ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2020-12-21T13:53:04Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/1569link warnings on MacOs2020-12-21T13:53:04ZRazvan Becheriulink warnings on MacOsfound during #1565
```
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_linux.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(lib...found during #1565
```
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_linux.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_sun.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_linux.o) has no symbols
/Library/Developer/CommandLineTools/usr/bin/ranlib: file: .libs/libkea-dhcp++.a(libkea_dhcp___la-iface_mgr_sun.o) has no symbols
```outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2302DOT scalability, performance testing2021-09-13T20:52:00ZVicky Riskvicky@isc.orgDOT scalability, performance testingWe need to find a way to test with a large number of DOT connections for scalability. I understand our current perflab set up cannot do this.
The goals of this might include:
- checking that DOT scaling is equivalent to TCP scaling (if...We need to find a way to test with a large number of DOT connections for scalability. I understand our current perflab set up cannot do this.
The goals of this might include:
- checking that DOT scaling is equivalent to TCP scaling (if it is much worse we might consider that a bug)
- providing some guidance to users about throughput (e.g. as a % of UDP performance)
- verifying (functionally) that rate limits work as expected for DOThttps://gitlab.isc.org/isc-projects/kea/-/issues/1566host entry conflict: same identifier, identifier type and subnet id2022-10-25T13:27:59ZFrancis Duponthost entry conflict: same identifier, identifier type and subnet idThis comes from the test_v4_host_reservation_conflicts_duplicate_reservations forge test.
The question is what happens with 2 host reservations using the same identifier, identifier type and subnet id.
In the config the host container ...This comes from the test_v4_host_reservation_conflicts_duplicate_reservations forge test.
The question is what happens with 2 host reservations using the same identifier, identifier type and subnet id.
In the config the host container uses 3 different not unique indexes for the identifier+type, subnet id v4 and v6. As far I know there is no conflict check at config time. The get methods throw DuplicateHost.
MySQL database since schema 5.0 (Kea 1.1.0) uses unique key_dhcp[46]_identifier_subnet_id indexes so does not allow the same identifier + type with the same not null subnet id. The not null matters because the host reservation table is shared between v4 and v6 so same identier and type is allowed with for instance different v4 subnet ids even both v6 subnet ids are null.
MySQL backend get methods do not check: they return the first host if the query returns at least one.
PostgreSQL database is very close to MySQL with a small difference introduced in schema 3.2 (Kea 1.4.0): the unique constraint does not apply when the subnet id is 0.
Cassanda/CQL schema has no constaint. The get methods check if more than one host is found and throw MultipleRecords.
On the forge side:
- test_v4_host_reservation_conflicts_duplicate_reservations verifies that the configuration case allows conflicts
- test_v4_host_reservation_conflicts_duplicate_reservations_mysql verifies that the MySQL case allows conflicts and fails because it is not allowed
There is no check for PostgreSQL but it should fail if reservations are not global.
Note a similar constraint was removed on the same address and subnet id by #1428 in 1.9.1 (search for ip-reservations-unique).
Proposed action: reverse forge tests, add a PgSQL one and consider to add a check for the configuration case: at least an unit test should verify an incorrect configuration giving failures at run time is rejected.outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2301Add FIPS mode enabled builds to GitLab CI2022-06-22T15:06:44ZMichal NowakAdd FIPS mode enabled builds to GitLab CIBIND9 supports FIPS mode (`--enable-fips-mode`) but is not regularly tested in the CI. For this to happen this needs to be accomplished:
- [ ] Basic FIPS build fixes integrated https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/...BIND9 supports FIPS mode (`--enable-fips-mode`) but is not regularly tested in the CI. For this to happen this needs to be accomplished:
- [ ] Basic FIPS build fixes integrated https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4281 ([performs](https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/4281/diffs#87db583be5c13c1f7b3c958b10e03d67b6a2ca06) builds with `--enable-fips-mode`)
- [ ] System test can run without MD5 (there's plenty of `algorithm hmac-md5;` in system test or implicit expectation of MD5 in `dig` invocations in `acl` and `allow-query` system tests)
- [ ] Red Hat FIPS patches by @pemensik at https://src.fedoraproject.org/rpms/bind/tree/master for `v9_11` evaluated
- [ ] FIPS-enabled host or VM image (most likely with CentOS)
- [ ] CI job(s) with `--enable-fips-mode` in the build stage and subsequent unit and system test CI jobsNot plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/2300rndc retransfer with specific master2023-11-06T16:08:49ZPeter Daviesrndc retransfer with specific master### Description
rndc retransfer with specific master
The rndc tool has a retransfer zone command.
**retransfer zone [class [view]]** Retransfer the given slave zone from the master server.
It may be useful to be able to specify ...### Description
rndc retransfer with specific master
The rndc tool has a retransfer zone command.
**retransfer zone [class [view]]** Retransfer the given slave zone from the master server.
It may be useful to be able to specify a master server with this command. Where there are more than one server defined as master for the zone.
[RT #17310](https://support.isc.org/Ticket/Display.html?id=17310)https://gitlab.isc.org/isc-projects/bind9/-/issues/2299Restart running transfer2023-11-06T16:06:19ZPeter DaviesRestart running transfer### Description
The ability to:
retransfer the zone with something like "rndc force-retransfer [zone]"
which would abort the current inflight transfer and restart it.
It has been noted transfer of large resigned zones can get qu...### Description
The ability to:
retransfer the zone with something like "rndc force-retransfer [zone]"
which would abort the current inflight transfer and restart it.
It has been noted transfer of large resigned zones can get quenched at source.
[RT #17310](https://support.isc.org/Ticket/Display.html?id=17310)https://gitlab.isc.org/isc-projects/stork/-/issues/456migrate from swagger to openapi tools and switch to version 3.02023-03-30T15:50:19ZMichal Nowikowskimigrate from swagger to openapi tools and switch to version 3.0There are two tasks:
- [ ] migrate away from swagger to openapi
- [ ] migrate to OpenAPI spec 3.0 (the current latest is 3.0.3)There are two tasks:
- [ ] migrate away from swagger to openapi
- [ ] migrate to OpenAPI spec 3.0 (the current latest is 3.0.3)backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1564possible host retrieval optimization2022-11-02T15:10:18ZFrancis Dupontpossible host retrieval optimizationallocateLeases6 retrieves client leases using IA type, DUID and IAID, and filters the result using the subnets of the shared network.
renewLeases6 retrieves client leases using IA type, DUID, IAID and subnet ID, and merges results itera...allocateLeases6 retrieves client leases using IA type, DUID and IAID, and filters the result using the subnets of the shared network.
renewLeases6 retrieves client leases using IA type, DUID, IAID and subnet ID, and merges results iterating the subnets of the shared network.
Both ways get exactly the same list of leases but with different database queries.
Outside shared network the subnet ID narrows the search so it lightly more efficient. In a shared network it uses one query per subnet so is clearly less efficient.
In conclusion the idea is to factor the two retrievals and to use the best way according to in/outside a shared network.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1563allow perfdhcp to send renew only2022-11-02T15:10:17ZAndrei Pavelandrei@isc.orgallow perfdhcp to send renew onlyWas trying to spin up a fast setup for support#17299 to see that a DHCP client does not exit it's renew state while changing configurations. This is not easily achieveable with the current perfdhcp which, at most, sends 1:1:1 discover:re...Was trying to spin up a fast setup for support#17299 to see that a DHCP client does not exit it's renew state while changing configurations. This is not easily achieveable with the current perfdhcp which, at most, sends 1:1:1 discover:requests:renews/solicits:requests:renews. I would like to send 1:1:n messages or even 0:0:n. Solutions:
* 1:1:n
* Don't remove from the ack_storage/reply_storage after a renew message has been sent
* Allow renew rate to surpass rate
* As an extension to allow 0:0:n
* Save the ack_storage/reply_storage in a file on one run. Load the ack_storage/reply_storage from file in the run that sends renews only.
This would also result in an increase of performance measurements if performance experiments are run in this mode. The assumption here is that discovers and solicits are more resource-intensive to be handled. So getting rid of them would result in more leases (fine, renews) per second.
And that is not a cheap unrealistic shortcut, but rather a scenario more closer to reality.backloghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2297Add long term server properties database2023-11-02T16:26:05ZMark AndrewsAdd long term server properties databaseAdd long term server properties database which is updated from routine traffic so that named doesn't have to relearn server characteristics.
e.g. Supports DNS COOKIEAdd long term server properties database which is updated from routine traffic so that named doesn't have to relearn server characteristics.
e.g. Supports DNS COOKIENot plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/1562command_processed hook not tested or documented in CA2022-08-01T13:27:57ZTomek Mrugalskicommand_processed hook not tested or documented in CAThis was discovered in #1421 that the `command_processed` hook point is not documented and not tested.
With the upcoming RBAC, we need to improve the testing situation.This was discovered in #1421 that the `command_processed` hook point is not documented and not tested.
With the upcoming RBAC, we need to improve the testing situation.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1557add loose comparison in some unit tests2022-11-02T15:10:19ZFrancis Dupontadd loose comparison in some unit testsFor instance Multi-node testing loop / freebsd-64-latest / results / RebindTest.requestPrefixInRebind failed with:
```
rebind_unittest.cc:948
Expected: 1000
To be equal to: leases_client_na_rebound[0].cltt_ - leases_client_na[0].cl...For instance Multi-node testing loop / freebsd-64-latest / results / RebindTest.requestPrefixInRebind failed with:
```
rebind_unittest.cc:948
Expected: 1000
To be equal to: leases_client_na_rebound[0].cltt_ - leases_client_na[0].cltt_
Which is: 1001
```
it is obviously a timing issue. I propose:
- create a generic tool for handling this case if it does not yet exist
- use it beginning by this testbackloghttps://gitlab.isc.org/isc-projects/bind9/-/issues/2293zone transfer tracking2020-11-19T08:13:25ZPeter Davieszone transfer tracking### Description
zone transfer tracking mechanism
### Request
This is feature request for a function that would allow one to list zone transfers that are in-progress at any one time and how long they have been running for.
Benefit...### Description
zone transfer tracking mechanism
### Request
This is feature request for a function that would allow one to list zone transfers that are in-progress at any one time and how long they have been running for.
Benefits:
- be able to determine if zone transfers are running longer than expected.
- be able to track transfers in-progress over time to monitor primary and secondary zone transfer health.
### Links / references
RT #[17310](https://support.isc.org/Ticket/Display.html?id=17310).https://gitlab.isc.org/isc-projects/stork/-/issues/454UI tests needed for menu2022-03-01T14:19:02ZTomek MrugalskiUI tests needed for menuAs a follow-up to #419, we decided to implement UI unit-tests for menu. Yes, it's a compromise. After this ticket is done and we have UT ready and working, we may revisit the question whether the function is lacking in performance and wh...As a follow-up to #419, we decided to implement UI unit-tests for menu. Yes, it's a compromise. After this ticket is done and we have UT ready and working, we may revisit the question whether the function is lacking in performance and whether this is a problem or not. But that's outside of scope of this ticket.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1545perfdhcp command line examples are needed2022-11-02T15:10:19ZTomek Mrugalskiperfdhcp command line examples are neededOne person complained about [lack of perfdhcp command line examples](https://lists.isc.org/pipermail/kea-users/2019-August/002512.html) on kea-users, which gotten a reply with someone pointing out to some ancient document Tomek and Marc...One person complained about [lack of perfdhcp command line examples](https://lists.isc.org/pipermail/kea-users/2019-August/002512.html) on kea-users, which gotten a reply with someone pointing out to some ancient document Tomek and Marcin wrote in 2012.
We should either add a new section to the ARM explaining basics of perfdhcp, or extend current man page. I think long term ARM section would be better, as we may evolve it into performance tips.backloghttps://gitlab.isc.org/isc-projects/kea/-/issues/1544user-class filtering per reservation (Microsoft DHCP)2020-12-21T13:11:08ZTomek Mrugalskiuser-class filtering per reservation (Microsoft DHCP)Some time ago there was [a discussion on kea-users](https://lists.isc.org/pipermail/kea-users/2019-April/002333.html) (note: the discussion continued in May). Here's what the user was trying to do:
> What mkangelo and I are trying to do...Some time ago there was [a discussion on kea-users](https://lists.isc.org/pipermail/kea-users/2019-April/002333.html) (note: the discussion continued in May). Here's what the user was trying to do:
> What mkangelo and I are trying to do is to replace Microsoft DHCP server which has a feature to create host reservations with
two option 67 values which are served to the client based on the class (type) of the client - for example return undionly.kpxe when client is pxe return https://api.example.com/customurl/ when client is gpxe
Here's an expression they're trying to achieve:
```
Client class is extracted from DHCP Discover packets:
IF Option [77] == gPXE
then second value is being returned
ELSEIF Option [60] == "PXEClient:Arch:00000:UNDI:002001"
then first value is returned
```
This seems like a useful feature that's provided by some other implementations.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/1541Add backend call counters2020-12-21T13:08:48ZFrancis DupontAdd backend call countersThe idea is to add simple counters (vs full stats) for backend API method calls. For instance in #1418 it would be very fine to confirm that a lease is not updated twice. I know that profiling can get the same information but this is far...The idea is to add simple counters (vs full stats) for backend API method calls. For instance in #1418 it would be very fine to confirm that a lease is not updated twice. I know that profiling can get the same information but this is far more immediate for a low cost (i.e. I am sure the cost will be more than recovered by optimizations it is expected to allow).
Note we do not need large counters: it does not matter if a counter wraps as soon as it takes a long time to happen...outstandinghttps://gitlab.isc.org/isc-projects/dhcp/-/issues/149dhcpd is not escaping quotes (") in .leases2021-01-13T10:46:18ZJoost Bekkersdhcpd is not escaping quotes (") in .leases---
name: Bug report
about: dhcpd can't parse it's own .leases file when using events containing escaped " (")
---
**Describe the bug**
When a release and/or expire event is configured which contains an escaped quote (ie "this is...---
name: Bug report
about: dhcpd can't parse it's own .leases file when using events containing escaped " (")
---
**Describe the bug**
When a release and/or expire event is configured which contains an escaped quote (ie "this is a quote \"." )
the event definition is also written to the leases file when applicable. The backslash used to escape the quote is not written.
When the daemon is restarted it can't parse the leases file and complains it is corrupt.
**To Reproduce**
1. Run dhcpd containing the following config
~~~
on release {
set clip = binary-to-ascii(10, 8, ".", leased-address);
set clhw = binary-to-ascii(16, 8, ":", substring(hardware, 1, 6));
set cid = pick-first-value( concat( "\"", substring(option agent.circuit-id,2,256), "\""), "NO-CID");
set rid = pick-first-value( concat( "\"", substring(option agent.remote-id,2,256), "\""), "NO-RID");
log(info, concat( "RELEASE ", clip, " on ", clhw, " at ", cid, "/", rid));
}
~~~
2. Wait for a client to obtain a lease and the .leases file to be updated.
3. Observe that the leases file now contains
~~~
on release {
set clip =
binary-to-ascii (10, 8, ".", leased-address) ;
set clhw =
binary-to-ascii (16, 8, ":",
substring (hardware, 1, 6)) ;
set cid =
pick-first-value (concat (concat (""",
substring (option agent.circuit-id, 2,
256)), """), "NO-CID") ;
set rid =
pick-first-value (concat (concat (""",
substring (option agent.remote-id, 2,
256)), """), "NO-RID") ;
log (info,
concat (concat (concat (concat (concat (concat (concat ("RELEASE ", clip), " on "),
clhw), " at "), cid), "/"), rid));
}
~~~
3. Restart dhpcd
4. See errors about "comma expected" and "possibly corrupt lease file"
**Expected behavior**
Leases file should be written including the escaping backslash.
**Environment:**
- ISC DHCP version: 4.4.2
- OS: FreeBSD 12
- Which features were compiled in
**Describe the solution you'd like**
I think the problem is in token_indent_data_string() in common/print.c. The purely ASCII path should insert a backslash where needed.
It might be easier to just handle the string as binary, but that impacts human readability.https://gitlab.isc.org/isc-projects/kea/-/issues/1538missing new global parameters in documentation2022-11-02T15:10:17ZFrancis Dupontmissing new global parameters in documentationIn the DHCPv4 8.14.1. Supported Parameters: authoritative, ddns-use-conflict-resolution, ip-reservations-unique, min and max valid-lifetime, statistic-default-sample-age, statistic-default-sample-count and store-extended-info.
In the DH...In the DHCPv4 8.14.1. Supported Parameters: authoritative, ddns-use-conflict-resolution, ip-reservations-unique, min and max valid-lifetime, statistic-default-sample-age, statistic-default-sample-count and store-extended-info.
In the DHCPv6 9.19.1. Supported Parameters: ddns-use-conflict-resolution, min and max preferred and valid lifetime, ip-reservations-unique, statistic-default-sample-age, statistic-default-sample-count and store-extended-info.
Two other points: I did not put in these lists the server-tag because it is not really settable. And please consider to make the lists sorted in alphabetical order.backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/452Configuration: hide "shared subnet" in Stork2022-02-04T09:05:09ZCarsten StrotmannConfiguration: hide "shared subnet" in StorkMany DHCP networks do not have Shared Subnets.
It should be possible to hide all aspects of "shared subnets" in Stork (via the Stork configuration), as it takes precious screen space and might confuse administrators.Many DHCP networks do not have Shared Subnets.
It should be possible to hide all aspects of "shared subnets" in Stork (via the Stork configuration), as it takes precious screen space and might confuse administrators.backlog