it is a pure waste of time.
T...From #1333
Addressed in !856, note the cost is in O(log(N)) where N is the number of existing global parameters (N has a lower bound as some global parameters have a default so always exist) and of course it is a pure waste of time.
The MR is not small because getIface is heavily and incorrectly used in unit tests.kea1.9.0Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/1412Fix reservation-get-by-hostname without subnet-id2020-12-08T16:11:48ZFrancis DupontFix reservation-get-by-hostname without subnet-idWhen the subnet-id is not specified in the command:
* host entries with subnet id == SUBNET_ID_UNUSED should be ignored
* the subnet id should be added (as "subnet-id") to the host element
Note that reservation-get-by-hostname has an o...When the subnet-id is not specified in the command:
* host entries with subnet id == SUBNET_ID_UNUSED should be ignored
* the subnet id should be added (as "subnet-id") to the host element
Note that reservation-get-by-hostname has an optional subnet-id parameter so should be fixed to follow these simple rules.kea1.9.3Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/2115The load of huge.zone can take over 100 secs when running under a sanitiser.2020-09-03T11:24:48ZMark AndrewsThe load of huge.zone can take over 100 secs when running under a sanitiser.September 2020 (9.11.23, 9.11.23-S1, 9.16.7, 9.17.5)https://gitlab.isc.org/isc-projects/bind9/-/issues/2114CID 306652: Null pointer dereferences (REVERSE_INULL)2020-09-24T11:09:37ZMichal NowakCID 306652: Null pointer dereferences (REVERSE_INULL)This was reported today for `v9_11`. Last Coverity run was executed on Monday, so this is very recent defect:
```
1 new defect(s) introduced to bind-v9_11 found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of ...This was reported today for `v9_11`. Last Coverity run was executed on Monday, so this is very recent defect:
```
1 new defect(s) introduced to bind-v9_11 found with Coverity Scan.
New defect(s) Reported-by: Coverity Scan
Showing 1 of 1 defect(s)
** CID 306652: Null pointer dereferences (REVERSE_INULL)
/lib/isc/unix/socket.c: 4969 in isc__socketmgr_destroy()
*** CID 306652: Null pointer dereferences (REVERSE_INULL)
/lib/isc/unix/socket.c: 4969 in isc__socketmgr_destroy()
4963 isc_mem_put(manager->mctx, manager->fdstate,
4964 manager->maxsocks * sizeof(int));
4965
4966 if (manager->stats != NULL)
4967 isc_stats_detach(&manager->stats);
4968
>>> CID 306652: Null pointer dereferences (REVERSE_INULL)
>>> Null-checking "manager->fdlock" suggests that it may be null, but it has already been dereferenced on all paths leading to the check.
4969 if (manager->fdlock != NULL) {
4970 for (i = 0; i < FDLOCK_COUNT; i++)
4971 DESTROYLOCK(&manager->fdlock[i]);
4972 isc_mem_put(manager->mctx, manager->fdlock,
4973 FDLOCK_COUNT * sizeof(isc_mutex_t));
4974 }
```
https://scan8.coverity.com/reports.htm#v38342/p12581/fileInstanceId=35494273&defectInstanceId=11001649&mergedDefectId=306652October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/2113Hard require Net::DNS >= 0.752022-03-01T09:58:32ZOndřej SurýHard require Net::DNS >= 0.75I and @marka talked today that we should just simply require `Net::DNS` to run the system tests instead of doing `prereq.sh` because it's such essential library.I and @marka talked today that we should just simply require `Net::DNS` to run the system tests instead of doing `prereq.sh` because it's such essential library.Not plannedOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/stork/-/issues/392Changes for release 0.112020-09-04T13:11:53ZMichal NowikowskiChanges for release 0.110.11Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/2112Allow task_test subtests to be selected at runtime.2020-10-02T08:49:45ZMark AndrewsAllow task_test subtests to be selected at runtime.October 2020 (9.11.24, 9.11.24-S1, 9.16.8, 9.16.8-S1, 9.17.6)https://gitlab.isc.org/isc-projects/kea/-/issues/1411Kea does not work with mariadb galera cluster2021-04-06T09:25:58ZMikael TomtKea does not work with mariadb galera cluster**Describe the bug**
Kea silently and randomly stops when using mariadb galera cluster and each kea server pointing to different mariadb nodes.
Happens on both dhcp4 and dhcp6.
**To Reproduce**
Steps to reproduce the behavior:
1. instal...**Describe the bug**
Kea silently and randomly stops when using mariadb galera cluster and each kea server pointing to different mariadb nodes.
Happens on both dhcp4 and dhcp6.
**To Reproduce**
Steps to reproduce the behavior:
1. install mariadb and galera on two servers
2. install kea on two servers
3. configure kea to mysql backend for lease, host and config
4. configure kea server 1 to use sql serer 1 and kea server 2 to use sql server 2
5. configure kea to use ha load-balance
6. dhcp4 and/or dhcp6 will randomly stop working on any server (but only on one)
7. no error message or crash, just stop responding
**Expected behavior**
Services should work
**Environment:**
- Kea version: 1.8.0 (Tried many 1.7.x releases with same error)
- OS: Ubuntu 18.04 x64
- Packaged version installed with apt
- HA Hook loaded
**Additional Information**
After service restart it works again for a while.
I pointed both kea servers to the same sql server and it looks like it works now.
If my setup is not supported by you a notice in the manual/known issues list would be great
**Contacting you**
e-mailkea1.9.7https://gitlab.isc.org/isc-projects/bind9/-/issues/2111Restore '-d' option to packet.pl2020-09-02T10:28:07ZMark AndrewsRestore '-d' option to packet.pl!4047 broke tsig system test.!4047 broke tsig system test.September 2020 (9.11.23, 9.11.23-S1, 9.16.7, 9.17.5)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/stork/-/issues/391UI review ticket: add hostname field to subnet list panel2023-01-09T12:05:02ZVicky Riskvicky@isc.orgUI review ticket: add hostname field to subnet list panelOn the Subnets list, the user thought it would be more helpful in the last column to show the hostname, instead of the IP address.
[Not everyone will have defined hostnames and screen real estate is an issue. We discussed adding a host...On the Subnets list, the user thought it would be more helpful in the last column to show the hostname, instead of the IP address.
[Not everyone will have defined hostnames and screen real estate is an issue. We discussed adding a hostname field, and having it hidden by default, with a configuration option to display it.]backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/390UI review ticket: don't display subnets for machines that are not currently m...2023-01-09T12:04:49ZVicky Riskvicky@isc.orgUI review ticket: don't display subnets for machines that are not currently monitoredWhen the user disabled monitoring on the agent-kea6 application, the subnets on that application did not disappear from the subnets list. The same occurred with turning off monitoring for a DHCPv4 daemon. Utilization numbers on the subne...When the user disabled monitoring on the agent-kea6 application, the subnets on that application did not disappear from the subnets list. The same occurred with turning off monitoring for a DHCPv4 daemon. Utilization numbers on the subnets on this application that was not supposed to be monitored kept updating in Stork. This seems like a bug.
If the subnet is present on multiple machines, and some of those machines are actively being monitored, then of course, it is fine to display the subnet.
This user commented that he might turn off monitoring on some machines to simplify the interface to narrow the scope of what he was monitoring and that doesn't work if information from unmonitored machines is not filtered out.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/389UI review ticket: Subnet filtering when using the MORE button from the dashboard2020-11-04T10:30:20ZVicky Riskvicky@isc.orgUI review ticket: Subnet filtering when using the MORE button from the dashboardWhen clicking on the More button on the dashboard under the subnets display, it should display just the DHCPv4 or DHCPv6 subnets (depending on which More button is clicked).When clicking on the More button on the dashboard under the subnets display, it should display just the DHCPv4 or DHCPv6 subnets (depending on which More button is clicked).0.13Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/388UI review ticket: tag events with associated Username2020-11-03T17:27:21ZVicky Riskvicky@isc.orgUI review ticket: tag events with associated UsernameSome of the events are initiated by a User. Please provide a way to determine from the event which Stork user made the change (e.g. monitoring on/off, adding or removing a machine)Some of the events are initiated by a User. Please provide a way to determine from the event which Stork user made the change (e.g. monitoring on/off, adding or removing a machine)0.13Vicky Riskvicky@isc.orgVicky Riskvicky@isc.orghttps://gitlab.isc.org/isc-projects/stork/-/issues/387UI review ticket: Scopes not displayed for servers in standby mode2020-11-04T11:35:24ZVicky Riskvicky@isc.orgUI review ticket: Scopes not displayed for servers in standby modeThe user tried to look at the scopes held by each member of the HA pair. This information wasn't available. He also seemed to think that HA was not configured correctly because the standby machine reported it was not serving any scopes....The user tried to look at the scopes held by each member of the HA pair. This information wasn't available. He also seemed to think that HA was not configured correctly because the standby machine reported it was not serving any scopes. I think that is as designed.
Please a tip in the HA display to say that if the server is not presently active, no scopes will be shown. If that won't fit on screen, then we could alternatively just mention that in the documentation.0.13Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/386UI review ticket: add a link to Add Machine to Settings page2020-09-18T06:49:53ZVicky Riskvicky@isc.orgUI review ticket: add a link to Add Machine to Settings pageThe test user was asked to add a new machine. He looked under Settings, and then under Hosts, searching for where to add a machine.
On the settings page, where we establish other settings, like the Grafana and Prometheus addresses and p...The test user was asked to add a new machine. He looked under Settings, and then under Hosts, searching for where to add a machine.
On the settings page, where we establish other settings, like the Grafana and Prometheus addresses and ports, can we add a sentence with a link to the Machines page? Perhaps at the end of the page below the other settings...
Something like this:
"Add or View machines being monitored on the Machines<link> page"
NB we are not talking about adding a MENU item to the CONFIGURATION menu, just a link on the Settings page under the Configuration menu.0.12https://gitlab.isc.org/isc-projects/kea/-/issues/1410Implement GSS-TSIG to send DDNS updates to Active Directory2021-10-12T13:20:08ZVicky Riskvicky@isc.orgImplement GSS-TSIG to send DDNS updates to Active Directory---
name: Implement GSS-TSIG to send DDNS updates to Active Directory
about: DDNS updates
---
**Some initial questions**
- Are you sure your feature is not already implemented in the latest Kea version? Yes.
- Are you sure what you wou...---
name: Implement GSS-TSIG to send DDNS updates to Active Directory
about: DDNS updates
---
**Some initial questions**
- Are you sure your feature is not already implemented in the latest Kea version? Yes.
- Are you sure what you would like to do is not possible using some other mechanisms? No.
- Have you discussed your idea on kea-users or kea-dev mailing lists? No.
**Is your feature request related to a problem? Please describe.**
Some users of an OEM product implementing Kea would like to send DDNS updates to Active Directory, securing those updates with GSS-TSIG.
**Describe the solution you'd like**
The requestor would like to see Kea add support for GSS-TSIG authentication on the DDNS connections, as well as probably testing and validation of updating to AD.
**Describe alternatives you've considered**
I don't know enough about AD to know if other authentication mechanisms are available, but that would seem to be the most obvious alternative.
**Additional context**
The Kea core team discussed this feature request in a development meeting at the end of August, 2020 and concluded this is a big effort, both for initial development and for maintenance. One issue is the quality of available GSS-TSIG libraries to use. So, we are at the moment NOT PLANNING to implement this. I am opening this ticket so that others may chime in about their requirements, or workarounds, or possibly, someone may volunteer to contribute this.
(related ISC support issue [#17008](https://support.isc.org/Ticket/Display.html?id=17008))kea2.1-backlogVicky Riskvicky@isc.orgVicky Riskvicky@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2110dnssec-signzone report() missing newline2023-10-31T20:15:55ZScott Nicholasdnssec-signzone report() missing newline<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
A regression in report() function in dnssec-signzone printing newline.
### BIND version used
### Steps to reproduce
(How one can reproduce the issue - this is very important.)
### What is the current *bug* behavior?
```
[root@foo named]# dnssec-signzone -3 deadc0ffee -E pkcs11 -S -K /var/named/keys -X +90d -x -o example.org example.org.zone
Fetching example.org/RSASHA256/26302 (KSK) from key repository.Fetching example.org/RSASHA256/27193 (ZSK) from key repository.Verifying the zone using the following algorithms: RSASHA256.
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 present, 0 revoked
example.org.zone.signed
```
### What is the expected *correct* behavior?
```
[root@foo named]# dnssec-signzone -3 deadc0ffee -E pkcs11 -S -K /var/named/keys -X +90d -x -o example.org example.org.zone
Fetching example.org/RSASHA256/26302 (KSK) from key repository.
Fetching example.org/RSASHA256/27193 (ZSK) from key repository.
Verifying the zone using the following algorithms: RSASHA256.
Zone fully signed:
Algorithm: RSASHA256: KSKs: 1 active, 0 stand-by, 0 revoked
ZSKs: 1 active, 0 present, 0 revoked
example.org.zone.signed
```
### Relevant configuration files
N/A
### Relevant logs and/or screenshots
N/A
### Possible fixes
https://gitlab.isc.org/isc-projects/bind9/-/blob/main/bin/dnssec/dnssec-signzone.c#L2729
BIND 9.11 has a putc('\n') there.BIND 9.19.xhttps://gitlab.isc.org/isc-projects/dhcp/-/issues/133can't update object: permission denied2022-01-13T11:24:53ZRamesh Sahoocan't update object: permission deniedTrying to delete a lease from the DHCP server with the following procedure and ending up with the following message.
can't update object: permission denied
```
# omshell
> connect
obj: <null>
> new lease
obj: lease
> set ip-address =...Trying to delete a lease from the DHCP server with the following procedure and ending up with the following message.
can't update object: permission denied
```
# omshell
> connect
obj: <null>
> new lease
obj: lease
> set ip-address = 192.168.6.20
obj: lease
ip-address = c0:a8:06:14
> open
obj: lease
ip-address = c0:a8:06:14
state = 00:00:00:02
client-hostname = "rhel7-c1"
subnet = 00:00:00:02
pool = 00:00:00:03
hardware-address = 08:00:27:a5:22:0a
hardware-type = 00:00:00:01
ends = 5f:4d:8a:81
starts = 5f:4d:1a:01
tstp = 00:00:00:00
tsfp = 00:00:00:00
atsfp = 00:00:00:00
cltt = 5f:4d:1a:01
flags = 00
> unset ip-address
obj: lease
ip-address = <null>
state = 00:00:00:02
client-hostname = "rhel7-c1"
subnet = 00:00:00:02
pool = 00:00:00:03
hardware-address = 08:00:27:a5:22:0a
hardware-type = 00:00:00:01
ends = 5f:4d:8a:81
starts = 5f:4d:1a:01
tstp = 00:00:00:00
tsfp = 00:00:00:00
atsfp = 00:00:00:00
cltt = 5f:4d:1a:01
flags = 00
> update
can't update object: permission denied
obj: lease
ip-address = <null>
state = 00:00:00:02
client-hostname = "rhel7-c1"
subnet = 00:00:00:02
pool = 00:00:00:03
hardware-address = 08:00:27:a5:22:0a
hardware-type = 00:00:00:01
ends = 5f:4d:8a:81
starts = 5f:4d:1a:01
tstp = 00:00:00:00
tsfp = 00:00:00:00
atsfp = 00:00:00:00
cltt = 5f:4d:1a:01
flags = 00
```
```
# dhcpd --version
isc-dhcpd-4.2.5
```Outstandinghttps://gitlab.isc.org/isc-projects/stork/-/issues/385add system tests for upgrading packages2020-09-03T07:15:13ZMichal Nowikowskiadd system tests for upgrading packages0.11Michal NowikowskiMichal Nowikowski