ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-11-27T11:53:16Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/3109Logging inconsistency between dhcp4.packets and dhcp6.packets2023-11-27T11:53:16ZDarren AnkneyLogging inconsistency between dhcp4.packets and dhcp6.packetsThis log for DHCPv4:
```
[kea-dhcp4.packets/2921701.140031672309504] DHCP4_QUERY_DATA [hwtype=1 00:00:00:ff:ff:ff], cid=[00:00:00:00:ff:ff:ff:ff:ff:ff:ff], tid=0x8eabb73f, packet details: local_address=1.2.3.4:67, remote_address=1.2.3.5:...This log for DHCPv4:
```
[kea-dhcp4.packets/2921701.140031672309504] DHCP4_QUERY_DATA [hwtype=1 00:00:00:ff:ff:ff], cid=[00:00:00:00:ff:ff:ff:ff:ff:ff:ff], tid=0x8eabb73f, packet details: local_address=1.2.3.4:67, remote_address=1.2.3.5:68, msg_type=DHCPREQUEST (3), transid=0x8eabb73f,
```
contains the msg_type while the DHCPv6 counterpart does not:
```
[kea-dhcp6.packets/3264085.139762203666176] DHCP6_QUERY_DATA duid=[00:00:00:00:ff:ff:ff:ff:ff:ff:ff], tid=0x5f541f, packet details: localAddr=[1:1:1:1::1]:0 remoteAddr=[2:2:2:2::2]:547
```
Similar inconsistency in these two log messages:
```
[kea-dhcp4.packets/2921701.140031535531776] DHCP4_RESPONSE_DATA [hwtype=1 00:00:00:ff:ff:ff], cid=[00:00:00:00:ff:ff:ff:ff:ff:ff:ff], tid=0xfe456e5f: responding with packet DHCPACK (type 5), packet details: local_address=1.2.3.4:67, remote_address=1.2.3.5:68, msg_type=DHCPACK (5), transid=0xfe456e5f,
```
and
```
[kea-dhcp6.packets/3264085.139762070353664] DHCP6_RESPONSE_DATA responding with packet type 7 data is localAddr=[1:1:1:1::1]:547 remoteAddr=[2:2:2:2::2]:547
```
Perhaps this is this way for a reason? There are, of course, differences between DHCPv4 and DHCPv6.
[SF1375](https://isc.lightning.force.com/lightning/r/Case/5007V00002YkWE4QAN/view)kea2.5.4Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4317The primary server does not send notify information2023-09-14T09:10:44Zliangzyeu liangzeThe primary server does not send notify information<!--
My primary bind server needed to synchronize 13 zone files to 3 secondary servers, but 1-2 zone synchronization was missed each time. I found through logs that the primary bind did not send notify information to the secondary server...<!--
My primary bind server needed to synchronize 13 zone files to 3 secondary servers, but 1-2 zone synchronization was missed each time. I found through logs that the primary bind did not send notify information to the secondary server. But one solution I have is to execute rndc reload twice every time you modify the zone file to synchronize it all. What's the problem?
-->
### Summary
My primary bind server needed to synchronize 13 zone files to 3 secondary servers, but 1-2 zone synchronization was missed each time. I found through logs that the primary bind did not send notify information to the secondary server. But one solution I have is to execute rndc reload twice every time you modify the zone file to synchronize it all. What's the problem?
### BIND version used
[root@ops-sandbox-86-10 zone]# named -V
BIND 9.12.2-P1 <id:8914b83>
running on Linux x86_64 3.10.0-1062.52.2.el7.x86_64 #1 SMP Thu Jul 8 09:03:01 UTC 2021
built by make with '--prefix=/usr/local/named' '--sysconfdir=/data/named/named_53' '--enable-threads' '--enable-largefile' '--enable-epoll' '--disable-ipv6' '--with-openssl'
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-16)
compiled with OpenSSL version: OpenSSL 1.0.2k 26 Jan 2017
linked to OpenSSL version: OpenSSL 1.0.2k-fips 26 Jan 2017
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
threads support is enabledhttps://gitlab.isc.org/isc-projects/kea-docker/-/issues/15CI: Fix hadolint issues2023-09-11T11:09:54ZTomek MrugalskiCI: Fix hadolint issuesNow that we have `hadolint` as part of our CI pipelines, we should address the issues it reports.
Here's an [Aug 24 pipeline](https://gitlab.isc.org/isc-projects/kea-docker/-/jobs/3609017).
As of today, the amount of issues reported is...Now that we have `hadolint` as part of our CI pipelines, we should address the issues it reports.
Here's an [Aug 24 pipeline](https://gitlab.isc.org/isc-projects/kea-docker/-/jobs/3609017).
As of today, the amount of issues reported is minimal. If we do not want to do what hadolint suggest, we should selectively disable its specific warnings.
Once the pipelines are clean, we should enable the "pipelines must succeed" option for this project.https://gitlab.isc.org/isc-projects/bind9/-/issues/4278rndc flush resets stale-refresh-time option to 02023-09-01T08:40:10ZMaksym Odinintsevrndc flush resets stale-refresh-time option to 0### Summary
`rndc flush` command resets `stale-refresh-time` value to 0 (might be rsetes something else what I don't follow)
`rndc reconfig` returns `stale-refresh-time` to the value what was set in config file or default.
Affected ver...### Summary
`rndc flush` command resets `stale-refresh-time` value to 0 (might be rsetes something else what I don't follow)
`rndc reconfig` returns `stale-refresh-time` to the value what was set in config file or default.
Affected versions Bind9.16 and Bind9.18
### BIND version used
```
# named -V
BIND 9.18.18-1+ubuntu22.04.1+isc+1-Ubuntu (Extended Support Version) <id:>
running on Linux x86_64 5.19.0-1025-aws #26~22.04.1-Ubuntu SMP Mon Apr 24 01:58:15 UTC 2023
built by make with '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=${prefix}/include' '--mandir=${prefix}/share/man' '--infodir=${prefix}/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--disable-option-checking' '--disable-silent-rules' '--libdir=${prefix}/lib/x86_64-linux-gnu' '--libexecdir=${prefix}/lib/x86_64-linux-gnu' '--disable-maintainer-mode' '--disable-dependency-tracking' '--libdir=/usr/lib/x86_64-linux-gnu' '--sysconfdir=/etc/bind' '--with-python=python3' '--localstatedir=/' '--enable-threads' '--enable-largefile' '--with-libtool' '--enable-shared' '--disable-static' '--with-gost=no' '--with-openssl=/usr' '--with-gssapi=yes' '--with-libidn2' '--with-json-c' '--with-lmdb=/usr' '--with-gnu-ld' '--with-maxminddb' '--with-atf=no' '--enable-ipv6' '--enable-rrl' '--enable-filter-aaaa' '--disable-native-pkcs11' '--enable-dnstap' 'build_alias=x86_64-linux-gnu' 'CFLAGS=-g -O2 -ffile-prefix-map=/build/bind9-hOOOml/bind9-9.18.18=. -flto=auto -ffat-lto-objects -flto=auto -ffat-lto-objects -fstack-protector-strong -Wformat -Werror=format-security -fno-strict-aliasing -fno-delete-null-pointer-checks -DNO_VERSION_DATE -DDIG_SIGCHASE' 'LDFLAGS=-Wl,-Bsymbolic-functions -flto=auto -ffat-lto-objects -flto=auto -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-Wdate-time -D_FORTIFY_SOURCE=2'
compiled by GCC 11.4.0
compiled with OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
linked to OpenSSL version: OpenSSL 3.0.2 15 Mar 2022
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with libnghttp2 version: 1.43.0
linked to libnghttp2 version: 1.43.0
compiled with libxml2 version: 2.9.13
linked to libxml2 version: 20913
compiled with json-c version: 0.15
linked to json-c version: 0.15
compiled with zlib version: 1.2.11
linked to zlib version: 1.2.11
linked to maxminddb version: 1.5.2
compiled with protobuf-c version: 1.3.3
linked to protobuf-c version: 1.3.3
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): yes
TKEY mode 3 support (GSS-API): yes
default paths:
named configuration: /etc/bind/named.conf
rndc configuration: /etc/bind/rndc.conf
DNSSEC root key: /etc/bind/bind.keys
nsupdate session key: //run/named/session.key
named PID file: //run/named/named.pid
named lock file: //run/named/named.lock
geoip-directory: /usr/share/GeoIP
```
### Steps to reproduce
```
# rndc serve-stale status
_default: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)
_bind: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)
# rndc flush
# rndc serve-stale status
_default: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=0)
_bind: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=0)
# rndc reconfig
# rndc serve-stale status
_default: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)
_bind: stale cache enabled; stale answers enabled (stale-answer-ttl=30 max-stale-ttl=86400 stale-refresh-time=30)
```
### What is the current *bug* behavior?
`stale-refresh-time` resets to value = 0 (what disables refresh time window mechanism at all)
### What is the expected *correct* behavior?
`stale-refresh-time` must not be reseted
### Relevant configuration files
```
# named-checkconf -p -x
options {
directory "/var/cache/bind";
listen-on-v6 {
"any";
};
dnssec-validation auto;
stale-answer-enable yes;
stale-answer-client-timeout 1800;
stale-cache-enable yes;
stale-refresh-time 30;
};
zone "." {
type hint;
file "/usr/share/dns/root.hints";
};
zone "localhost" {
type master;
file "/etc/bind/db.local";
};
zone "127.in-addr.arpa" {
type master;
file "/etc/bind/db.127";
};
zone "0.in-addr.arpa" {
type master;
file "/etc/bind/db.0";
};
zone "255.in-addr.arpa" {
type master;
file "/etc/bind/db.255";
};
```September 2023 (9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17)Matthijs Mekkingmatthijs@isc.orgMatthijs Mekkingmatthijs@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/issues/4250remove support for running python system tests with legacy test runner2023-10-04T13:26:28ZTom Krizekremove support for running python system tests with legacy test runnerCurrently, python system tests must be designed in a way that is compatible with two different modes of operation - the legacy runner and the pytest runner. Their design philosophies are sufficiently different to induce a lot of friction...Currently, python system tests must be designed in a way that is compatible with two different modes of operation - the legacy runner and the pytest runner. Their design philosophies are sufficiently different to induce a lot of friction points and various compatibility issues.
In order for us to be able efficiently write and extend the capabilities of the pytest runner as well as take advantage of all its possibilities, it's not feasible to keep the compatibility layer which enables the python tests to be executed with the legacy runner.
Instead, python tests should be exclusively executed by the pytest runner, providing a predictable environment and behavior.
Legacy runner can still be used to run shell system tests.
Related #3810November 2023 (9.16.45, 9.16.45-S1, 9.18.20, 9.18.20-S1, 9.19.18)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4249compile test binaries/libraries during make2023-09-08T14:05:18ZTom Krizekcompile test binaries/libraries during makeCurrently, test files in `bin/tests/system` which need to be compiled are not part of the typical `make` invocation. Instead, they're compiled when `make check` is invoked.
While this worked well with the legacy test runner, it makes th...Currently, test files in `bin/tests/system` which need to be compiled are not part of the typical `make` invocation. Instead, they're compiled when `make check` is invoked.
While this worked well with the legacy test runner, it makes things needlessly complicated for the pytest runner, and prevents use-cases such as running out-of-tree tests easily.
Compile the required test files as `noinst_` instead of `check_` to ensure they're compiled and available after `make` invocation.
Related #4246, #3810September 2023 (9.16.44, 9.16.44-S1, 9.18.19, 9.18.19-S1, 9.19.17)Tom KrizekTom Krizekhttps://gitlab.isc.org/isc-projects/stork/-/issues/1137Alpine Setup script not available2023-09-28T11:20:25ZThomas GerstenbergAlpine Setup script not availableStork documentation chapter [2.5.1.3](https://stork.readthedocs.io/en/latest/install.html#installing-on-alpine) mentions a setup script to install stork on Alpine ([https://dl.cloudsmith.io/public/isc/stork/cfg/setup/setup.alpine.sh](htt...Stork documentation chapter [2.5.1.3](https://stork.readthedocs.io/en/latest/install.html#installing-on-alpine) mentions a setup script to install stork on Alpine ([https://dl.cloudsmith.io/public/isc/stork/cfg/setup/setup.alpine.sh](https://dl.cloudsmith.io/public/isc/stork/cfg/setup/setup.alpine.sh)).
This script however is not available on cloudsmith.
I can imagine that this is related to #863. However, if there are no packages available, the documentation should not state that there are.1.13Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/kea/-/issues/2982Missing subnet4-update message2023-08-16T14:41:34ZPeter DaviesMissing subnet4-update messageMissing subnet4-update message:
In Kea 2.4.0:
The subnet commands hooks libraries generate a the following message on successfull
completion of a "subnet4-get" command:
```
SUBNET_CMDS_SUBNET_GET successfully retrieved sub...Missing subnet4-update message:
In Kea 2.4.0:
The subnet commands hooks libraries generate a the following message on successfull
completion of a "subnet4-get" command:
```
SUBNET_CMDS_SUBNET_GET successfully retrieved subnet ...
```
However no message is generated on completion of a "subnet4-update" command.
[RT #22374](https://support.isc.org/Ticket/Display.html?id=22374)kea2.5.1Piotrek ZadrogaPiotrek Zadrogahttps://gitlab.isc.org/isc-projects/keama/-/issues/29Improve feedback keama web is showing to the user2023-09-14T14:23:48ZPiotrek ZadrogaImprove feedback keama web is showing to the userAs it was mentioned in https://gitlab.isc.org/isc-projects/keama/-/merge_requests/16#note_382168 , feedback to the user could be displayed in a more dynamic manner i.e. without a need to reload whole page (http get request).
Flask flash...As it was mentioned in https://gitlab.isc.org/isc-projects/keama/-/merge_requests/16#note_382168 , feedback to the user could be displayed in a more dynamic manner i.e. without a need to reload whole page (http get request).
Flask flashing could be used for that purpose.4.5.0Piotrek ZadrogaPiotrek Zadrogahttps://gitlab.isc.org/isc-projects/kea/-/issues/2918ISC DHCP log emulation2023-10-06T17:12:30ZPeter DaviesISC DHCP log emulation---
name: ISC DHCP log emulation
about: Kea to generate logging similar ISC DCHP.
---
**Some initial questions**
- Are you sure your feature is not already implemented in the latest Kea version?
Kea's forensic logging hooks library ...---
name: ISC DHCP log emulation
about: Kea to generate logging similar ISC DCHP.
---
**Some initial questions**
- Are you sure your feature is not already implemented in the latest Kea version?
Kea's forensic logging hooks library can be configured generate messages that look
like ISC DHCP logging but DHCPDISCOVER/DHCPOFFER and SOLICIT/ADVERTISE
packets are not logged.
**Is your feature request related to a problem? Please describe.**
As a help to folks who are planning to migrate from ISC DCHP to Kea it may be helpful if
Kea could be induced to produce logging that approximate those generated by ISC DCHP.
**Describe the solution you'd like**
There appear to be two ways forward:
1) Enhance Kea's forensic logging hooks library.
2) Generate new logging messages at severity INFO
**Additional context**
See [RT #22155](https://support.isc.org/Ticket/Display.html?id=22155)kea2.5.3Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/2908DEBUG DHCP4_CLASS_ASSIGNED fails to log properly in kea-dhcp4.dhcp4 with shar...2023-08-03T14:35:27ZDarren AnkneyDEBUG DHCP4_CLASS_ASSIGNED fails to log properly in kea-dhcp4.dhcp4 with shared-networksIf a subnet is part of a shared-networks definition, then classes assigned by reservations are not logged in the DHCP4_CLASS_ASSIGNED messages. This simple configuration:
```
{
"Dhcp4": {
"interfaces-config": {
"interfaces"...If a subnet is part of a shared-networks definition, then classes assigned by reservations are not logged in the DHCP4_CLASS_ASSIGNED messages. This simple configuration:
```
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "ens256" ]
},
"lease-database": {
"type": "memfile",
"persist": false
},
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/tmp/all-dhcp4.log"
}
],
"severity": "DEBUG",
"debuglevel": 99
}
],
"client-classes": [
{
"name": "someclass",
"option-data": [
{
"name": "routers",
"data": "10.1.2.1"
}
]
}
],
"shared-networks": [
{
"name": "some-shared-network",
"subnet4": [
{
"subnet": "10.1.2.0/24",
"reservations": [
{
"client-classes": [
"someclass"
],
"hw-address": "00:0c:01:02:03:04",
"ip-address": "10.1.2.133",
}
]
}
]
}
]
}
}
```
results in logs like this:
```
2023-06-06 12:36:47.547 DEBUG [kea-dhcp4.dhcp4/4418.281472760196992] DHCP4_CLASS_ASSIGNED [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x2b: client packet has been assigned to the following class(es): KNOWN
2023-06-06 12:36:47.547 DEBUG [kea-dhcp4.dhcp4/4418.281472760196992] DHCP4_CLASS_ASSIGNED [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x2b: client packet has been assigned to the following class(es): ALL, KNOWN
```
even though the client is added to the class as evidenced by the presence of the 10.1.2.1 routers option in the packet:
```
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.dhcp4/4553.281472785596288] DHCP4_CLASS_ASSIGNED [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: client packet has been assigned to the following class(es): KNOWN
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.dhcp4/4553.281472785596288] DHCP4_CLASS_ASSIGNED [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: client packet has been assigned to the following class(es): ALL, KNOWN
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.ddns/4553.281472785596288] DHCP4_CLIENT_HOSTNAME_PROCESS [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: processing client's Hostname option
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.dhcpsrv/4553.281472785596288] DHCPSRV_MEMFILE_GET_CLIENTID obtaining IPv4 leases for client ID 01:00:0c:01:02:03:04
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.hosts/4553.281472785596288] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4 get one host with reservation for subnet id 1 and IPv4 address 10.1.2.133
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.hosts/4553.281472785596288] HOSTS_CFG_GET_ALL_ADDRESS4 get all hosts with reservations for IPv4 address 10.1.2.133
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.hosts/4553.281472785596288] HOSTS_CFG_GET_ALL_ADDRESS4_HOST using address 10.1.2.133 found host: hwaddr=000C01020304 ipv4_subnet_id=1 hostname=(empty) ipv4_reservation=10.1.2.133 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) dhcp4_class0=someclass
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.hosts/4553.281472785596288] HOSTS_CFG_GET_ALL_ADDRESS4_COUNT using address 10.1.2.133, found 1 host(s)
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.hosts/4553.281472785596288] HOSTS_CFG_GET_ONE_SUBNET_ID_ADDRESS4_HOST using subnet id 1 and address 10.1.2.133, found host: hwaddr=000C01020304 ipv4_subnet_id=1 hostname=(empty) ipv4_reservation=10.1.2.133 siaddr=(no) sname=(empty) file=(empty) key=(empty) ipv6_reservations=(none) dhcp4_class0=someclass
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.dhcpsrv/4553.281472785596288] DHCPSRV_MEMFILE_GET_ADDR4 obtaining IPv4 lease for address 10.1.2.133
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.alloc-engine/4553.281472785596288] ALLOC_ENGINE_V4_REQUEST_EXTEND_LEASE [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: extending lifetime of the lease for address 10.1.2.133
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.dhcpsrv/4553.281472785596288] DHCPSRV_MEMFILE_UPDATE_ADDR4 updating IPv4 lease for address 10.1.2.133
2023-06-06 12:57:39.715 INFO [kea-dhcp4.leases/4553.281472785596288] DHCP4_LEASE_ALLOC [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: lease 10.1.2.133 has been allocated for 7200 seconds
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.options/4553.281472785596288] DHCP4_PACKET_PACK [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: preparing on-wire format of the packet to be sent
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.packets/4553.281472785596288] DHCP4_PACKET_SEND [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: trying to send packet DHCPACK (type 5) from 10.1.2.2:67 to 10.1.2.6:67 on interface ens256
2023-06-06 12:57:39.715 DEBUG [kea-dhcp4.packets/4553.281472785596288] DHCP4_RESPONSE_DATA [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0x189: responding with packet DHCPACK (type 5), packet details: local_address=10.1.2.2:67, remote_address=10.1.2.6:67, msg_type=DHCPACK (5), transid=0x189,
options:
type=001, len=004: 4294967040 (uint32)
type=003, len=004: 10.1.2.1
type=051, len=004: 7200 (uint32)
type=053, len=001: 5 (uint8)
type=054, len=004: 10.1.2.2
type=061, len=007: 01:00:0c:01:02:03:04
```
being present in the DHCPACK
Remove the shared-networks as shown:
```
{
"Dhcp4": {
"interfaces-config": {
"interfaces": [ "ens256" ]
},
"lease-database": {
"type": "memfile",
"persist": false
},
"loggers": [
{
"name": "kea-dhcp4",
"output_options": [
{
"output": "/tmp/all-dhcp4.log"
}
],
"severity": "DEBUG",
"debuglevel": 99
}
],
"client-classes": [
{
"name": "someclass",
"option-data": [
{
"name": "routers",
"data": "10.1.2.1"
}
]
}
],
"subnet4": [
{
"subnet": "10.1.2.0/24",
"reservations": [
{
"client-classes": [
"someclass"
],
"hw-address": "00:0c:01:02:03:04",
"ip-address": "10.1.2.133",
}
]
}
]
}
}
```
And the log notes that the client has been added to 'someclass':
```
2023-06-06 12:54:14.715 DEBUG [kea-dhcp4.dhcp4/4512.281473095200640] DHCP4_CLASS_ASSIGNED [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0xbc: client packet has been assigned to the following class(es): KNOWN
2023-06-06 12:54:14.715 DEBUG [kea-dhcp4.dhcp4/4512.281473095200640] DHCP4_CLASS_ASSIGNED [hwtype=1 00:0c:01:02:03:04], cid=[01:00:0c:01:02:03:04], tid=0xbc: client packet has been assigned to the following class(es): ALL, someclass, KNOWN
```
[RT22139](https://support.isc.org/Ticket/Display.html?id=22139)kea2.5.1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/4066resolv.conf parsing eats lines if more than 3 nameservers set2023-05-17T22:53:09ZRobert Bridgeresolv.conf parsing eats lines if more than 3 nameservers set<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confident...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please make sure that you make the new issue
confidential!
-->
### Summary
The resolv.conf parsing used in nslookup eats the lines of resolv.conf if there are more than 3 nameservers defined in resolv.conf. This means that if there is an even number of nameservers defined, the first line following the nameservers gets silently eaten and ignored.
### BIND version used
Identified on CentOS 9 stream, confirmed from git on gentoo:
```
BIND 9.19.14-dev (Development Release) <id:562697e>
running on Linux x86_64 6.2.9-gentoo #2 SMP PREEMPT_DYNAMIC Mon May 1 09:27:12 BST 2023
built by make with default
compiled by GCC 13.1.0
compiled with OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
linked to OpenSSL version: OpenSSL 3.0.8 7 Feb 2023
compiled with libuv version: 1.44.2
linked to libuv version: 1.44.2
compiled with liburcu version: 0.14.0
compiled with libnghttp2 version: 1.52.0
linked to libnghttp2 version: 1.52.0
compiled with libxml2 version: 2.11.3
linked to libxml2 version: 21103
compiled with json-c version: 0.16
linked to json-c version: 0.16
compiled with zlib version: 1.2.13
linked to zlib version: 1.2.13
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): no
default paths:
named configuration: /usr/local/etc/named.conf
rndc configuration: /usr/local/etc/rndc.conf
nsupdate session key: /usr/local/var/run/named/session.key
named PID file: /usr/local/var/run/named/named.pid
named lock file: /usr/local/var/run/named/named.lock
```
### Steps to reproduce
Create resolv.conf with 4/6/8 nameserver entries, and a search line immediately after the last nameserver entry, e.g.:
```
nameserver 8.8.8.8
nameserver 8.8.8.8
nameserver 8.8.8.8
nameserver 8.8.8.8
search google.com
```
Run nslookup for a name that relies on the search line.
```
nslookup www
```
### What is the current *bug* behavior?
nslookup returns NXDOMAIN (typically)
```
# nslookup www
Server: 8.8.8.8
Address: 8.8.8.8#53
** server can't find www: NXDOMAIN
```
### What is the expected *correct* behavior?
nslookup should search the domains and find the relevant record
```
$ ./bin/dig/nslookup www
Server: 8.8.8.8
Address: 8.8.8.8#53
Non-authoritative answer:
Name: www.google.com
Address: 172.217.16.228
Name: www.google.com
Address: 2a00:1450:4009:820::2004
```
### Relevant configuration files
/etc/resolv.conf posted above
### Relevant logs and/or screenshots
### Possible fixesJune 2023 (9.16.42, 9.16.42-S1, 9.18.16, 9.18.16-S1, 9.19.14)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/kea/-/issues/2854Include Client ID in EVAL_RESULT msg2023-08-22T19:17:27ZPeter DaviesInclude Client ID in EVAL_RESULT msgInclude Client ID in EVAL_RESULT msg:
It may be useful for users tracking client behaviour to have the client id present in the INFO message EVAL_RESULT
From:
INFO [kea-dhcp4.dhcpsrv/27.121957] EVAL_RESULT Expression Some_C...Include Client ID in EVAL_RESULT msg:
It may be useful for users tracking client behaviour to have the client id present in the INFO message EVAL_RESULT
From:
INFO [kea-dhcp4.dhcpsrv/27.121957] EVAL_RESULT Expression Some_Class evaluated to 1
To:
INFO [kea-dhcp4.dhcpsrv/27.121957] EVAL_RESULT Expression Some_Class evaluated to 1 for client with cid="e6:3f:f1:2d:ca:3c"
[RT #220060](https://support.isc.org/Ticket/Display.html?id=22060)kea2.5.1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/2835default preferred-lifetime2023-07-17T13:58:21ZPeter Daviesdefault preferred-lifetimeUsing configuration without any lifetime specifications "config-get" returns
the following values:
global scope:
"preferred-lifetime": 3600,
subnet scope:
"max-preferred-lifetime": 3600,
"max-valid-li...Using configuration without any lifetime specifications "config-get" returns
the following values:
global scope:
"preferred-lifetime": 3600,
subnet scope:
"max-preferred-lifetime": 3600,
"max-valid-lifetime": 7200,
"min-preferred-lifetime": 3600,
"min-valid-lifetime": 7200,
"preferred-lifetime": 3600,
"valid-lifetime": 7200
Preliminary tests on Kea 2.3.7 appear to show that a "preferred-lifetime" of 3600 seconds is
also advertized by Kea.
The ARM makes no mention of a default value for "preferred-lifetime" and may
need to be updated
Thomas: In ISC DHCP, if you do not specify preferred lifetime, (and the client doesn't supply hint values),
it sends .625 of the valid lifetime. We could consider changing preferred default to "unspecified"
and doing the same.
By setting a global default of 3600 in Kea, there is no way for a user to have an "unspecified"
value for preferred lifetime
[RT #21972](https://support.isc.org/Ticket/Display.html?id=21972 )kea2.3.8Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4005ICMP error messages causing BIND9 to send more queries than intended2023-05-18T12:29:22ZidealeerICMP error messages causing BIND9 to send more queries than intendedAfter further testing, I found another type of ICMP response that could also
force BIND9 to enter the aggressive query state via UDP
like Knot Resolver via TCP (https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html)
The case ...After further testing, I found another type of ICMP response that could also
force BIND9 to enter the aggressive query state via UDP
like Knot Resolver via TCP (https://www.knot-resolver.cz/2023-01-26-knot-resolver-5.6.0.html)
The case is that after receiving an ICMP error message (Type 3, Code 0/2),
BIND9 will try to send 100 queries towards the same remote server, which
bypasses the query limit of about 13.
For type 3, code 3 ICMP error message, BIND9 just returns
an error to the receiving function and stops resolution.
For type 3, code 0 or 2, BIND9 continues to send queries
100 times to the same server, which bypasses the query
limit (no more than around 13 times).
The PoC log from BIND9 shows BIND9 continues to send
100 queries after receiving an ICMP type 3 code 0
message when it resolves my domain, i30.sw.nameserver.fit.
[bind-icmp-type3-code0-poc.log](/uploads/892118329c2b78149ea582ca9a3f1732/bind-icmp-type3-code0-poc.log)
[bind-icmp-type3-code0-reproduction.pdf](/uploads/9356d639c150b216bf332d9e8273b478/bind-icmp-type3-code0-reproduction.pdf)May 2023 (9.16.41, 9.16.41-S1, 9.18.15, 9.18.15-S1, 9.19.13)https://gitlab.isc.org/isc-projects/kea/-/issues/2781[ISC-support #21874] Request to implement "ping before offer"2023-11-23T13:05:40ZEverett Fulton[ISC-support #21874] Request to implement "ping before offer"https://support.isc.org/Ticket/Display.html?id=21874
A Support customer is requesting that Kea has an option to use ICMP pings as a test for an existing host before an offer is provided to a request, as is done in ISC dhcpd.https://support.isc.org/Ticket/Display.html?id=21874
A Support customer is requesting that Kea has an option to use ICMP pings as a test for an existing host before an offer is provided to a request, as is done in ISC dhcpd.kea2.5.4Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/stork/-/issues/997incorrect rndc key match2023-07-26T12:40:15ZPengfei Guincorrect rndc key matchHi,
there is a bug in https://gitlab.isc.org/isc-projects/stork/-/blob/master/backend/agent/bind9.go#L132
the keyword of `key` block is `key`,
```
key "name" {
algorithm "hmac-sha256";
secret "OmItW1lOyLVUEuvv+Fme+Q==";
};
```
...Hi,
there is a bug in https://gitlab.isc.org/isc-projects/stork/-/blob/master/backend/agent/bind9.go#L132
the keyword of `key` block is `key`,
```
key "name" {
algorithm "hmac-sha256";
secret "OmItW1lOyLVUEuvv+Fme+Q==";
};
```
but the regex matches `keys`.1.10Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/979Stork Demo uses deprecated "docker-compose" command2023-03-29T18:11:00ZCarsten StrotmannStork Demo uses deprecated "docker-compose" commandThe Stork Demo rake target uses the "docker-compose" command, which is written in Python and (according to https://docs.docker.com/compose/release-notes/) deprecated and will not be supported after summer 2023. It is already hard to inst...The Stork Demo rake target uses the "docker-compose" command, which is written in Python and (according to https://docs.docker.com/compose/release-notes/) deprecated and will not be supported after summer 2023. It is already hard to install on recent Linux systems, such as Red Hat EL 9.
The rake target should migrate to the new "docker compose" command (docker-compose V2).1.10Slawek FigielSlawek Figielhttps://gitlab.isc.org/isc-projects/stork/-/issues/975Update coding guidelines2023-05-09T11:29:58ZMarcin SiodelskiUpdate coding guidelinesWe have the Stork coding guidelines documented here: https://gitlab.isc.org/isc-projects/stork/-/wikis/Processes/coding-guidelines#go-style. However, this document was written at the beginning of the Stork development. At this time we di...We have the Stork coding guidelines documented here: https://gitlab.isc.org/isc-projects/stork/-/wikis/Processes/coding-guidelines#go-style. However, this document was written at the beginning of the Stork development. At this time we didn't have enough experience in Golang and Typescript to write a comprehensive set of guidelines. Today, we have a lot more experience and a lot more to write.
This ticket came up during the https://gitlab.isc.org/isc-projects/stork/-/merge_requests/553 review. In this MR we wondered about the naming convention for continue labels. We think it should be camel case. We need to include it in the guidelines.1.11Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/2735Port Fix for "MariaDB Connector Time Out Issue" to 2.2.x (already prepared, n...2023-07-18T13:51:46Zuedvt359Port Fix for "MariaDB Connector Time Out Issue" to 2.2.x (already prepared, need project allocation to fork and request merge)Recently, a fix regarding database timeout handing (reported in #2688) was merged into master (!1887). Since this problem is also present in the `v2_2` branch, I have cherry-picked the commits of the MR and applied them on the stable ver...Recently, a fix regarding database timeout handing (reported in #2688) was merged into master (!1887). Since this problem is also present in the `v2_2` branch, I have cherry-picked the commits of the MR and applied them on the stable version.
Since I cannot open a Merge Request on ISC's Gitlab I submitted these to https://github.com/isc-projects/kea/pull/125; but @vicky advised me to open this issue to get a project space allocated here. For now, my patches live at https://github.com/uedvt359/kea/tree/dvt.kea2.2.1Andrei Pavelandrei@isc.orgAndrei Pavelandrei@isc.org