ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2024-03-01T15:00:30Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4618kenya domain not available2024-03-01T15:00:30ZThomas Hankekenya domain not available<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential by clicking the checkbox at the bottom!
-->
### Summary
When I configure a domain from Kenya, it is not resolved.
### BIND version affected
<!--
Make sure you are testing with the **latest** supported version of BIND
for a given branch. Many bugs have been fixed over time!
See https://kb.isc.org/docs/supported-platforms for the current list.
The latest source is available from https://www.isc.org/download/#BIND
Paste the output of `named -V` here.
-->
- 9.16.48
### Steps to reproduce
<!--
This is extremely important! Be precise and use itemized lists, please.
Even if a default configuration is affected, please include the full configuration
files _you were testing with_.
Example:
1. Use _attached_ configuration file
2. Start BIND server with command: `named -g -c named.conf ...`
3. Simulate legitimate clients using command `dnsperf -S1 -d legit-queries ...`
4. Simulate attack traffic using command `dnsperf -S1 -d attack-queries ...`
-->
1. Add configuration for .ke domain
2. Check with dig that response will be right
### What is the current *bug* behavior?
```
dig han.ke @ns1.y4roc.de
; <<>> DiG 9.10.6 <<>> han.ke @ns1.y4roc.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 15861
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
;han.ke. IN A
;; Query time: 20 msec
;; SERVER: 5.9.143.51#53(5.9.143.51)
;; WHEN: Fri Mar 01 14:23:15 CET 2024
;; MSG SIZE rcvd: 35
```
### What is the expected *correct* behavior?
```
dig han.ke @ns1.y4roc.de
; <<>> DiG 9.10.6 <<>> han.ke @ns1.y4roc.de
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19451
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;han.ke. IN A
;; ANSWER SECTION:
han.ke. 86400 IN A 195.201.140.251
;; Query time: 22 msec
;; SERVER: 5.9.143.51#53(5.9.143.51)
;; WHEN: Fri Mar 01 15:29:57 CET 2024
;; MSG SIZE rcvd: 51
```https://gitlab.isc.org/isc-projects/bind9/-/issues/4617dig does not support IDN without configure option2024-03-02T06:12:04ZMitsuru Shimamuradig does not support IDN without configure option### Summary
Without configure option: --with-libidn2, dig does not support IDN even though libidn2 library header is installed.
### BIND version affected
```
# ./bin/named/named -V | head -1
BIND 9.19.21 (Development Release) <id:c030a...### Summary
Without configure option: --with-libidn2, dig does not support IDN even though libidn2 library header is installed.
### BIND version affected
```
# ./bin/named/named -V | head -1
BIND 9.19.21 (Development Release) <id:c030a67>
```
### Steps to reproduce
1. prepare for build
```
# docker run --rm -it rockylinux:9.3
(in the container)
# dnf groupinstall -y "Development Tools"
# dnf in --enablerepo=crb -y libidn2-devel openssl-devel libnghttp2-devel libuv-devel libcap-devel
# pkg-config --libs libidn2
-lidn2 <== library header is installed
```
2a. configure without "--with-libidn2" and make binary
```
# curl -O https://downloads.isc.org/isc/bind9/9.19.21/bind-9.19.21.tar.xz
# tar xf bind-9.19.21.tar.xz
# cd bind-9.19.21
# ./configure | tee configure.log
# grep idn configure.log
IDN support (--with-libidn2) <=== what's this?
# make
```
3a. check dig suppports +idn or not
```
# ./bin/dig/dig -h | grep idn
(not match)
^^^^^^^^^^^
# ./bin/dig/dig +noall +ans +idn xn--wgv71a119e.jp
;; IDN support is not available
^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
xn--wgv71a119e.jp. 275 IN A 117.104.133.183
```
2b. configure **with** "--with-libidn2" and make binary
```
# curl -O https://downloads.isc.org/isc/bind9/9.19.21/bind-9.19.21.tar.xz
# tar xf bind-9.19.21.tar.xz
# cd bind-9.19.21
# ./configure --with-libidn2 | tee configure.log
^^^^^^^^^^^^^^
# grep idn configure.log
checking for libidn2... yes
# make
```
3b. check dig suppports +idn or not
```
# ./bin/dig/dig -h | grep idn
+[no]idn (convert international domain names)
# ./bin/dig/dig +noall +ans +idn xn--wgv71a119e.jp
日本語.jp. 300 IN A 117.104.133.183
^^^^^^^^^^
```
### What is the current *bug* behavior?
configure DOES NOT find libidn2 library header automatically
### What is the expected *correct* behavior?
configure find libidn2 library header automatically
in the other words,
dig supports +idn option without explicitly configure option when libidn2 library header is installed
### Relevant configuration files
no config files
### Relevant logs
no logs or see Steps to reproducehttps://gitlab.isc.org/isc-projects/kea/-/issues/3280Fix doxygen errors2024-03-12T16:00:39ZThomas MarkwalderFix doxygen errorsThere are a slew of doxygen errors that should be fixed. I attached an error report[doxygen-error.log](/uploads/cba7a4ce50a93cad07e9477202585ee5/doxygen-error.log)There are a slew of doxygen errors that should be fixed. I attached an error report[doxygen-error.log](/uploads/cba7a4ce50a93cad07e9477202585ee5/doxygen-error.log)kea2.5.7Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3278Perfmon-Hook-Task-4 Implement PerfMonMgr Basics - start up, configuration2024-03-26T19:39:49ZThomas MarkwalderPerfmon-Hook-Task-4 Implement PerfMonMgr Basics - start up, configurationComplete Hook Task 4: Implement PerfMonMgr Basics - start up, configuration.
This creates the initial PerfMonMgr class with stub functions. It should be able to parse configuration but not yet provide data processing.
See https://gitla...Complete Hook Task 4: Implement PerfMonMgr Basics - start up, configuration.
This creates the initial PerfMonMgr class with stub functions. It should be able to parse configuration but not yet provide data processing.
See https://gitlab.isc.org/isc-projects/kea/-/wikis/Designs/performance-monitor#perfmon-hook-taskskea2.5.8Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4614Fix memory consumption in qp (Follow-up from "create QPDB zone database")2024-03-14T18:06:55ZMatthijs Mekkingmatthijs@isc.orgFix memory consumption in qp (Follow-up from "create QPDB zone database")The following discussion from !8543 should be addressed:
- [x] @pspacek started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8543#note_438118): (+1 comment)
> I gave it a quick look and sanity check - ...The following discussion from !8543 should be addressed:
- [x] @pspacek started a [discussion](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8543#note_438118): (+1 comment)
> I gave it a quick look and sanity check - loaded `net.` TLD into this version (configured as secondary - [named.conf](/uploads/d55553c50824d4c519123d18d743225f/named.conf)).
>
> Here's a quick summary:
>
> | metric | main | qpdb-heavy | 4411-qpdb-lite |
> |---------------------------------------------|---------|------------|----------------|
> | zone load time | 4:20 | 1:30 | 1:38 |
> | memory RSS | 6.2 GiB | 12.8 GiB | 12.8 GiB |
> | repeated bla.net. A query [QPS] | 155 k | 160 k | 152 k |
> | repeated bla.net. A query [CPU utilization] | 400 % | 300 % | 320 % |
> | random delegations [QPS] | 150 k | 150 k | 148 k |
> | random delegations [CPU utilization] | 470 % | 370 % | 410 % |
>
> TL;DR smaller CPU usage while doubling amount of memory.
>
> Statistics channel output after just loading the zone (no queries yet):
> - [main.json](/uploads/b0e43a7f25acb60fad379fee27577f06/main.json)
> - [heavy.json](/uploads/42baadb5c3dba87142ef36552c71d725/heavy.json)
> - [lite.json](/uploads/7bc0516d2565aba18692cc9bf0bd50b1/lite.json)May 2024 (9.18.27, 9.18.27-S1, 9.19.24)https://gitlab.isc.org/isc-projects/bind9/-/issues/4613Release Checklist for BIND 9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.222024-03-27T21:12:56ZPetr Špačekpspacek@isc.orgRelease Checklist for BIND 9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.22## Release Schedule
**Code Freeze:** Wednesday, 6 March 2024
**Tagging Deadline:** Monday, 11 March 2024
**Public Release:** Wednesday, 20 March 2024
## Warning
This release uses non-standard process. It is based on February releas...## Release Schedule
**Code Freeze:** Wednesday, 6 March 2024
**Tagging Deadline:** Monday, 11 March 2024
**Public Release:** Wednesday, 20 March 2024
## Warning
This release uses non-standard process. It is based on February releases (9.16.48, 9.18.24, 9.19.21) and adds cherry-picked MRs on top.
## Documentation Review Links
**Closed issues assigned to the milestone without a release note:**
- [9.16.49](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.16)
- [9.16.49-S1](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.16-S)
- [9.18.25](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.18)
- [9.18.25-S1](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.18-S)
- [9.19.22](https://gitlab.isc.org/isc-projects/bind9/-/issues?scope=all&sort=created_asc&state=closed&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes¬%5Blabel_name%5D%5B%5D=Duplicate&label_name%5B%5D=v9.19)
**Merge requests merged into the milestone without a release note:**
- [9.16.49](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.16)
- [9.16.49-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.16-sub)
- [9.18.25](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.18)
- [9.18.25-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=bind-9.18-sub)
- [9.19.22](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29¬%5Blabel_name%5D%5B%5D=Release+Notes&target_branch=main)
**Merge requests merged into the milestone without a `CHANGES` entry:**
- [9.16.49](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.16)
- [9.16.49-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.16-sub)
- [9.18.25](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.18)
- [9.18.25-S1](https://gitlab.isc.org/isc-private/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29&label_name%5B%5D=No+CHANGES&target_branch=bind-9.18-sub)
- [9.19.22](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests?scope=all&sort=merged_at&state=merged&milestone_title=March+2024+%289.16.49%2C+9.16.49-S1%2C+9.18.25%2C+9.18.25-S1%2C+9.19.22%29&label_name%5B%5D=No+CHANGES&target_branch=main)
## Release Checklist
### Before the Code Freeze
- [x] ***(QA)*** Rebase -S editions on top of current open-source versions: `git checkout bind-9.18-sub && git rebase origin/bind-9.18`
- [x] ***(QA)*** [Inform](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/inform_supp_marketing.py) Support and Marketing of impending release (and give estimated release dates).
- [x] ***(QA)*** Ensure there are no permanent test failures on any platform. Check [public](https://gitlab.isc.org/isc-projects/bind9/-/pipelines?scope=all&source=schedule) and [private](https://gitlab.isc.org/isc-private/bind9/-/pipelines?scope=all&source=schedule) scheduled pipelines.
- [x] ***(QA)*** Check charts from `shotgun:*` jobs in the scheduled pipelines to verify there is no unexplained performance drop for any protocol.
- [x] ***(QA)*** Check [Perflab](https://perflab.isc.org/) to ensure there has been no unexplained drop in performance for the versions being released.
- [x] ***(QA)*** Check whether all issues assigned to the release milestone are resolved[^1].
- [x] ***(QA)*** Ensure that there are no outstanding [merge requests in the private repository](https://gitlab.isc.org/isc-private/bind9/-/merge_requests/)[^1] (Subscription Edition only).
- [x] ***(QA)*** [Ensure](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/check_backports.py) all merge requests marked for backporting have been indeed backported.
- [x] ***(QA)*** ~~[Announce](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/inform_code_freeze.py) (on Mattermost) that the code freeze is in effect.~~
### Before the Tagging Deadline
- [x] ***(QA)*** Inspect the current output of the `cross-version-config-tests` job to verify that no unexpected backward-incompatible change was introduced in the current release cycle.
- [x] ***(QA)*** Ensure release notes are correct, ask Support and Marketing to check them as well. [Example](https://gitlab.isc.org/isc-private/bind9/-/merge_requests/510)
- [x] ***(QA)*** Add a release marker to `CHANGES`. Examples: [9.18](https://gitlab.isc.org/isc-projects/bind9/-/commit/f14d8ad78c0506fd4247187f2177f8eceeb6b3b9), [9.16](https://gitlab.isc.org/isc-projects/bind9/-/commit/1bcdf21874f99a00da389d723e0ad07dfd70f9f1)
- [x] ***(QA)*** Add a release marker to `CHANGES.SE` (Subscription Edition only). [Example](https://gitlab.isc.org/isc-private/bind9/-/commit/0f03d5737bcbdaa1bf713c6db1887b14938c3421)
- [x] ***(QA)*** Update BIND 9 version in `configure.ac` ([9.18+](https://gitlab.isc.org/isc-projects/bind9/-/commit/3c85ab7f4c35e6d8acef1393606002a0a8730100)) or `version` ([9.16](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7692/diffs?commit_id=1bcdf21874f99a00da389d723e0ad07dfd70f9f1)).
- [x] ***(QA)*** Rebuild `configure` using Autoconf on `docs.isc.org` (9.16).
- [x] ***(QA)*** ~~Update GitLab settings for all maintained branches to disallow merging to them: [public](https://gitlab.isc.org/isc-projects/bind9/-/settings/repository), [private](https://gitlab.isc.org/isc-private/bind9/-/settings/repository)~~
- [x] ***(QA)*** Tag the releases in the private repository (`git tag -s -m "BIND 9.x.y" v9.x.y`).
### Before the ASN Deadline (for ASN Releases) or the Public Release Date (for Regular Releases)
- [x] ***(QA)*** Check that the formatting is correct for the HTML version of release notes.
- [x] ***(QA)*** Check that the formatting of the generated man pages is correct.
- [x] ***(QA)*** Verify GitLab CI results [for the tags](https://gitlab.isc.org/isc-private/bind9/-/pipelines?scope=tags) created and sign off on the releases to be published.
- [x] ***(QA)*** ~~Update GitLab settings for all maintained branches to allow merging to them again: [public](https://gitlab.isc.org/isc-projects/bind9/-/settings/repository), [private](https://gitlab.isc.org/isc-private/bind9/-/settings/repository)~~
- [x] ***(QA)*** Prepare (using [`version_bump.py`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/version_bump.py)) and merge MRs resetting the release notes and updating the version string for [each](!8856) [maintained](!8857) [branch](!8858).
- [x] ***(QA)*** Rebase the Subscription Edition branches (including recent release prep commits) on top of the open source branches with updated version strings.
- [x] ***(QA)*** [Announce (on Mattermost) that the code freeze is over.](https://mattermost.isc.org/isc/pl/8chqbcam7igq5nu8ryxtrjfq4r)
- [x] ***(QA)*** [Request signatures for the tarballs, providing their location and checksums. Ask signers on Mattermost.](https://mattermost.isc.org/isc/pl/ku6mfsqaktrq3ryz4iuth8183c)
- [x] ***(Signers)*** Ensure that the contents of tarballs and tags are identical.
- [x] ***(Signers)*** Validate tarball checksums, sign tarballs, and upload signatures.
- [x] ***(QA)*** Verify tarball signatures and check tarball checksums again: Run `publish_bind.sh` on repo.isc.org to pre-publish.
- [x] ***(QA)*** ~~Prepare the `patches/` subdirectory for each security release (if applicable).~~
- [x] ***(QA)*** Pre-publish ASN and/or Subscription Edition tarballs so that packages can be built.
- [x] ***(QA)*** Build and test ASN and/or Subscription Edition packages (in [cloudsmith branch in private repo](https://gitlab.isc.org/isc-private/rpms/bind/-/tree/cloudsmith)). [Example](https://gitlab.isc.org/isc-private/rpms/bind/-/commit/e2512f4cfaf991827a635e374e7e93b27a5f38ba)
- [x] ***(Marketing)*** ~~Prepare and send out ASN emails (as outlined in the CVE checklist; if applicable).~~
### On the Day of Public Release
- [x] ***(QA)*** ~~Wait for clearance from Security Officer to proceed with the public release (if applicable).~~
- [x] ***(QA)*** Place tarballs in public location on FTP site.
- [x] ***(QA)*** Inform Marketing of the release, providing FTP links for the published tarballs.
- [x] ***(QA)*** [Use the Printing Press project to prepare a release announcement email.](isc-private/printing-press!103)
- [x] ***(Marketing)*** Publish links to downloads on ISC website. [Example](https://gitlab.isc.org/website/theme-staging-site/-/commit/1ac7b30b73cb03228df4cd5651fa4e774ac35625)
- [x] ***(Marketing)*** Update the BIND -S information document in SF with download links to the new versions. (If this is a security release, this will have already been done as part of the ASN process.)
- [x] ***(Marketing)*** Update the Current Software Versions document in the SF portal if any stable versions were released.
- [x] ***(Marketing)*** Send the release announcement email to the *bind-announce* mailing list (and to *bind-users* if a major release - [example](https://lists.isc.org/pipermail/bind-users/2022-January/105624.html)).
- [x] ***(Marketing)*** Announce release on social media sites.
- [x] ***(Marketing)*** Update [Wikipedia entry for BIND](https://en.wikipedia.org/wiki/BIND).
- [x] ***(Support)*** Add the new releases to the [vulnerability matrix in the Knowledge Base](https://kb.isc.org/docs/aa-00913).
- [x] ***(Support)*** Update tickets in case of waiting support customers.
- [x] ***(QA)*** Build and test any outstanding private packages in [private repo](https://gitlab.isc.org/isc-private/rpms/bind/-/tree/cloudsmith). [Example](https://gitlab.isc.org/isc-private/rpms/bind/-/commit/2007d566db81dd9dfd79e571e2f600a3bc284da4)
- [x] ***(QA)*** Build [public RPMs](https://gitlab.isc.org/isc-packages/rpms/bind). [Example commit](https://gitlab.isc.org/isc-packages/rpms/bind/-/commit/3b5e851ea7c4e3570371a4878b5461f02a44f8cc) which triggers [Copr builds](https://copr.fedorainfracloud.org/coprs/isc/) automatically
- [x] ***(SwEng)*** Build Debian/Ubuntu packages.
- [x] ***(SwEng)*** Update Docker files [here](https://gitlab.isc.org/isc-projects/bind9-docker/-/branches) and make sure push is synchronized to [GitHub](https://github.com/isc-projects/bind9-docker). [Docker Hub](https://hub.docker.com/r/internetsystemsconsortium/bind9) should pick it up automatically. [Example](https://gitlab.isc.org/isc-projects/bind9-docker/-/commit/cada7e10e9af951595c98bfffc4bd42512faac05)
- [x] ***(QA)*** Ensure all new tags are annotated and signed. `git show --show-signature v9.19.12`
- [x] ***(QA)*** Push tags for the published releases to the public repository.
- [x] ***(QA)*** Using [`merge_tag.py`](https://gitlab.isc.org/isc-private/bind-qa/-/blob/master/bind9/releng/merge_tag.py), merge published release tags back into the their relevant development/maintenance branches.
- [x] ***(QA)*** ~~Ensure `allow_failure: true` is removed from the `cross-version-config-tests` job if it was set during the current release cycle.~~
- [x] ***(QA)*** Sanitize confidential issues which are assigned to the current release milestone and do not describe a security vulnerability, then make them public.
- [x] ***(QA)*** Sanitize [confidential issues](https://gitlab.isc.org/isc-projects/bind9/-/issues/?sort=milestone_due_desc&state=opened&confidential=yes) which are assigned to older release milestones and describe security vulnerabilities, then make them public if appropriate[^2].
- [x] ***(QA)*** [Update QA tools used in GitLab CI (e.g. Black, PyLint, Sphinx) by modifying the relevant `Dockerfile`.](isc-projects/images!305)
- [x] ***(QA)*** [Run a pipeline to rebuild all images used in GitLab CI.](https://gitlab.isc.org/isc-projects/images/-/pipelines/168133)
- [x] ***(QA)*** [Update `metadata.json` with the upcoming release information.](isc-private/bind-qa!96)
[^1]: If not, use the time remaining until the tagging deadline to ensure all outstanding issues are either resolved or moved to a different milestone.
[^2]: As a rule of thumb, security vulnerabilities which have reproducers merged to the public repository are considered okay for full disclosure.March 2024 (9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.22)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4612resolver crashes on 10-0-0-38.abcdefghijklmnopqrstuvwxyz012345.plex.direct DS...2024-03-06T00:16:14ZPetr Špačekpspacek@isc.orgresolver crashes on 10-0-0-38.abcdefghijklmnopqrstuvwxyz012345.plex.direct DS query### Summary
Processing query `10-0-0-38.abcdefghijklmnopqrstuvwxyz012345.plex.direct DS` causes the resolver to crash.
### BIND version affected
* ~"Affects v9.19": 88c56e25a1e6c0c994f38a5db4c6b6f677ec633a
It seems it does NOT affect ...### Summary
Processing query `10-0-0-38.abcdefghijklmnopqrstuvwxyz012345.plex.direct DS` causes the resolver to crash.
### BIND version affected
* ~"Affects v9.19": 88c56e25a1e6c0c994f38a5db4c6b6f677ec633a
It seems it does NOT affect stable branches.
### Steps to reproduce
1. `named -g -c /dev/null`
2. `dig @127.0.0.1 10-0-0-38.abcdefghijklmnopqrstuvwxyz012345.plex.direct DS`
3. :boom:
### What is the current *bug* behavior?
```
28-Feb-2024 14:35:04.363 chase DS servers resolving '10-0-0-38.abcdefghijklmnopqrstuvwxyz012345.plex.direct/DS/IN': 18.202.136.15#53
28-Feb-2024 14:35:04.466 resolver.c:10427: REQUIRE(!dns_rdataset_isassociated(rdataset)) failed
```
### What is the expected *correct* behavior?
No crash.
### Relevant logs
- [Debug -d 99 log](/uploads/7aeca53fc41d38c9c9cbfa8dac8b3475/log)March 2024 (9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.22)https://gitlab.isc.org/isc-projects/bind9/-/issues/4611Stub zones return unexpected NS records2024-03-06T00:14:18ZPeter DaviesStub zones return unexpected NS records### Summary
BIND server B with a static-stub zone configured with a server address of BIND
server A, a secondary for that zone, may return unexpected NS records.
### BIND version affected
```
I tested with BIND 9.19.21, but I belie...### Summary
BIND server B with a static-stub zone configured with a server address of BIND
server A, a secondary for that zone, may return unexpected NS records.
### BIND version affected
```
I tested with BIND 9.19.21, but I believe this behaviour probably goes back to BIND 9.11.x
named -V
BIND 9.19.21 (Development Release) <id:c030a67>
running on Linux x86_64 6.2.15-100.fc36.x86_64 #1 SMP PREEMPT_DYNAMIC Thu May 11 16:51:53 UTC 2023
built by make with '--enable-fixed-rrset' '--enable-dnstap' '--enable-querytrace=yes' '--with-openssl' '--with-libxml2' '--with-json-c' '--enable-full-report' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig/'
compiled by GCC 12.3.1 20230508 (Red Hat 12.3.1-1)
compiled with OpenSSL version: OpenSSL 3.0.9 30 May 2023
linked to OpenSSL version: OpenSSL 3.0.9 30 May 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.46.0
compiled with liburcu version: 0.15.0-pre
compiled with jemalloc version: 5.2.1
compiled with libnghttp2 version: 1.51.0
linked to libnghttp2 version: 1.51.0
compiled with libxml2 version: 2.10.3
linked to libxml2 version: 21004
compiled with json-c version: 0.15
linked to json-c version: 0.17
compiled with zlib version: 1.2.12
linked to zlib version: 1.2.12
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /usr/local/etc/named.conf
rndc configuration: /usr/local/etc/rndc.conf
nsupdate session key: /usr/local/var/run/named/session.key
named PID file: /usr/local/var/run/named/named.pid
```
### Steps to reproduce
1) set up servers A and B with the configurations below.
2) Query Server B repeatedly for an RR from the static-stub zone:
```
While true do dig hgw.ddi.com @127.0.0.1
; <<>> DiG 9.19.21 <<>> hgw.ddi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 27748
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 23cb1ccef98f3bf00100000065df1c8b908417789e893016 (good)
;; QUESTION SECTION:
;hgw.ddi.com. IN A
;; ANSWER SECTION:
hgw.ddi.com. 300 IN A 10.0.0.1
;; AUTHORITY SECTION:
ddi.com. 260 IN NS bialistock.ddi.com.
ddi.com. 260 IN NS haparanda.ddi.com.
;; ADDITIONAL SECTION:
haparanda.ddi.com. 300 IN A 10.0.0.237
bialistock.ddi.com. 300 IN A 10.0.0.49
;; Query time: 3 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 28 11:44:11 UTC 2024
;; MSG SIZE rcvd: 165
```
### What is the current *bug* behavior?
When the NS records in the authority section expire, Server B add the server-names
from its static-stub configuration as NS records plus a NS record in the name of
the domain itself
```
...
; <<>> DiG 9.19.21 <<>> hgw.ddi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 50265
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 3
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 88424ea83ed9b09d0100000065df1d8b76b871a0c1e4d1e7 (good)
;; QUESTION SECTION:
;hgw.ddi.com. IN A
;; ANSWER SECTION:
hgw.ddi.com. 44 IN A 10.0.0.1
;; AUTHORITY SECTION:
ddi.com. 4 IN NS bialistock.ddi.com.
ddi.com. 4 IN NS haparanda.ddi.com.
;; ADDITIONAL SECTION:
haparanda.ddi.com. 44 IN A 10.0.0.237
bialistock.ddi.com. 44 IN A 10.0.0.49
;; Query time: 0 msec
;; SERVER: 127.0.0.1#53(127.0.0.1) (UDP)
;; WHEN: Wed Feb 28 11:48:27 UTC 2024
;; MSG SIZE rcvd: 165
; <<>> DiG 9.19.21 <<>> hgw.ddi.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 39703
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 3, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 329a1ed8e54b28d30100000065df1d90545987c64fe602f2 (good)
;; QUESTION SECTION:
;hgw.ddi.com. IN A
;; ANSWER SECTION:
hgw.ddi.com. 39 IN A 10.0.0.1
;; AUTHORITY SECTION:
ddi.com. 86400 IN NS StaticStubZoneNS-1.org.
ddi.com. 86400 IN NS ddi.com.
ddi.com. 86400 IN NS StaticStubZoneNS-2.org.
```
### What is the expected *correct* behavior?
I expect to see the NS records from the domain or none at all.
### Relevant configuration files
Server A config:
```
options {
directory "/home/named";
pid-file "named.pid";
listen-on-v6 { none; };
dnssec-validation auto;
recursion yes;
allow-recursion { any; };
};
zone "ddi.com" IN {
type secondary;
primaries { 10.0.0.4;};
file "s/db.ddi.com";
allow-transfer {any;};
notify false;
};
```
Server B config:
```
options {
directory "/home/named";
pid-file "named.pid";
listen-on-v6 { none; };
dnssec-validation no;
minimal-responses no;
recursion yes;
max-cache-size 90%;
allow-recursion { any; };
};
zone "ddi.com" IN {
type static-stub;
server-addresses {
10.0.0.182;
};
server-names {
"StaticStubZoneNS-1.org";
"StaticStubZoneNS-2.org";
};
};
```
Zone file:
```
ddi.com. 86400 IN SOA haparanda.ddi.com. support.ddi.com. 2024021733 1800 900 604800 86400
ddi.com. 260 IN NS haparanda.ddi.com.
ddi.com. 260 IN NS bialistock.ddi.com.
alice-laptop.ddi.com. 600 IN A 10.0.0.149
bag-local-lyset.ddi.com. 300 IN A 10.0.0.15
bialistock.ddi.com. 300 IN A 10.0.0.49
haparanda.ddi.com. 300 IN A 10.0.0.237
hgw.ddi.com. 300 IN A 10.0.0.1
...
```
### Relevant logs
Server B has no IPV6 connectivity the following was logged at startup:
```
Feb 28 11:44:11 bialistock named[235198]: network unreachable resolving 'StaticStubZoneNS-1.org/AAAA/IN': 2001:500:c::1#53
Feb 28 11:44:11 bialistock named[235198]: network unreachable resolving 'StaticStubZoneNS-2.org/A/IN': 2001:500:c::1#53
```
[SF00001680](https://isc.lightning.force.com/lightning/r/Case/500S60000054BVSIA2/view)https://gitlab.isc.org/isc-projects/bind9/-/issues/4608Ensure static stub NS records are not returned2024-03-14T04:33:38ZMark AndrewsEnsure static stub NS records are not returnedstatic-stub synthesises NS record which shouldn't be returned to clients. Normally the NS records from the actual zone will be returned but not always.
- Setup a static-stub for "com" and disable minimal responses.
- query for foo.com ...static-stub synthesises NS record which shouldn't be returned to clients. Normally the NS records from the actual zone will be returned but not always.
- Setup a static-stub for "com" and disable minimal responses.
- query for foo.com NS (TTL is 600)
- wait 120 seconds
- query for foo.com A (TTL is 600)
- wait 500 seconds
- query for foo.com A
```
; <<>> DiG 9.19.20-dev <<>> foo.com -p 5555
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18858
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 1, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: dddb220761d487fa0100000065dec10ee6a221e99d9baa11 (good)
;; QUESTION SECTION:
;foo.com. IN A
;; ANSWER SECTION:
foo.com. 100 IN A 34.206.39.153
;; AUTHORITY SECTION:
com. 86400 IN NS com.
;; Query time: 2 msec
;; SERVER: ::1#5555(::1) (UDP)
;; WHEN: Wed Feb 28 16:13:50 AEDT 2024
;; MSG SIZE rcvd: 94
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)https://gitlab.isc.org/isc-projects/kea/-/issues/3271Bump up version in configure.ac2024-02-28T15:40:24ZAndrei Pavelandrei@isc.orgBump up version in configure.acBump up version in configure.ac.Bump up version in configure.ac.kea2.5.7Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/kea/-/issues/3270Perfmon UT MonitoredDuration.addSampleAndClear fails on MacOS2024-03-05T12:09:30ZThomas MarkwalderPerfmon UT MonitoredDuration.addSampleAndClear fails on MacOSAs @fdupont cited during 2.5.6 sanity checks, the UT fails on MacOS, see comment:
https://gitlab.isc.org/isc-projects/kea/-/issues/3265#note_440479
The test is too timing sensitive.As @fdupont cited during 2.5.6 sanity checks, the UT fails on MacOS, see comment:
https://gitlab.isc.org/isc-projects/kea/-/issues/3265#note_440479
The test is too timing sensitive.kea2.5.7Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/kea/-/issues/3267some option headers are missing in libkea dhcp include HEADERS2024-03-21T16:16:53ZPiotrek Zadrogasome option headers are missing in libkea dhcp include HEADERSSome options' headers are missing in `libkea_dhcp___include_HEADERS` in `src/lib/dhcp/Makefile.am`.
This results in those header missing in `isc-kea-dev` packages or under `include/kea/dhcp` path when kea built and installed from tarbal...Some options' headers are missing in `libkea_dhcp___include_HEADERS` in `src/lib/dhcp/Makefile.am`.
This results in those header missing in `isc-kea-dev` packages or under `include/kea/dhcp` path when kea built and installed from tarballs/sources.
Maybe this could be checked as part of release process?kea2.5.7Piotrek ZadrogaPiotrek Zadrogahttps://gitlab.isc.org/isc-projects/bind9/-/issues/4605re-enable enginepkcs11 system test2024-03-21T16:36:27ZTom Krizekre-enable enginepkcs11 system testThe `enginepkcs11` test was accidentally disabled by a wrong `prereq.sh` condition in https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5924/diffs?commit_id=2e9fd6d0c11d0648589da5779baeefb5b98e855e#8b557d8387b0ad5e06dad7a7c2c6f6...The `enginepkcs11` test was accidentally disabled by a wrong `prereq.sh` condition in https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5924/diffs?commit_id=2e9fd6d0c11d0648589da5779baeefb5b98e855e#8b557d8387b0ad5e06dad7a7c2c6f6521febff5e_16_16.
Once [enabled](https://gitlab.isc.org/isc-projects/bind9/-/commit/f3d402d1aa2e359caa741ce2b4742795a4a37224), the test has a couple of [failures](https://gitlab.isc.org/isc-projects/bind9/-/jobs/4068956) that need to be addressed:
```
2024-02-26 17:25:39 INFO:enginepkcs11.test_enginepkcs11 I:Test SOA is signed for ecdsap256sha256.same-policy.views in view1 (65)
2024-02-26 17:25:42 INFO:enginepkcs11.test_enginepkcs11 I:failed (SOA RRset not signed)
2024-02-26 17:25:42 INFO:enginepkcs11.test_enginepkcs11 I:Test DNSKEY is signed for ecdsap256sha256.same-policy.views in view1 (66)
2024-02-26 17:25:45 INFO:enginepkcs11.test_enginepkcs11 I:failed (DNSKEY RRset not signed)
```April 2024 (9.16.50, 9.16.50-S1, 9.18.26, 9.18.26-S1, 9.19.23)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/4604Fix initial tests in masterfile system test2024-03-08T11:12:54ZMark AndrewsFix initial tests in masterfile system testAll three of the initial tests should have a known good output to test against.
The BIND 8 tests should be testing against ttl1.
There should be independent failure reporting for the first three tests.All three of the initial tests should have a known good output to test against.
The BIND 8 tests should be testing against ttl1.
There should be independent failure reporting for the first three tests.March 2024 (9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.22)https://gitlab.isc.org/isc-projects/kea/-/issues/3266status-get command must return an HA relationship identifier2024-03-22T13:17:40ZMarcin Siodelskistatus-get command must return an HA relationship identifierWe now support the hub-and-spoke setup with multiple relationships in one server. The HA state can be retrieved using the `status-get` command. The problem is, though, that the `status-get` result lacks an association between returned lo...We now support the hub-and-spoke setup with multiple relationships in one server. The HA state can be retrieved using the `status-get` command. The problem is, though, that the `status-get` result lacks an association between returned local/remote entries and the configured relationships. It makes it nearly impossible to match the returned statuses with the relationships we maintain in the Stork database. The status-get response must return identifiers of the HA relationships to enable this matching.kea2.5.7Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/3265Sanity checks for Kea 2.5.6 rcrc22024-02-29T13:29:26ZAndrei Pavelandrei@isc.orgSanity checks for Kea 2.5.6 rcrc2We are now at step SANITY CHECKS of Kea 2.5.6 rc2.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-co...We are now at step SANITY CHECKS of Kea 2.5.6 rc2.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks) and according to your imagination.
Before starting, please state what you are checking in a thread/discussion (not as comment).
When you finish a check, state in the same thread/discussion what the result is.
This way we know what is covered upfront and we can avoid repeating ourselves.
#### Tarballs on repo.isc.org
* `/data/shared/sweng/kea/releases/2.5.6-rc2`
* `/data/shared/sweng/kea/releases/premium-2.5.6-rc2`
* `/data/shared/sweng/kea/releases/subscription-2.5.6-rc2`
* `/data/shared/sweng/kea/releases/enterprise-2.5.6-rc2`
```
SHA256 (kea-2.5.6.tar.gz) = 4584578fbd17728d7cc30b4c06661561bcb59553a537a6ff0a0557ed43cf4012
SHA256 (kea-enterprise-2.5.6.tar.gz) = 97218dcda2e321c1d116a746e885d47e55ef1f3ba8a5e8563a9a935b544cd666
SHA256 (kea-premium-2.5.6.tar.gz) = e0a0b396a73f23f8eae0be596eeca49db090116d88ed0f45c99e27edd45514f2
SHA256 (kea-subscription-2.5.6.tar.gz) = e955d720f83926637d2842c6a5fed403ad272be458f3bb117679ea93fd98c705
```
#### Packages on packages.aws.isc.org
* [APK: 2.5.6-r20240226130228](https://packages.aws.isc.org/#browse/search/raw=format%3Draw%20AND%20name.raw%3D*r20240226130228.apk)
* [deb: 2.5.6-isc20240226130228](https://packages.aws.isc.org/#browse/search/apt=format%3Dapt%20AND%20version%3D2.5.6-isc20240226130228)
* [RPM: 2.5.6-isc20240226130228.\[os\]](https://packages.aws.isc.org/#browse/search/yum=format%3Dyum%20AND%20version%3D2.5.6-isc20240226130228*)
You can find the name for all the packages attached as build artifacts in the pkg job: https://jenkins.aws.isc.org/job/kea-dev/job/pkg/1433/
Instructions for installing packages are at point 9 of [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks).kea2.5.62024-02-27https://gitlab.isc.org/isc-projects/kea/-/issues/3264Sanity checks for Kea 2.5.6 rcrc12024-02-26T13:00:06ZAndrei Pavelandrei@isc.orgSanity checks for Kea 2.5.6 rcrc1We are now at step SANITY CHECKS of Kea 2.5.6 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-co...We are now at step SANITY CHECKS of Kea 2.5.6 rc1.
Please verify the tarballs and packages according to [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks) and according to your imagination.
Before starting, please state what you are checking in a thread/discussion (not as comment).
When you finish a check, state in the same thread/discussion what the result is.
This way we know what is covered upfront and we can avoid repeating ourselves.
#### Tarballs on repo.isc.org
* `/data/shared/sweng/kea/releases/2.5.6-rc1`
* `/data/shared/sweng/kea/releases/premium-2.5.6-rc1`
* `/data/shared/sweng/kea/releases/subscription-2.5.6-rc1`
* `/data/shared/sweng/kea/releases/enterprise-2.5.6-rc1`
```
SHA256 (kea-2.5.6.tar.gz) = d493dde621cbce84a2ceeb260a38d26b6941da1f29c3663dfca537bb8b7d778c
SHA256 (kea-enterprise-2.5.6.tar.gz) = 1d30d01e487a964418615f025878d88ed456fc8908fc63d183774a915277ca48
SHA256 (kea-premium-2.5.6.tar.gz) = fea91ac9ae681c34e9c2b387cac4ae482fa099bda683d9f4d87263d834e4d298
SHA256 (kea-subscription-2.5.6.tar.gz) = 9ac63b2d643a1edde87bd4a2772045101052aca31cbccd8896b5c09bfa760ab6
```
#### Packages on packages.aws.isc.org
* [APK: 2.5.6-r20240226100934](https://packages.aws.isc.org/#browse/search/raw=format%3Draw%20AND%20name.raw%3D*r20240226100934.apk)
* [deb: 2.5.6-isc20240226100934](https://packages.aws.isc.org/#browse/search/apt=format%3Dapt%20AND%20version%3D2.5.6-isc20240226100934)
* [RPM: 2.5.6-isc20240226100934.\[os\]](https://packages.aws.isc.org/#browse/search/yum=format%3Dyum%20AND%20version%3D2.5.6-isc20240226100934*)
You can find the name for all the packages attached as build artifacts in the pkg job: https://jenkins.aws.isc.org/job/kea-dev/job/pkg/1432/
Instructions for installing packages are at point 9 of [chapter `4. Sanity Checks` of the release procedure](https://gitlab.isc.org/isc-private/qa-dhcp/-/wikis/Kea/Release-Process#user-content-4-sanity-checks).kea2.5.62024-02-27https://gitlab.isc.org/isc-projects/kea/-/issues/3263Changes for Kea 2.5.6 release2024-02-26T12:47:32ZAndrei Pavelandrei@isc.orgChanges for Kea 2.5.6 release
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright years
- [x] added release entry to ChangeLogs
- [x] regenerated BNF grammar
- [x] regenerated message headers
- [x] regenerated parsers
- [x] reordered messages in alphabetical order
- [x] updated copyright yearskea2.5.62024-02-28https://gitlab.isc.org/isc-projects/kea/-/issues/3262add RADIUS thread pool and make the RADIUS library MT-compatible2024-03-21T11:52:04ZAndrei Pavelandrei@isc.orgadd RADIUS thread pool and make the RADIUS library MT-compatibleRADIUS access is now asynchronous, but it is still single-threaded. To truly benefit from multi-threading, it needs its own thread pool.
There might also be some MT-specific races and bugs that need to be fixed. TBDRADIUS access is now asynchronous, but it is still single-threaded. To truly benefit from multi-threading, it needs its own thread pool.
There might also be some MT-specific races and bugs that need to be fixed. TBDkea2.5.7Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/4600autosign system test hung in cross-version-config-tests CI job2024-03-08T11:25:56ZMichal Nowakautosign system test hung in cross-version-config-tests CI jobJob [#4058605](https://gitlab.isc.org/isc-projects/bind9/-/jobs/4058605) failed for e5a98f14bf3203cf803fcc6bd9f3ff03a2b4a8f7 (CI artifacts were saved).
The `autosign` system test hung for 5 minutes on shutdown in [the `cross-version-con...Job [#4058605](https://gitlab.isc.org/isc-projects/bind9/-/jobs/4058605) failed for e5a98f14bf3203cf803fcc6bd9f3ff03a2b4a8f7 (CI artifacts were saved).
The `autosign` system test hung for 5 minutes on shutdown in [the `cross-version-config-tests` CI job](https://gitlab.isc.org/isc-projects/bind9/-/jobs/4058605). I see this for the second time in two days, and I think this is something new and will persist.
This CI job is unique compared to other system test CI jobs: it just starts and stops BIND servers to check that `named.conf` breakages introduced since the previous point release are not present. We had a problem in this scenario before: https://gitlab.isc.org/isc-projects/bind9/-/issues/4213.
```
23-Feb-2024 00:10:42.106 adjust_quantum: old=100, new=137
23-Feb-2024 00:10:42.106 calling free_rbtdb(.)
23-Feb-2024 00:10:42.106 done free_rbtdb(.)
23-Feb-2024 00:10:42.106 done free_rbtdb(oldsigs.example)
23-Feb-2024 00:10:42.106 done free_rbtdb(jitter.nsec3.example)
```
```
2024-02-23 00:18:18 INFO:autosign D:Core was generated by `/builds/isc-projects/bind9/bin/named/.libs/named -D autosign_tmp_7ktl_4p5-ns3 -'.
2024-02-23 00:18:18 INFO:autosign D:Program terminated with signal SIGABRT, Aborted.
2024-02-23 00:18:18 INFO:autosign D:#0 0x00007f5df3ae9b9e in __GI_epoll_pwait (epfd=4, events=0x7ffe9b1a8be0, maxevents=1024, timeout=-1, set=0x0) at ../sysdeps/unix/sysv/linux/epoll_pwait.c:40
2024-02-23 00:18:18 INFO:autosign D:Download failed: Invalid argument. Continuing without source file ./misc/../sysdeps/unix/sysv/linux/epoll_pwait.c.
2024-02-23 00:18:18 INFO:autosign D:[Current thread is 1 (Thread 0x7f5df1217500 (LWP 52959))]
2024-02-23 00:18:18 INFO:autosign D:#0 0x00007f5df3ae9b9e in __GI_epoll_pwait (epfd=4, events=0x7ffe9b1a8be0, maxevents=1024, timeout=-1, set=0x0) at ../sysdeps/unix/sysv/linux/epoll_pwait.c:40
2024-02-23 00:18:18 INFO:autosign D:#1 0x00007f5df3ece522 in uv__io_poll (loop=0x7f5df0e53020, timeout=-1) at /usr/src/libuv-v1.47.0/src/unix/linux.c:1430
2024-02-23 00:18:18 INFO:autosign D:#2 0x00007f5df3eb3e20 in uv_run (loop=0x7f5df0e53020, mode=UV_RUN_DEFAULT) at /usr/src/libuv-v1.47.0/src/unix/core.c:447
2024-02-23 00:18:18 INFO:autosign D:#3 0x00007f5df46b0324 in loop_thread (arg=arg@entry=0x7f5df0e53000) at loop.c:284
2024-02-23 00:18:18 INFO:autosign D:#4 0x00007f5df46c1af1 in thread_body (wrap=0x7f5df0ee7420) at thread.c:85
2024-02-23 00:18:18 INFO:autosign D:#5 0x00007f5df46c1b6a in isc_thread_main (func=func@entry=0x7f5df46b0299 <loop_thread>, arg=0x7f5df0e53000) at thread.c:116
2024-02-23 00:18:18 INFO:autosign D:#6 0x00007f5df46b12c4 in isc_loopmgr_run (loopmgr=0x7f5df0e20a80) at loop.c:456
2024-02-23 00:18:18 INFO:autosign D:#7 0x000055ad3d813480 in main (argc=<optimized out>, argv=<optimized out>) at main.c:1574
```
[core.52959-backtrace.txt](/uploads/3594340469e8638ccfe6192044d7174a/core.52959-backtrace.txt)
[named.run](/uploads/9ff12f3ada8161d465dd0498f6dd7722/named.run)March 2024 (9.16.49, 9.16.49-S1, 9.18.25, 9.18.25-S1, 9.19.22)