ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2019-04-12T13:45:13Zhttps://gitlab.isc.org/isc-projects/kea/-/issues/503Refuse option definitions which duplicate a name/space2019-04-12T13:45:13ZFrancis DupontRefuse option definitions which duplicate a name/spaceToday it is allowed to define two options in the same space and with the same name because duplicates are checked only for code (already existing definition with the same code or conflicts with a standard option definition still with the...Today it is allowed to define two options in the same space and with the same name because duplicates are checked only for code (already existing definition with the same code or conflicts with a standard option definition still with the same code).Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/504docs: it should be described what cfg fields are available on which level and...2021-06-23T11:10:05ZMichal Nowikowskidocs: it should be described what cfg fields are available on which level and structureE.g. rebind-timer. It can be global, it can be in subnet, it can be in shared network, maybe it can be in pool.
It is not described in the docs explicitly. It would be good to have a list of all config fields with locations where they ar...E.g. rebind-timer. It can be global, it can be in subnet, it can be in shared network, maybe it can be in pool.
It is not described in the docs explicitly. It would be good to have a list of all config fields with locations where they are allowed.
Another found examples: valid-lifetime, renew-timer.kea1.9.9Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/kea/-/issues/505renew-timer should not be accepted in configuration if it is greater then reb...2023-02-21T11:46:35ZMichal Nowikowskirenew-timer should not be accepted in configuration if it is greater then rebind-timer (and vice versa)Currently it is possible to specify e.g. renew-timer=1500 and rebind-timer=1000,
ie. the former is bigger than latter. Kea accepts such configuration.
Expected behaviour is that a warning or en error is raised to Kea administrator.
Sti...Currently it is possible to specify e.g. renew-timer=1500 and rebind-timer=1000,
ie. the former is bigger than latter. Kea accepts such configuration.
Expected behaviour is that a warning or en error is raised to Kea administrator.
Still, in such case, in ACK packet from Kea only rebind-timer field is present
ie. renew-timer will be skipped as it is bigger than rebind-timer.
The configuration was set via cb-cmds. It was not verified if the behaviour is the same in case of config
from json file.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/506command remote-global-parameter4-set for valid-lifetime, renew-timer and rebi...2019-02-28T05:58:13ZMichal Nowikowskicommand remote-global-parameter4-set for valid-lifetime, renew-timer and rebind-timer does not accept integersit requires stringsit requires stringshttps://gitlab.isc.org/isc-projects/kea/-/issues/507Tighten-up config-set checking so that servers more reliably roll-back and re...2020-07-27T08:51:45ZCathy AlmondTighten-up config-set checking so that servers more reliably roll-back and recover from invalid changesAs reported to us via [#14200](https://support.isc.org/Ticket/Display.html?id=14200):
We found a problem in how config-set is behaving when configuration has errors.
It is supposed to keep the old configuration, but instead the dhcp li...As reported to us via [#14200](https://support.isc.org/Ticket/Display.html?id=14200):
We found a problem in how config-set is behaving when configuration has errors.
It is supposed to keep the old configuration, but instead the dhcp listener stops responding to DHCP requests.
The scenario in which this was uncovered was pre-production system in which there's a client polling every 5 seconds, then a process reads the running configuration and changes the id of one of the subnets from:
"id": 1685525504,
to:
"id": "1685525504",
This incorrect configuration was due to a local process error but it is supposed to be handled by the config-set checking routine...
The error is logged as "invalid type specified for parameter 'id' (<wire>:0:15321)" and then the server is not receiving DHCP requests anymore, but still responds to commands from the ctrl-agent.
A restart is needed to unlock the service.
A log of the incident is available in Support ticket [#14200](https://support.isc.org/Ticket/Display.html?id=14200)kea1.7.10Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/905nsupdate does not honor the operating system's preferred ephemeral port range2021-01-05T11:12:50ZMichał Kępieńnsupdate does not honor the operating system's preferred ephemeral port rangeWhile it is a bug in and of itself, IMHO the most compelling reason to fix this problem is that it is causing rare system test failures.
`nsupdate` may pick a source port number which clashes with a port number assigned to some `named` ...While it is a bug in and of itself, IMHO the most compelling reason to fix this problem is that it is causing rare system test failures.
`nsupdate` may pick a source port number which clashes with a port number assigned to some `named` instance for listening. This does not trigger an error upon `bind()` because both `nsupdate` and `named` set `SO_REUSEADDR` for the relevant sockets. The end result is that `nsupdate` is unable to receive any responses to its queries and thus indicates a timeout.
Another possible symptom of this bug is a `named` instance refusing to start with an "address already in use" error - which is what happens if it tries to `bind()` to its configured listening port when some `nsupdate` process is already bound to that same port (as its source port).Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/kea/-/issues/508remote-network4-set doesn't save subnet2019-05-07T11:46:12ZWlodzimierz Wencelremote-network4-set doesn't save subnetWasn't it fixed in isc-projects/kea#493
Command:
```
{
"arguments": {
"remote": {
"type": "mysql"
},
"server-tags": [
"abc"
],
"shared-networks": [
{
"name": "net1",
"interface": "e...Wasn't it fixed in isc-projects/kea#493
Command:
```
{
"arguments": {
"remote": {
"type": "mysql"
},
"server-tags": [
"abc"
],
"shared-networks": [
{
"name": "net1",
"interface": "enp0s9",
"subnet4": [
{
"interface": "enp0s9",
"pools": [
{
"pool": "192.168.52.1-192.168.52.100"
}
],
"subnet": "192.168.52.0/24"
}
]
}
]
},
"command": "remote-network4-set"
}
```
result:
```
{
"arguments": {
"shared-networks": [
{
"name": "net1"
}
]
},
"result": 0,
"text": "IPv4 shared network successfully set."
}
```
but mysql db is missing subnet:
```
mysql> select * from dhcp4_shared_network;
+----+------+--------------+-----------+-----------------+---------------------+--------------+-------+-------------+------------------------+------------------+--------------+----------------+
| id | name | client_class | interface | match_client_id | modification_ts | rebind_timer | relay | renew_timer | require_client_classes | reservation_mode | user_context | valid_lifetime |
+----+------+--------------+-----------+-----------------+---------------------+--------------+-------+-------------+------------------------+------------------+--------------+----------------+
| 1 | | NULL | enp0s9 | 1 | 2019-02-21 05:40:02 | NULL | NULL | NULL | [ ] | 3 | NULL | NULL |
+----+------+--------------+-----------+-----------------+---------------------+--------------+-------+-------------+------------------------+------------------+--------------+----------------+
1 row in set (0.00 sec)
mysql> select * from dhcp4_subnet;
Empty set (0.00 sec)
```
and network4-get return incorrect network:
```
{
"arguments": {
"count": 1,
"shared-networks": [
{
"authoritative": false,
"interface": "enp0s9",
"match-client-id": true,
"name": "net1",
"option-data": [],
"relay": {
"ip-addresses": []
},
"reservation-mode": "all",
"subnet4": []
}
]
},
"result": 0,
"text": "IPv4 shared network 'net1' found."
}
```Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/509Configuration knob to disable client-id lookup2019-05-10T11:22:24ZTomek MrugalskiConfiguration knob to disable client-id lookupWhile investigating a performance issue for a [customer issue](https://support.isc.org/Ticket/Display.html?id=14124), @tmark came up with an optimization idea to optionally disable client-id lookup.
Kea does two lease lookups: client-id...While investigating a performance issue for a [customer issue](https://support.isc.org/Ticket/Display.html?id=14124), @tmark came up with an optimization idea to optionally disable client-id lookup.
Kea does two lease lookups: client-id (if client sent client-id) and if a lease is not found, another one by MAC address. If admin doesn't care about client-id, the first one could be disabled.
This ticket's goal is to make this lookup optional. Obviously it should be enabled by default, but there should be a knob to disable it.
Instead of adding a new config knob, we should expand the meaning of existing match-client-id parameter.Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/906Release 9.11.6, 9.12.4,9.14.0rc12019-03-08T23:07:08ZStephen MorrisRelease 9.11.6, 9.12.4,9.14.0rc1## Checklist
- (Manager) Check for the presence of a milestone for the release. If there is a milestone, are all the issues for the milestone resolved? (other than this checklist).
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
-...## Checklist
- (Manager) Check for the presence of a milestone for the release. If there is a milestone, are all the issues for the milestone resolved? (other than this checklist).
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- (Manager) Inform Support/Marketing of impending release (and give estimated release dates).
- [x] Complete.
- (SwEng) Prepare the sources for tarball generation:
- Check perflab to ensure there has been no unexplained drop in performance for the version being released.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Ensure that there are no outstanding merge requests in the private repository.
- N/A
- Update API files for libraries with new version information.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Change software version and library versions in configure.in (new major release only).
- N/A
- Rebuild configure using autoconf on docs.isc.org.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Update CHANGES.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Update CHANGES.SE (subscription branch only).
- N/A
- Update "version".
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Update "README.md".
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Check the release notes are correct:
- Compare content with merge requests for the release.
- [ ] 9.11.6
- [ ] 9.12.4
- [ ] 9.14.0rc1
- Check formatting.
- [ ] 9.11.6
- [ ] 9.12.4
- [ ] 9.14.0rc1
- Build documentation on docs.isc.org.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Merge and push changes.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Confirm the gitlab-ci tests are passing.
- [ ] 9.11.6
- [ ] 9.12.4
- [ ] 9.14.0rc1
- Push the changes and tag ("alphatag" is an optional string such as "b1", "" etc.). (```git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]```)
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` (this allows development to continue on the release branch whilst release engineering continues).
- N/A
- (QA) Run the "make release" Jenkins job to produce the tarballs and zips.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- (QA) Sanity check the tarballs. (https://wiki.isc.org/bin/view/QA/BindQaResults_9_11_6)
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- (QA) If a security release, check that the issue in question has been resolved.
- [ ] 9.11.6
- [ ] 9.12.4
- [ ] 9.14.0rc1
- (QA) Request the signature on the tarballs.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- (QA) Check signatures on tarballs.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- (QA) Tell Support to handle notification of release.
- [x] Done.
- (Manager) Inform Marketing of the release
- [ ] Done.
- (Manager) Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
- [x] 9.11.6
- [x] 9.12.4
- (SwEng) Update DEB packages
- [ ] 9.11.6
- [ ] 9.12.4
- [ ] 9.14.0rc1
- (SwEng) Update RPM packages
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- (SwEng) Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`)
- [ ] 9.11.6
- [ ] 9.12.4
- [ ] 9.14.0rc1
## Support
- Make tarballs and signatures available to download.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Write release email to bind9-announce.
- [x] 9.11.6
- [x] 9.12.4
- [x] 9.14.0rc1
- Write email to bind9-users (if a major release).
- N/A
- Update tickets in case of waiting support customers.
- [ ] Complete.
## Marketing
- Post short note to Twitter.
- [x] Complete.
- Update [Wikipedia entry for BIND](http://en.wikipedia.org/wiki/BIND).
- [ ] Complete.
- Write blog article (if a major release).
- N/AOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/511Return a list of all reservations by subnet ID - #313 for Cassandra back-end ...2019-05-22T16:59:20ZCathy AlmondReturn a list of all reservations by subnet ID - #313 for Cassandra back-end (if possible)This is a follow-on request from GL #313 - which was not implemented for Cassandra database back-end due to the technical challenges, described as:
In #313, the idea about paging is to reduce the communication:
- with SQL database you ...This is a follow-on request from GL #313 - which was not implemented for Cassandra database back-end due to the technical challenges, described as:
In #313, the idea about paging is to reduce the communication:
- with SQL database you can ask a page of the whole result from the DB: the kea-server will translate this page to JSON and sends to the requestor.
- with Cassandra you do not have this so you can get the whole result and page it in the kea-sever, etc.
To summarise, what matters is where the paging is done. In #313 we decided to do it only in the DB (so only for SQL DBs).
This ticket is to explore what we could to meet the use-case need (similarly or differently) with the Cassandra back-endKea1.6Razvan BecheriuRazvan Becheriuhttps://gitlab.isc.org/isc-projects/kea/-/issues/512remote-network4-del update2019-03-12T22:11:43ZFrancis Dupontremote-network4-del updateYou asked me what the code should do with the subnets when the shared network is being deleted. I updated the CB design doc: https://gitlab.isc.org/isc-projects/kea/wikis/designs/configuration-in-db-design#remote-network4-del
with two v...You asked me what the code should do with the subnets when the shared network is being deleted. I updated the CB design doc: https://gitlab.isc.org/isc-projects/kea/wikis/designs/configuration-in-db-design#remote-network4-del
with two variants that differ by "subnets-action" parameter. We need to add support for this parameter to explicitly control whether the subnets are kept or deleted. This idea is derived from the subnets_cmds hook and I believe that's the best option here too.
Note that the variant that removes a shared network but keeps subnets requires to update shared_network_name column for all these subnets to null. Perhaps the easiest way to do it via an SQL trigger.Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/kea/-/issues/513Verify that subnets in a shared network sanity checks are performed for confi...2020-06-04T15:44:52ZFrancis DupontVerify that subnets in a shared network sanity checks are performed for config updates outside the JSON config file.Reference https://gitlab.isc.org/isc-projects/kea/merge_requests/242#note_46769
Note this should be addressed only when the CB train will be merged.Reference https://gitlab.isc.org/isc-projects/kea/merge_requests/242#note_46769
Note this should be addressed only when the CB train will be merged.outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/907"padding" system test issues2020-01-23T03:15:10ZMichał Kępień"padding" system test issuesSome of the checks in the "padding" system test appear to be very fragile:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/183716
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/184468
Both of these job failures were triggere...Some of the checks in the "padding" system test appear to be very fragile:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/183716
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/184468
Both of these job failures were triggered by the following check:
```sh
echo_i "checking that a padding server config should enforce TCP ($n)"
ret=0
n=`expr $n + 1`
$RNDCCMD 10.53.0.2 stats
opad=`grep "EDNS padding option received" ns2/named.stats | \
tail -1 | awk '{ print $1}'`
$DIG $DIGOPTS foo.example @10.53.0.4 > dig.out.test$n
$RNDCCMD 10.53.0.2 stats
npad=`grep "EDNS padding option received" ns2/named.stats | \
tail -1 | awk '{ print $1}'`
if [ "$opad" -ne "$npad" ]; then ret=1; fi
if [ $ret != 0 ]; then echo_i "failed"; fi
status=`expr $status + $ret`
```
What happens in the above two failed jobs is that (I believe due to QNAME minimization on `ns3`, which is queried shortly before the check quoted above), `ns3` may send a TCP query for `ns2.example/AAAA` to `ns2` after the first `rndc stats` invocation but before `ns4` is queried for `foo.example`. This causes the "EDNS padding option received" counter to be different between the two `rndc stats` invocations in the check quoted above, triggering a false positive. This seems to be a very fragile method of checking whether `ns4` sent a query with an EDNS padding option present.
The test also fails to preserve diagnostic information for later inspection.
Finally, I find the test descriptions quite confusing - EDNS padding does not *enforce* TCP, it *requires* TCP.https://gitlab.isc.org/isc-projects/kea/-/issues/514setting echo-client-id via cb-cmds fails during config-reload2019-03-12T09:45:40ZMichal Nowikowskisetting echo-client-id via cb-cmds fails during config-reloadsetting value command:
```javascript
{'arguments': {'parameters': [{'name': 'echo-client-id', 'value': 'false'}],
'remote': {'type': 'mysql'},
'server-tags': ['abc']},
'command': 'remote-global-parameter4-s...setting value command:
```javascript
{'arguments': {'parameters': [{'name': 'echo-client-id', 'value': 'false'}],
'remote': {'type': 'mysql'},
'server-tags': ['abc']},
'command': 'remote-global-parameter4-set',
'service': ['dhcp4']}
```
answer:
```javascript
[
{
"result": 0,
"text": "DHCPv4 global parameter successfully set."
}
]
```
reload result:
```javascript
{'arguments': {}, 'command': 'config-reload', 'service': ['dhcp4']}
[
{
"result": 1,
"text": "Config reload failed:configuration error using file '/usr/local/etc/kea/kea.conf': Invalid value:\"false\" explict global:echo-client-id"
}
]
```Kea1.6Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/bind9/-/issues/908Release 9.12.4 enables python by default!2021-10-04T18:55:45ZDaniel StirnimannRelease 9.12.4 enables python by default!<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
I'm upgrading from BIND 9.12.3-P4 to BIND 9.12.4 and encountered that the configure script now defaults to enable python by default. I'm all for default python support but this was an unexpected change in a minor version change on the stable release.
As far as I understood, python got enabled by default in 9.13.4 and onwards. Can it be that this is an error that you also enabled it by default for BIND 9.12.4?
### Relevant logs and/or screenshots
```
./configure
...
checking for python... /usr/bin/python
checking if /usr/bin/python is python2 version >= 2.7 or python3 version >= 3.2... yes
checking Python module 'argparse'... yes
checking Python module 'ply'... no
checking for python3... no
checking for python3.7... no
checking for python3.6... no
checking for python3.5... no
checking for python3.4... no
checking for python3.3... no
checking for python3.2... no
checking for python2... /usr/bin/python2
checking if /usr/bin/python2 is python2 version >= 2.7 or python3 version >= 3.2... yes
checking Python module 'argparse'... yes
checking Python module 'ply'... no
checking for python2.7... /usr/bin/python2.7
checking if /usr/bin/python2.7 is python2 version >= 2.7 or python3 version >= 3.2... yes
checking Python module 'argparse'... yes
checking Python module 'ply'... no
checking for Python support... no
BUILDSTDERR: configure: error: Python required for dnssec-keymgr
```
### Possible fixes
I have now used `--without-python` to retain the previous behavior of the BIND 9.12 stable release.https://gitlab.isc.org/isc-projects/bind9/-/issues/909BIND 9.14.0rc1 fails on NetBSD 8 because of missing libatomic2019-03-05T23:17:28ZCarsten StrotmannBIND 9.14.0rc1 fails on NetBSD 8 because of missing libatomic### Summary
BIND 9.14.0rc1 does not build on NetBSD 8
### BIND version used
BIND 9.14.0rc1
### Steps to reproduce
```
tar xfz bind-9.14.0rc1.tar.gz
cd bind-9.14.0rc1
./configure
make
```
### What is the current *b...### Summary
BIND 9.14.0rc1 does not build on NetBSD 8
### BIND version used
BIND 9.14.0rc1
### Steps to reproduce
```
tar xfz bind-9.14.0rc1.tar.gz
cd bind-9.14.0rc1
./configure
make
```
### What is the current *bug* behavior?
```
ranlib libisccc.a
touch timestamp
making all in /usr/src/bind-9.14.0rc1/lib/dns
gcc -g -O2 -pthread -I/usr/pkg/include/libxml2 -I/usr/include -I../../lib/isc/include -o gen ./gen.c -Wl,-R/usr/pkg/lib -L/usr/pkg/lib -lxml2 -L/usr/lib -lz -L/usr/lib -llzma -L/usr/lib -lm -latomic
ld: cannot find -latomic
*** Error code 1
```
### What is the expected *correct* behavior?
I used to configure BIND 9 on NetBSD 8 with '--enable-atomic=no'
In BIND 9.14.0rc1, this configure option has been removed.
### Relevant configuration files
N/A
### Relevant logs and/or screenshots
N/A
### Possible fixes
either ./configure should detect the missing libatomic library and stop, or it should be possible to configure BIND 9 to build without libatomichttps://gitlab.isc.org/isc-projects/bind9/-/issues/910BIND 9.14.0rc1 fails to install plugins on NetBSD 82019-03-14T23:11:01ZCarsten StrotmannBIND 9.14.0rc1 fails to install plugins on NetBSD 8### Summary
the make system of BIND 9.14.0rc1 fails to install the plugin "filter-aaaa.so" from the plugins directory. It seems that the Makefile has not been correctly written.
### BIND version used
BIND 9.14.0rc1
### Steps to repro...### Summary
the make system of BIND 9.14.0rc1 fails to install the plugin "filter-aaaa.so" from the plugins directory. It seems that the Makefile has not been correctly written.
### BIND version used
BIND 9.14.0rc1
### Steps to reproduce
```
# ./configure
# gmake
# gmake install
```
Same happens with BSD "make"
### What is the current *bug* behavior?
```
Removing /opt/bind/lib/python3.7/site-packages/isc-2.0-py3.7.egg-info
Writing /opt/bind/lib/python3.7/site-packages/isc-2.0-py3.7.egg-info
gmake[2]: Leaving directory '/usr/src/bind-9.14.0rc1/bin/python'
making install in /usr/src/bind-9.14.0rc1/bin/plugins
gmake[2]: Entering directory '/usr/src/bind-9.14.0rc1/bin/plugins'
o filter-aaaa.so \
filter-aaaa.o
gmake[2]: o: Command not found
gmake[2]: [Makefile:446: filter-aaaa.so] Error 127 (ignored)
/bin/sh ../../mkinstalldirs /opt/bind/lib
/bin/sh ../../mkinstalldirs /opt/bind/share/man/man8
/usr/bin/install -c -m 644 filter-aaaa.so \
/opt/bind/lib
install: filter-aaaa.so: stat: No such file or directory
gmake[2]: *** [Makefile:463: install] Error 1
gmake[2]: Leaving directory '/usr/src/bind-9.14.0rc1/bin/plugins'
gmake[1]: *** [Makefile:100: install] Error 1
gmake[1]: Leaving directory '/usr/src/bind-9.14.0rc1/bin'
gmake: *** [Makefile:110: install] Error 1
```
### What is the expected *correct* behavior?
BIND 9 installing correctly
### Relevant configuration files
N/A
### Relevant logs and/or screenshots
N/A
### Possible fixes
N/Ahttps://gitlab.isc.org/isc-projects/kea/-/issues/516echo-client-id is not taken into account by server2019-03-01T13:34:48ZMichal Nowikowskiecho-client-id is not taken into account by serverServer never responds with client-id whether it was forced by echo-client-id set to true or not. echo-client-id was set via JSON file and via cb-cmds.Server never responds with client-id whether it was forced by echo-client-id set to true or not. echo-client-id was set via JSON file and via cb-cmds.https://gitlab.isc.org/isc-projects/kea/-/issues/517remote-network4-set doesn't save some parameters2019-04-16T09:58:51ZWlodzimierz Wencelremote-network4-set doesn't save some parametersconfig parameters:
* rebind-timer
* renew-timer
* valid-lifetime
* reservation-mode
are not saved when remote-network4-set is used.
**Scenario**
add network:
```
{
"arguments": {
"remote": {
"type": "mysql"
},
"serv...config parameters:
* rebind-timer
* renew-timer
* valid-lifetime
* reservation-mode
are not saved when remote-network4-set is used.
**Scenario**
add network:
```
{
"arguments": {
"remote": {
"type": "mysql"
},
"server-tags": [
"abc"
],
"shared-networks": [
{
"client-class": "abc",
"interface": "enp0s9",
"name": "net1",
"option-data": [
{
"always-send": true,
"code": 6,
"csv-format": true,
"data": "192.0.2.1"
}
],
"rebind-timer": 200,
"renew-timer": 100,
"reservation-mode": "global",
"subnet4": [
{
"interface": "enp0s9",
"pools": [
{
"pool": "192.8.0.1-192.8.0.1"
}
],
"subnet": "192.8.0.0/24"
}
],
"user-context": "some weird network",
"valid-lifetime": 300
}
]
},
"command": "remote-network4-set"
}
```
response:
```
{
"arguments": {
"shared-networks": [
{
"name": "net1"
}
]
},
"result": 0,
"text": "IPv4 shared network successfully set."
}
```
get network:
```
{
"arguments": {
"remote": {
"type": "mysql"
},
"server-tags": [
"abc"
],
"shared-networks": [
{
"name": "net1"
}
]
},
"command": "remote-network4-get"
}
```
returned configuration:
```
{
"arguments": {
"count": 1,
"shared-networks": [
{
"authoritative": false,
"client-class": "abc",
"interface": "enp0s9",
"match-client-id": true,
"name": "net1",
"option-data": [
{
"always-send": true,
"code": 6,
"csv-format": true,
"data": "192.0.2.1",
"name": "domain-name-servers",
"space": "dhcp4"
}
],
"relay": {
"ip-addresses": []
},
"reservation-mode": "all",
"subnet4": [],
"user-context": "some weird network"
}
]
},
"result": 0,
"text": "IPv4 shared network 'net1' found."
}
```
quick peak into database:
```
mysql> select * from dhcp4_shared_network;
+----+------+--------------+-----------+-----------------+---------------------+--------------+-------+-------------+------------------------+------------------+----------------------+----------------+
| id | name | client_class | interface | match_client_id | modification_ts | rebind_timer | relay | renew_timer | require_client_classes | reservation_mode | user_context | valid_lifetime |
+----+------+--------------+-----------+-----------------+---------------------+--------------+-------+-------------+------------------------+------------------+----------------------+----------------+
| 1 | net1 | abc | enp0s9 | 1 | 2019-03-01 05:31:28 | NULL | NULL | NULL | [ ] | 3 | "some weird network" | NULL |
+----+------+--------------+-----------+-----------------+---------------------+--------------+-------+-------------+------------------------+------------------+----------------------+----------------+
1 row in set (0.00 sec)
```
...and values are indeed missing. Related: isc-projects/kea#508Kea1.6Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/911Add support for BIND with native pkcs11 support to retrieve HSM pin from an e...2021-10-04T18:57:16ZCathy AlmondAdd support for BIND with native pkcs11 support to retrieve HSM pin from an environment variable (instead of a file) [ISC-support #14233]When integrating BIND with an HSM to manage private keys, along with automatic DNSSEC signature maintenance, a mechanism has to be put into place to handle the pin needed to access the private keys in the HSM device.
When building BIND ...When integrating BIND with an HSM to manage private keys, along with automatic DNSSEC signature maintenance, a mechanism has to be put into place to handle the pin needed to access the private keys in the HSM device.
When building BIND with native pkcs#11 support, this can only be done by means of a pin file on disk.
When building BIND using instead patched OpenSSL to interface with the HSM, you can instead set an environment variable.
In production environments where the latter (environment variable containing the HSM pin) is preferred, it is not currently possible to deploy DNSSEC with native pkcs11 support for the HSM.
(This should be relatively easy to do?)Ondřej SurýOndřej Surý