ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-03-16T11:03:02Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/399Do not use Net::DNS::Nameserver in the "serve-stale" system test2023-03-16T11:03:02ZMichał KępieńDo not use Net::DNS::Nameserver in the "serve-stale" system testReturning `undef` from a `Net::DNS::Nameserver` `ReplyHandler` only prevents sending a response in `Net::DNS` 0.67+ (see changes introduced in upstream revision 921). In older versions, a response is sent anyway, causing the "serve-stal...Returning `undef` from a `Net::DNS::Nameserver` `ReplyHandler` only prevents sending a response in `Net::DNS` 0.67+ (see changes introduced in upstream revision 921). In older versions, a response is sent anyway, causing the "serve-stale" system test to fail as it takes advantage of the newer behavior:
```sh
$ PORT=5300 PERL5LIB=/path/to/Net-DNS/0.66/lib perl bin/tests/system/serve-stale/ans2/ans.pl > /dev/null 2>&1 &
$ dig @10.53.0.2 -p 5300 disable txt +short
"0"
$ dig @10.53.0.2 -p 5300 ns.example +short
$ kill $!
$ PORT=5300 PERL5LIB=/path/to/Net-DNS/0.67/lib perl bin/tests/system/serve-stale/ans2/ans.pl > /dev/null 2>&1 &
$ dig @10.53.0.2 -p 5300 disable txt +short
"0"
$ dig @10.53.0.2 -p 5300 ns.example +short
; <<>> DiG 9.13.2 <<>> @10.53.0.2 -p 5300 ns.example +short
; (1 server found)
;; global options: +cmd
;; connection timed out; no servers could be reached
```
Since the latest `Net::DNS` version available with stock RHEL/CentOS 6 packages is 0.65 and we officially support that operating system, `bin/tests/system/serve-stale/ans2/ans.pl` should be reworked not to use `Net::DNS::Nameserver` to ensure it behaves consistently across all `Net::DNS` versions.BIND-9.13.3Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/393Fix a Net::DNS version quirk in the "resolver" system test2018-07-10T13:09:34ZMichał KępieńFix a Net::DNS version quirk in the "resolver" system test`new Net::DNS::Packet()->data()` only returns a DNS packet with an empty QUESTION section in `Net::DNS` 0.68+ (see changes introduced in upstream revision 968). In older versions, the same method inserted a `./ANY` RR into the QUESTION ...`new Net::DNS::Packet()->data()` only returns a DNS packet with an empty QUESTION section in `Net::DNS` 0.68+ (see changes introduced in upstream revision 968). In older versions, the same method inserted a `./ANY` RR into the QUESTION section if the latter was empty:
```sh
$ PERL5LIB=/path/to/Net-DNS/0.67/lib perl -MNet::DNS -e 'print(unpack("H*", new Net::DNS::Packet()->data()) . "\n") for (1..3);'
a027010000010000000000000000ff00ff
3d68010000010000000000000000ff00ff
a740010000010000000000000000ff00ff
$ PERL5LIB=/path/to/Net-DNS/0.68/lib perl -MNet::DNS -e 'print(unpack("H*", new Net::DNS::Packet()->data()) . "\n") for (1..3);'
01be01000000000000000000
85a101000000000000000000
2c1e01000000000000000000
```
Since the latest `Net::DNS` version available with stock RHEL/CentOS 6 packages is 0.65 and we officially support that operating system, `bin/tests/system/resolver/ans8/ans.pl` should be tweaked to ensure it returns consistent responses across all `Net::DNS` versions.BIND-9.13.3Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/392Trust anchor telemetry queries are not sent for locally served zones2023-03-16T11:03:02ZMichał KępieńTrust anchor telemetry queries are not sent for locally served zonesCalling `dns_resolver_createfetch()` [with NULL `domain` and `nameservers` arguments](https://gitlab.isc.org/isc-projects/bind9/blob/4f6ef2f3e5bacd74da2cf2e4f8e51f3d7682b9a1/bin/named/server.c#L6598) will not cause upstream queries to be...Calling `dns_resolver_createfetch()` [with NULL `domain` and `nameservers` arguments](https://gitlab.isc.org/isc-projects/bind9/blob/4f6ef2f3e5bacd74da2cf2e4f8e51f3d7682b9a1/bin/named/server.c#L6598) will not cause upstream queries to be sent for a TAT query for a zone which is configured locally since the response will be determined just by consulting local data.
This issue is of particular importance for root zone mirroring.
Sparked by [a tweet from Marco Davids](https://twitter.com/marcodavids/status/1012816801074380802).BIND-9.13.3Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/384Rework IDN support in dig2018-07-13T06:37:51ZMichał KępieńRework IDN support in digIDN support in `dig` currently suffers from a number of issues:
* IDNA2003 fallbacks [are still present](https://gitlab.isc.org/isc-projects/bind9/blob/4f6ef2f3e5bacd74da2cf2e4f8e51f3d7682b9a1/bin/dig/dighost.c#L4291-4293), despite our...IDN support in `dig` currently suffers from a number of issues:
* IDNA2003 fallbacks [are still present](https://gitlab.isc.org/isc-projects/bind9/blob/4f6ef2f3e5bacd74da2cf2e4f8e51f3d7682b9a1/bin/dig/dighost.c#L4291-4293), despite our test comments claiming that BIND made a hard transition to IDNA2008 non-transitional processing,
* confusing ([passing flags which are ignored by the callee](https://gitlab.isc.org/isc-projects/bind9/blob/4f6ef2f3e5bacd74da2cf2e4f8e51f3d7682b9a1/bin/dig/dighost.c#L4335)) and fragile ([locale-dependent](https://gitlab.com/libidn/libidn2/blob/6a5fce9848bf76102cb62a314b69d422125a14e1/lib/decode.c#L365-376)) libidn2 calls are used when decoding Punycode found in upstream DNS responses,
* leftover Autoconf macros from previous IDN implementations are still present,
* redundant code is present.BIND-9.13.3Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/371Remove dns_rdataslab_tordataset() and its related dns_rdatasetmethods_t callb...2018-07-04T11:04:34ZMichał KępieńRemove dns_rdataslab_tordataset() and its related dns_rdatasetmethods_t callbacks`lib/dns/rdataslab.c` contains `dns_rdataslab_tordataset()`, a function which allows an RDATA slab to be converted to a `dns_rdataset_t` backed by a set of methods which are almost exact duplicates of `rdataset_*()` routines found in `li...`lib/dns/rdataslab.c` contains `dns_rdataslab_tordataset()`, a function which allows an RDATA slab to be converted to a `dns_rdataset_t` backed by a set of methods which are almost exact duplicates of `rdataset_*()` routines found in `lib/dns/rbtdb.c`. Since `dns_rdataslab_tordataset()` is not used anywhere in the tree and, as of BIND 9.13, libdns is no longer considered a public library, that function and its related set of `dns_rdatasetmethods_t` callbacks can be removed.
As an aside, note that the story is entirely different when it comes to `dns_rdataslab_fromrdataset()` which `lib/dns/rbtdb.c` uses for inserting data into memory. But the slabs created using that method are never "exported" using `dns_rdataslab_tordataset()` - `bind_rdataset()` is used for that purpose.BIND-9.13.3Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/237dnssec-validation exception domains2022-01-26T07:43:51ZEvan Huntdnssec-validation exception domainsWe've had a feature request on the back burner list for a long while: The ability to permanently configure the equivalent of a negative trust anchor so that local fake TLDs like "corp" or "home" can be used without triggering validation ...We've had a feature request on the back burner list for a long while: The ability to permanently configure the equivalent of a negative trust anchor so that local fake TLDs like "corp" or "home" can be used without triggering validation failures due to their nonexistence at the root.
I implemented this over the weekend. No particular urgency about it, we might even decide it's not a good idea, but I'm opening an issue so I can push an associated MR for further discussion.BIND-9.13.3https://gitlab.isc.org/isc-projects/bind9/-/issues/9Replace custom datatypes (isc_<foo>_t) with C11 equivalents2024-01-03T14:09:50ZOndřej SurýReplace custom datatypes (isc_<foo>_t) with C11 equivalentsCurrently there are datatypes available from the libisc headers. Replace these with C11 equivalents for better readability for external contributors.Currently there are datatypes available from the libisc headers. Replace these with C11 equivalents for better readability for external contributors.BIND-9.13.3Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/8Update the used C standard to C112024-01-03T14:09:50ZOndřej SurýUpdate the used C standard to C11Require C11 (or rather gnu11) support from compiler, and there are some next relevant steps:
* [ ] Use C11 data types (uintXX_t, boolean, etc...) #9
* [ ] Use and require atomic primitives support #10
* [ ] Benefit from better multi-th...Require C11 (or rather gnu11) support from compiler, and there are some next relevant steps:
* [ ] Use C11 data types (uintXX_t, boolean, etc...) #9
* [ ] Use and require atomic primitives support #10
* [ ] Benefit from better multi-threading support in the language #11BIND-9.13.3Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/577BIND 9.11.5-S1 Release Checklist2018-11-08T15:18:27ZVicky Riskvicky@isc.orgBIND 9.11.5-S1 Release Checklist## Release Checklist
- [x] Check for the presence of a milestone for the release
- If there is a milestone, are all the issues for the milestone resolved? (other than this checklist)
- [x] Prepare the sources for tarball generatio...## Release Checklist
- [x] Check for the presence of a milestone for the release
- If there is a milestone, are all the issues for the milestone resolved? (other than this checklist)
- [x] Prepare the sources for tarball generation
- [x] Change software version and library versions in configure.in
- [x] Update CHANGES
- [x] Ensure the release notes are correct for this release
- [x] Ensure the metainformation is correct for this release
- [x] Make sure the tests are passing
- [x] Create a tag (name vX_Y_Z[-alphatag], content BIND X.Y.Z[-alphatag], signed with a developer's GPG key): git tag -u <DEVELOPER_KEYID> -a -s -m "BIND X.Y.Z" vX.Y.Z
- [x] Push the changes and tag
- [x] Create the tarball
---- (not) Create the Windows zips
- [x] Ask QA to sanity check the tarball and zips
- [x] Request the signature on the tarballs
- [x] Make tarballs and signatures available to download
## Support
- [x] Inform support (nice to give them a heads-up in advance)
- Update tickets to deliver to support customersBIND-9.11.5-S1https://gitlab.isc.org/isc-projects/kea/-/issues/153Netconf agent development2018-11-07T06:16:52ZFrancis DupontNetconf agent developmentHome for MRs about netconf.Home for MRs about netconf.Kea1.5-beta1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/138kea-admin / admin-utils.sh ignores the -h --host arg for the database2019-01-17T14:54:51ZThorsten Krohnkea-admin / admin-utils.sh ignores the -h --host arg for the databaseIf the mysql-database is not on localhost, upgrade of the database with kea-admin is not possible.
I looked into the code and the problem is in the admin-utils.sh:
```sh
mysql_execute() {
QUERY=$1
shift
if [ $# -gt 1 ]; the...If the mysql-database is not on localhost, upgrade of the database with kea-admin is not possible.
I looked into the code and the problem is in the admin-utils.sh:
```sh
mysql_execute() {
QUERY=$1
shift
if [ $# -gt 1 ]; then
mysql -N -B "$@" -e "${QUERY}"
retcode=$?
else
mysql -N -B --database="${db_name}" --user="${db_user}" --password="${db_password}" -e "${QUERY}"
retcode=$?
fi
return $retcode
}
mysql_execute_script() {
file=$1
shift
if [ $# -ge 1 ]; then
mysql -N -B "$@" < "${file}"
retcode=$?
else
mysql -N -B --database="${db_name}" --user="${db_user}" --password="${db_password}" < "${file}"
retcode=$?
fi
return $retcode
}
```
The mysql lines should look like this:
>mysql -N -B **--host="${db_host}"** --database="${db_name}" --user="${db_user}" --password="${db_password}"
This problem may be also in the other backends.
This bug is in all versions, also in the master-branch.Kea1.5-beta1Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/128Use lib process daemon code in netconf2018-10-06T00:51:14ZFrancis DupontUse lib process daemon code in netconfNote I fixed the compilation but there are still some replacement codes waiting for dhcpsrv -> process migration which was done.Note I fixed the compilation but there are still some replacement codes waiting for dhcpsrv -> process migration which was done.Kea1.5-beta1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/107Import YANG DHCPv4 model from kea-yang repo2018-09-13T09:43:34ZTomek MrugalskiImport YANG DHCPv4 model from kea-yang repoThis ticket covers importing DHCPv4 model from kea-yang repository.
This should be done as soon as possible, so QA and other interested parties can look at it and prepare.This ticket covers importing DHCPv4 model from kea-yang repository.
This should be done as soon as possible, so QA and other interested parties can look at it and prepare.Kea1.5-beta1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/93CB: Implement MySQLConfigBackendDHCPv4 class2018-10-30T15:53:39ZMarcin SiodelskiCB: Implement MySQLConfigBackendDHCPv4 classThe MySQLConfigBackend class implements Config Backend for MySQL as described in https://gitlab.isc.org/isc-projects/kea/wikis/designs/configuration-in-db-designThe MySQLConfigBackend class implements Config Backend for MySQL as described in https://gitlab.isc.org/isc-projects/kea/wikis/designs/configuration-in-db-designKea1.5-beta1Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/kea/-/issues/65library for yang <-> json configuration element translators2018-11-05T09:44:05ZGhost Userlibrary for yang <-> json configuration element translatorsNew library with yang <-> json translators for representation of configuration elements.
A priori one fro `src/lib/dhcpsrv/parsers` parse class.New library with yang <-> json translators for representation of configuration elements.
A priori one fro `src/lib/dhcpsrv/parsers` parse class.Kea1.5-beta1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/61errors in kea-admin script and related scripts2018-11-07T09:15:57ZGhost Usererrors in kea-admin script and related scriptsReported via a Kea support customer:
Found annoying error in kea-admin, the $prefix environment variable is set but not exported so it cannot be used by scripts in $prefix/share/kea/scripts/mysql/*.sh.
Also there are errors in $pre...Reported via a Kea support customer:
Found annoying error in kea-admin, the $prefix environment variable is set but not exported so it cannot be used by scripts in $prefix/share/kea/scripts/mysql/*.sh.
Also there are errors in $prefix/share/kea/scripts/admin-utils.sh at lines 25 and 39, where the --host="${db_host}" parameter is missing so the mysql commands are always attempted towards the local database even if -h or --host parameter is used in kea-admin calls.
I suspect the same problems could be in other backends as well but I didn't check them.
He attached his proposed corrections to admin-utils.sh and kea-admin.Kea1.5-beta1Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/23gitlab HOWTO2018-10-19T11:50:39ZFrancis Dupontgitlab HOWTOThis to discuss gitlab HOWTO. No Kea code expected!
The howto is documented [here](../wikis/gitlab-howto)This to discuss gitlab HOWTO. No Kea code expected!
The howto is documented [here](../wikis/gitlab-howto)Kea1.5-beta1Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/18lib process unable to handle more than one configuration (staging and running)2018-09-30T19:38:12ZFrancis Dupontlib process unable to handle more than one configuration (staging and running)According to trac3543 review the lib process lacks a versioning feature as dhcpsrv cfgmgr provides.According to trac3543 review the lib process lacks a versioning feature as dhcpsrv cfgmgr provides.Kea1.5-beta1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/5Configuration parser for NETCONF2022-10-27T12:44:25ZTomek MrugalskiConfiguration parser for NETCONFThis task covers writing configuration parser for kea-netconf. This configuration will cover things like:
- which model(s) to subscribe to
- which translators to load
- where send the JSON commands (stdout, unix socket, http socket)
- l...This task covers writing configuration parser for kea-netconf. This configuration will cover things like:
- which model(s) to subscribe to
- which translators to load
- where send the JSON commands (stdout, unix socket, http socket)
- loggingKea1.5-beta1https://gitlab.isc.org/isc-projects/kea/-/issues/259libyang unit test using doc examples is broken by new authoritative flag2018-11-08T11:56:07ZFrancis Dupontlibyang unit test using doc examples is broken by new authoritative flagKea1.5-beta1Francis DupontFrancis Dupont