ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2019-03-15T06:44:10Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/866DEPRECATE dnssec-enable option2019-03-15T06:44:10ZOndřej SurýDEPRECATE dnssec-enable optionBIND 9.15.xEvan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/867rrtypes missing from named2020-08-26T02:39:25ZEvan Huntrrtypes missing from namedZONEMD and AMTRELAY RR types have had code points issued.ZONEMD and AMTRELAY RR types have had code points issued.Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/868Configuring a static root trust anchor prevents "dnssec-validation auto;" key...2019-05-08T18:38:53ZMichał KępieńConfiguring a static root trust anchor prevents "dnssec-validation auto;" key maintenanceIf any `trusted-keys` entry is configured for the root zone and `dnssec-validation auto;` is in effect, the built-in root trust anchor enabled by the latter will be used for DNSSEC validation purposes, but it will not be maintained using...If any `trusted-keys` entry is configured for the root zone and `dnssec-validation auto;` is in effect, the built-in root trust anchor enabled by the latter will be used for DNSSEC validation purposes, but it will not be maintained using the RFC 5011 process.https://gitlab.isc.org/isc-projects/kea/-/issues/456failing cb_cmd unit tests2019-03-06T12:09:57ZWlodzimierz Wencelfailing cb_cmd unit testsWe have one tests that is failing on 3 different systems:
https://jenkins.isc.org/job/kea-master/247/testReport/
which git commits were tested: https://jenkins.isc.org/job/kea-master/247/We have one tests that is failing on 3 different systems:
https://jenkins.isc.org/job/kea-master/247/testReport/
which git commits were tested: https://jenkins.isc.org/job/kea-master/247/Kea1.6Wlodzimierz WencelWlodzimierz Wencelhttps://gitlab.isc.org/isc-projects/bind9/-/issues/869prereq.sh needed in forward test2019-02-08T14:05:03ZCurtis Blackburnprereq.sh needed in forward testsince the forward test now uses ans.pl, it needs to require perl Net::DNSsince the forward test now uses ans.pl, it needs to require perl Net::DNShttps://gitlab.isc.org/isc-projects/bind9/-/issues/870Mirror zone data may not be used during resolution despite being available2019-02-08T10:49:36ZMichał KępieńMirror zone data may not be used during resolution despite being availableConsider a server configured with two mirror zones:
* `bar.`, which has its data loaded,
* `foo.bar.`, which is not loaded (has expired, has not yet been transferred etc.)
(To make the example more dramatic/realistic, use `.` inste...Consider a server configured with two mirror zones:
* `bar.`, which has its data loaded,
* `foo.bar.`, which is not loaded (has expired, has not yet been transferred etc.)
(To make the example more dramatic/realistic, use `.` instead of `bar.` and `org.` instead of `foo.bar.`.)
If a query then arrives for a name at or below `foo.bar`, `named` will *not* use `bar` zone data for resolution purposes, even though it is available.
This happens due to the way `dns_zt_find()` was modified to support mirror zones (see 8d996fd79cac1ac391e1fc775fc06cbb546c30c9).
I am opening this ticket mostly to publicly indicate that this is a known issue. While handling this scenario more elegantly is possible[^1], IMHO it is not critical enough to warrant the added complexity. Feel free to prove me wrong.
For now, I plan to resolve this ticket by adding a code comment explaining the issue. If this ever becomes a real-world problem, we will tackle it then.
[^1]: e.g. by employing `dns_rbt_findnode()` instead of `dns_rbt_findname()` when the `options` argument passed to `dns_zt_find()` has the `DNS_ZTFIND_MIRROR` bit set and then going up the node chain in case the deepest match in the zone table is not loadedBIND 9.13.xMichał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/kea/-/issues/457Publish updated performance report2019-02-13T17:53:25ZTomek MrugalskiPublish updated performance reportThis is a placeholder for comments about Kea 1.5 performance report.This is a placeholder for comments about Kea 1.5 performance report.Kea1.6Suzanne GoldlustSuzanne Goldlusthttps://gitlab.isc.org/isc-projects/bind9/-/issues/871Add a CI check for missing prereq.sh scripts2019-02-11T21:48:13ZMichał KępieńAdd a CI check for missing prereq.sh scriptsAs pointed out by @marka, we can and should use the "precheck" stage of CI pipelines to prevent issues like #869 from being introduced.As pointed out by @marka, we can and should use the "precheck" stage of CI pipelines to prevent issues like #869 from being introduced.Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/kea/-/issues/458Config backend support in src/lib2019-02-20T10:03:37ZFrancis DupontConfig backend support in src/libIncludes all the src/lib code at one exception to support DHCPv6 in config backends.Includes all the src/lib code at one exception to support DHCPv6 in config backends.Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/459Config backend support in DHCPv6 server.2019-02-08T14:17:02ZFrancis DupontConfig backend support in DHCPv6 server.Include code changes with unit tests for src/bin/dhcp6.Include code changes with unit tests for src/bin/dhcp6.Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/460Update MySQL database schema for DHCPv6 config backend.2019-02-22T22:59:28ZFrancis DupontUpdate MySQL database schema for DHCPv6 config backend.This includes 2 MRs: one to align DHCPv4 and DHCPv6 definitions, the second to add missing DHCPv6 stuff, i.e. things added fro DHCPv4 but not yet for DHCPv6.This includes 2 MRs: one to align DHCPv4 and DHCPv6 definitions, the second to add missing DHCPv6 stuff, i.e. things added fro DHCPv4 but not yet for DHCPv6.Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/461DHCPv6 support in MySQL config backend hook.2019-02-08T14:50:18ZFrancis DupontDHCPv6 support in MySQL config backend hook.DHCPv6 support in/for src/hooks/dhcp/mysql_cbDHCPv6 support in/for src/hooks/dhcp/mysql_cbKea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/462DHCPv6 support for cb_cmds hook2019-02-08T14:57:56ZFrancis DupontDHCPv6 support for cb_cmds hookKea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/463Ordering using timestamps without fractional part fails on MySQL 82019-02-19T09:42:17ZFrancis DupontOrdering using timestamps without fractional part fails on MySQL 8Found on my Fedora 29 with community MySQL 8: some get-all unit tests of the MySQL VB hook failed to retrieve audit records in the expected order and all records have the same timestamp.
Fortunately the fix is easy: sort same timestamp ...Found on my Fedora 29 with community MySQL 8: some get-all unit tests of the MySQL VB hook failed to retrieve audit records in the expected order and all records have the same timestamp.
Fortunately the fix is easy: sort same timestamp records using the auto-increment id.
Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/872Add DNAME record to LDAP schema2019-02-10T20:07:39ZGhost UserAdd DNAME record to LDAP schema### Description
Hi,
I manage the project "LDAP Account Manager" and one of our users suggested to manage DNAME records within LDAP. This just requires a small addition in the LDAP schema file. It adds an additional "dlzDNameRecord" obj...### Description
Hi,
I manage the project "LDAP Account Manager" and one of our users suggested to manage DNAME records within LDAP. This just requires a small addition in the LDAP schema file. It adds an additional "dlzDNameRecord" object class.
### Request
Please check and apply my little patch. Thanks a lot in advance for your help.
### Links / references
[dlz-dname.diff](/uploads/c084c6324fb0aedf0b5f535a858cc52a/dlz-dname.diff)https://gitlab.isc.org/isc-projects/bind9/-/issues/873Zones signed only using keys without the SEP bit set cannot be mirrored2019-02-14T10:21:48ZMichał KępieńZones signed only using keys without the SEP bit set cannot be mirroredIn order to be successfully verified, every mirror zone is currently required to be configured with at least one trust anchor that has the SEP bit set. This requirement brings no security benefit and thus should be relaxed.In order to be successfully verified, every mirror zone is currently required to be configured with at least one trust anchor that has the SEP bit set. This requirement brings no security benefit and thus should be relaxed.BIND 9.13.xMichał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/874SEGV crash in unwatch_fd()2019-04-25T15:56:19ZTony FinchSEGV crash in unwatch_fd()My toy server crashed abruptly yesterday - no errors in the log. It is running the 9.13.5 master branch from 2019-01-09 rev f8965a55880f8190bc9c618a50e54eb76877bb85 plus miscellaneous patches unrelated to my recent KSK work. (https://git...My toy server crashed abruptly yesterday - no errors in the log. It is running the 9.13.5 master branch from 2019-01-09 rev f8965a55880f8190bc9c618a50e54eb76877bb85 plus miscellaneous patches unrelated to my recent KSK work. (https://gitlab.isc.org/fanf/bind9/commits/u/fanf2/patch)
Core file says:
```
#0 0x0000562957862065 in unwatch_fd (thread=0x7fbbdd09afc0, thread=0x7fbbdd09afc0, msg=
#1 internal_recv (sock=0x7fbbb4249580) at socket.c:3179
#2 process_fd (writeable=false, readable=true, fd=<optimized out>, thread=0x7fbbdd09b01
#3 process_fds (nevents=<optimized out>, events=0x7fbbdd09c010, thread=0x7fbbdd09b010)
#4 netthread (uap=0x7fbbdd09b010) at socket.c:3615
#5 0x00007fbbdb5c7494 in start_thread (arg=0x7fbbd3477700) at pthread_create.c:333
#6 0x00007fbbdb309acf in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:97
```
The other 18 threads are in various kinds of wait, some of which might be interesting...
I see @wpk was working in this area not long ago.
Let me know if you need any more info.https://gitlab.isc.org/isc-projects/bind9/-/issues/875Support for a global digrc file (proposed patch included)2023-11-02T16:32:30ZGhost UserSupport for a global digrc file (proposed patch included)### Description
Support for a global configuration file for dig.
### Request
As many tools in linux, it would be nice to have a global configuration file for dig in, for example, `/etc/digrc` while users could still overwrite system o...### Description
Support for a global configuration file for dig.
### Request
As many tools in linux, it would be nice to have a global configuration file for dig in, for example, `/etc/digrc` while users could still overwrite system options by using the already supported `$HOME/.digrc`
### Links / references
See proposed patch attached (I couldn't figure how to send a merge request due to lack of experience with Gitlab).
Thanks to Paul Zirnik from SUSE.
[support-for-global-digrc.patch](/uploads/a06eb8731aadeddc07735ace80cb41db/support-for-global-digrc.patch)Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/464Kea DHCPv4 not able to send vendor options if client doesn't send vivso2019-02-19T12:04:48ZTomek MrugalskiKea DHCPv4 not able to send vendor options if client doesn't send vivsoA customer reported a problem that Kea is unable to send back vivso sub-options. Kea sends only the top-level vivso option with correct vendor-id, but is not able to send back any sub-options.
The problem has been investigated and this ...A customer reported a problem that Kea is unable to send back vivso sub-options. Kea sends only the top-level vivso option with correct vendor-id, but is not able to send back any sub-options.
The problem has been investigated and this is caused by the Genexis clients that do not send vivso option itself. That way, the server is not able to figure out what vendor-id to use.
In ideal world, Genexis client would send vivso with enterprise value set to 25167. But they don't and we need to tweak Kea to be able to work around that.Kea1.6Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/465Add subnet4-update and subnet6-update commands to subnet-cmds hook [ISC-suppo...2019-04-19T11:25:18ZVicky Riskvicky@isc.orgAdd subnet4-update and subnet6-update commands to subnet-cmds hook [ISC-support #14130]In order to update an existing subnet, you (currently) have to first delete it and then add it.
When making a small change to a large number of subnets, this can create excessive amount of traffic.
Could we please have additional comman...In order to update an existing subnet, you (currently) have to first delete it and then add it.
When making a small change to a large number of subnets, this can create excessive amount of traffic.
Could we please have additional commands to update an existing subnet?
This was part of the original design, but we didn't implement it at the time (likely ran out of time)
https://gitlab.isc.org/isc-projects/kea/wikis/designs/commands#24-subnets-management
S.7. Kea MAY support the #FF0000 subnet4-update command.
S.8. Kea MAY support the #FF0000 subnet6-update command.
From the wiki:
Those two commands allow making changes to an existing subnet: changing prefix, prefix length, T1, T2, preferred lifetime, valid lifetime timers, allowed client classes, subnet specific options, and subnet-id values. It also allows modifying pools.
Kea1.6Tomek MrugalskiTomek Mrugalski