ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2023-12-12T12:42:20Zhttps://gitlab.isc.org/isc-projects/stork/-/issues/1132Reset pagination on filter change in config review panel2023-12-12T12:42:20ZSlawek FigielReset pagination on filter change in config review panelThe issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1124#note_393179).
The pagination in the config review panel is not reset when the filters change.
Steps to reproduce:
1. Ch...The issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1124#note_393179).
The pagination in the config review panel is not reset when the filters change.
Steps to reproduce:
1. Choose a daemon with more than 5 enabled checkers and at least 1 issue found.
1. Disable issue filtration (set the "All reports" option).
1. Go to the last page
1. Enable issue filtration (set the "Issues only" option).
1. Observe there are no issues displayed.
![image](https://gitlab.isc.org/isc-projects/stork/uploads/286a3bfdbf25d4a96eb7d5b21a382919/image.png)backloghttps://gitlab.isc.org/isc-projects/stork/-/issues/1134Host filtration returns unexpected results2023-08-22T13:39:07ZSlawek FigielHost filtration returns unexpected resultsThe issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1124#note_393202).
The subnet list displays unexpected items if the filter value is `128`.
![image](https://gitlab.isc.org/is...The issue was found by @slawek during [1.12 sanity checks](https://gitlab.isc.org/isc-projects/stork/-/issues/1124#note_393202).
The subnet list displays unexpected items if the filter value is `128`.
![image](https://gitlab.isc.org/isc-projects/stork/uploads/2e72740db71b46904797ac409b54b856/image.png)backloghttps://gitlab.isc.org/isc-projects/dhcp/-/issues/290The timer of dhclient doesn't work if date changed2023-08-30T12:51:28Zqianfan ZhaoThe timer of dhclient doesn't work if date changedHi:
dhclient use `gettimeofday(&cur_tv, NULL);` get current time and use this wall time as timer resource. So the timer resource is not valid when the date is changed.
Next is the dhclient logs when no cable plugged in:
```
Jan 9 07...Hi:
dhclient use `gettimeofday(&cur_tv, NULL);` get current time and use this wall time as timer resource. So the timer resource is not valid when the date is changed.
Next is the dhclient logs when no cable plugged in:
```
Jan 9 07:31:48 buildroot daemon.info dhclient: Internet Systems Consortium DHCP Client 4.4.3
Jan 9 07:31:48 buildroot daemon.info dhclient: Copyright 2004-2022 Internet Systems Consortium.
Jan 9 07:31:48 buildroot daemon.info dhclient: All rights reserved.
Jan 9 07:31:48 buildroot daemon.info dhclient: For info, please visit https://www.isc.org/software/dhcp/
Jan 9 07:31:48 buildroot daemon.info dhclient:
Jan 9 07:31:49 buildroot daemon.info dhclient: Listening on LPF/FE0/0c:fe:5d:42:5d:eb
Jan 9 07:31:49 buildroot daemon.info dhclient: Sending on LPF/FE0/0c:fe:5d:42:5d:eb
Jan 9 07:31:49 buildroot daemon.info dhclient: Sending on Socket/fallback
Jan 9 07:31:49 buildroot daemon.info dhclient: DHCPDISCOVER on FE0 to 255.255.255.255 port 67 interval 4
Jan 9 07:31:53 buildroot daemon.info dhclient: DHCPDISCOVER on FE0 to 255.255.255.255 port 67 interval 4
Jan 9 07:31:57 buildroot daemon.info dhclient: DHCPDISCOVER on FE0 to 255.255.255.255 port 67 interval 6
Jan 9 07:32:03 buildroot daemon.info dhclient: DHCPDISCOVER on FE0 to 255.255.255.255 port 67 interval 14
<date is changed after this>
```
It should print sometings like this and try again later:
```
dhclient: No DHCPOFFERS received.
dhclient: No working leases in persistent database - sleeping.
```
But after the date changed, dhclient hangup forever.https://gitlab.isc.org/isc-projects/keama/-/issues/32keama should use // comments in generated configs, not #2023-09-21T07:42:23ZTomek Mrugalskikeama should use // comments in generated configs, not #While both are accepted by Kea, the double slash comments are better for handling the JSON files.
Yes, the JSON standard doesn't allow comments, but the files could be interpreted as javascript files
and then many editors will understand...While both are accepted by Kea, the double slash comments are better for handling the JSON files.
Yes, the JSON standard doesn't allow comments, but the files could be interpreted as javascript files
and then many editors will understand the syntax. This is convenient for example when importing
the snippets into Sphinx or viewing the files with VSCode.4.5.1https://gitlab.isc.org/isc-projects/kea/-/issues/3005ddns CHG_ADD before CHG_REMOVE2023-11-16T18:46:52Zphilip-smartbitddns CHG_ADD before CHG_REMOVE---
name: ddns add nsupdate before remove nsupdate
---
**Describe the bug**
we updated kea to 2.4.0 and set ddns-update-on-renew to true. Since the update we noticed that some hosts lost their dns records (but had a correct lease). fr...---
name: ddns add nsupdate before remove nsupdate
---
**Describe the bug**
we updated kea to 2.4.0 and set ddns-update-on-renew to true. Since the update we noticed that some hosts lost their dns records (but had a correct lease). from around 13:00 07/aug/2023 until now we had 6 hosts losing their dns record. we updated to kea 2.4.0 on 13:00 07/aug/2023
In the kea ddns log we noticed that the problem hosts all showed a CHG_ADD before a CHG_REMOVE:
2023-08-07 18:07:36.634 INFO [kea-dhcp-ddns.d2-to-dns/1587] DHCP_DDNS_ADD_SUCCEEDED DHCP_DDNS Request ID 000201B0E0B8DAF410D5E089236F7462BDCB78A628FBA03A6D38ADF43A848AF348D3F3: successfully added the DNS mapping addition for this request: Type: 0 (CHG_ADD)
Forward Change: yes
Reverse Change: yes
FQDN: [host01.internal.]
IP Address: [10.20.30.40]
DHCID: [000201B0E0B8DAF410D5E089236F7462BDCB78A628FBA03A6D38ADF43A848AF348D3F3]
Lease Expires On: 20230807161112
Lease Length: 216
Conflict Resolution: no
2023-08-07 18:07:36.674 INFO [kea-dhcp-ddns.d2-to-dns/1587] DHCP_DDNS_REMOVE_SUCCEEDED DHCP_DDNS Request ID 000201B0E0B8DAF410D5E089236F7462BDCB78A628FBA03A6D38ADF43A848AF348D3F3: successfully removed the DNS mapping addition for this request: Type: 1 (CHG_REMOVE)
Forward Change: yes
Reverse Change: yes
FQDN: [host01.internal.]
IP Address: [10.20.30.40]
DHCID: [000201B0E0B8DAF410D5E089236F7462BDCB78A628FBA03A6D38ADF43A848AF348D3F3]
Lease Expires On: 20230807154204
Lease Length: 216
Conflict Resolution: no
**To Reproduce**
Steps to reproduce the behavior:
1. Run Kea dhcp4 with the following settings enabled:
"ddns-update-on-renew": true,
"ddns-use-conflict-resolution": false
2. A few hunderd vm's doing a renew every 1800 seconds
3. wait and randomly some hosts lose their dns record's
4. See error above
**Expected behavior**
we expect that kea ddns *always* does a CHG_REMOVE before a CHG_ADD
**Environment:**
- Kea version: 2.4.0 with default multithreading on, package installed via cloudsmith debian repo
- OS: Debian 11
- ha is enabled with default multithreading on, hot-standby
- auth dns server is powerdns 4.8.1
**Additional Information**
we only use dhcp4, no dhcp6
we configured powerdns with distributor-threads=1 and reuseport=no
The kea and (power)dns vm's didn't have high cpu usage or iowait, they weren't overload in any way.
**Contacting you**
contact via gitlab or emailnext-stable-2.6https://gitlab.isc.org/isc-projects/kea/-/issues/3006Kea fails to listen alongside dnsmasq, but doesn't report a failure2023-10-25T11:41:34ZZenKea fails to listen alongside dnsmasq, but doesn't report a failureUsing Gentoo with kernel 6.1.41 and net-misc/kea-2.2.0-1::gentoo USE="filecaps openssl samples -debug -doc -mysql -postgres -shell -test" PYTHON_SINGLE_TARGET="python3_11 -python3_10" 0 KiB
Kea starts without an error:
```
kea-dhcp4 -...Using Gentoo with kernel 6.1.41 and net-misc/kea-2.2.0-1::gentoo USE="filecaps openssl samples -debug -doc -mysql -postgres -shell -test" PYTHON_SINGLE_TARGET="python3_11 -python3_10" 0 KiB
Kea starts without an error:
```
kea-dhcp4 -c /etc/kea/kea-dhcp4.conf -d
2023-08-08 10:44:58.401 DEBUG [kea-dhcp4.dhcp4/8231.140323795412096] DHCP4_START_INFO pid: 8231, server port: 67, client port: 0, verbose: yes
2023-08-08 10:44:58.402 INFO [kea-dhcp4.dhcp4/8231.140323795412096] DHCP4_STARTING Kea DHCPv4 server version 2.2.0-gentoo (stable) starting
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.dhcp4/8231.140323795412096] DHCP4_OPEN_SOCKET opening service sockets on port 67
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command list-commands registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command build-report registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command config-backend-pull registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command config-get registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command config-reload registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command config-set registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command config-test registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command config-write registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command dhcp-enable registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command dhcp-disable registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command libreload registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command leases-reclaim registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command server-tag-get registered
2023-08-08 10:44:58.402 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command shutdown registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command status-get registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command version-get registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-get registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-reset registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-remove registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-get-all registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-reset-all registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-remove-all registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-sample-age-set registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-sample-age-set-all registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-sample-count-set registered
2023-08-08 10:44:58.403 DEBUG [kea-dhcp4.commands/8231.140323795412096] COMMAND_REGISTERED Command statistic-sample-count-set-all registered
```
but does not actually listen on any ports. I think it does this when dnsmasq is listening on 0.0.0.0, but I defined both interfaces for it to listen on with:
```
"interfaces": [ "fib.lan/10.10.10.1", "ethernet2/192.168.2.1" ]
```
Stopping dnsmasq (which was started by libvirtd) resolves this, but I was able to run ISC this way.outstandinghttps://gitlab.isc.org/isc-projects/kea/-/issues/3007Kea builds are not reproducible2024-02-28T12:06:07ZSudip MukherjeeKea builds are not reproducible---
name: Bug report
about: The latest version of kea is failing the reproducible build as it adds the build path in kea-admin script.
---
**Describe the bug**
The latest version of kea is failing the reproducible build as it adds the ...---
name: Bug report
about: The latest version of kea is failing the reproducible build as it adds the build path in kea-admin script.
---
**Describe the bug**
The latest version of kea is failing the reproducible build as it adds the build path in kea-admin script.
**To Reproduce**
Steps to reproduce the behavior:
1. Build kea
2. Again build kea at a different build location
3. Use diffoscope to compare kea-admin
4. See error
The result can be seen at https://autobuilder.yocto.io/pub/repro-fail/oe-reproducible-20230806-_h282f1z/packages/diff-html/
**Expected behavior**
The built kea-admin should not contain any reference to build path.
**Environment:**
- Kea version: v2.5.0
- OS: All
- Which features were compiled in (in particular which backends): NA
- If/which hooks where loaded in: NA
**Additional Information**
The attached patch will fix the reproducible build and verified with diffoscope. [0001-kea-fix-reproducible-build-failure.patch](/uploads/7b4b13a72d4953a65e6768bdc4f78483/0001-kea-fix-reproducible-build-failure.patch)
**Contacting you**
Please email at sudipm.mukherjee@gmail.comoutstandinghttps://gitlab.isc.org/isc-projects/kea-docker/-/issues/11Add mariadb and postgresql dockers2023-08-10T10:55:21ZWlodzimierz WencelAdd mariadb and postgresql dockers- [ ] add postgresql docker that will use kea-admin to prepare database
- [ ] add mariadb docker that will use kea-admin to prepare database
solution must be based on official mariadb and postgresql dockers- [ ] add postgresql docker that will use kea-admin to prepare database
- [ ] add mariadb docker that will use kea-admin to prepare database
solution must be based on official mariadb and postgresql dockershttps://gitlab.isc.org/isc-projects/kea-docker/-/issues/12Add radius/netconf docker2023-08-28T07:21:01ZWlodzimierz WencelAdd radius/netconf dockerWe need to have separate docker that would run radius serverWe need to have separate docker that would run radius serverhttps://gitlab.isc.org/isc-projects/kea-docker/-/issues/13add bind 9 docker2023-08-30T16:55:46ZWlodzimierz Wenceladd bind 9 dockerNot really for distribution but mostly for testingNot really for distribution but mostly for testinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/4254zonechecks died mid test2023-08-10T13:14:02ZMark Andrewszonechecks died mid testJob [#3577320](https://gitlab.isc.org/isc-private/bind9/-/jobs/3577320) failed for isc-private/bind9@51f47c4d045f50dd0e72573cd573a5031261fed4:
zonechecks died mid test possibly fallout from setting `-e`.
```
2023-08-10 07:15:03 INFO:zo...Job [#3577320](https://gitlab.isc.org/isc-private/bind9/-/jobs/3577320) failed for isc-private/bind9@51f47c4d045f50dd0e72573cd573a5031261fed4:
zonechecks died mid test possibly fallout from setting `-e`.
```
2023-08-10 07:15:03 INFO:zonechecks I:zonechecks_tmp_w6aef5m0:checking that we detect a NS which looks like a AAAA record (fail)
2023-08-10 07:15:03 INFO:zonechecks I:zonechecks_tmp_w6aef5m0:checking that we detect a NS which looks like a AAAA record (warn=default)
2023-08-10 07:15:03 INFO:zonechecks I:zonechecks_tmp_w6aef5m0:checking that we detect a NS which looks like a AAAA record (ignore)
2023-08-10 07:15:03 INFO:zonechecks I:zonechecks_tmp_w6aef5m0:checking 'rdnc zonestatus' output
2023-08-10 07:15:03 INFO:zonechecks I:zonechecks_tmp_w6aef5m0:ns1 zone reload queued
```Not plannedhttps://gitlab.isc.org/isc-projects/kea-quick-config/-/issues/38change logging to: output-options as output_options has been deprecated2023-08-14T19:32:48ZDarren Ankneychange logging to: output-options as output_options has been deprecatedThis is as of 2.4.0. Perhaps add a warning on the screen about this in case someone using this is using something less than 2.4.0 (where this change won't work).This is as of 2.4.0. Perhaps add a warning on the screen about this in case someone using this is using something less than 2.4.0 (where this change won't work).futurehttps://gitlab.isc.org/isc-projects/bind9/-/issues/4256implement 0x202023-08-22T16:07:55ZEvan Huntimplement 0x20A recent conversation on dnsop reminded me that several of the open source servers have implemented the 0x20 draft, and now google public DNS has done so as well, and we still haven't.
The idea is to add entropy to outgoing queries by r...A recent conversation on dnsop reminded me that several of the open source servers have implemented the 0x20 draft, and now google public DNS has done so as well, and we still haven't.
The idea is to add entropy to outgoing queries by randomizing the case of letters in the query name. There are two parts to this:
1. The resolver requires responses to have an exact bit-for-bit copy of the name that was sent, and ignores responses that don't. We'd probably need a `server` option to relax this requirement in the event that a remote server was known to be responding persistently with the QNAME downsized. (This is arguably something we might want to do just for the sake of better protocol compliance; our current practice of case-insensitive QNAME matching seems a little iffy to me.)
2. When sending queries, the resolver randomly capitalizes letters in query names. We'd need a `view` option to decide whether to do this. For a first iteration I'd default to off.
Pros:
- cheap way to increase entropy, so why not
- ticks off a feature-parity box with unbound, knot resolver, google public DNS, probably others
Cons:
- doesn't add much entropy for short QNAMEs, which are more frequent now with QNAME minimization, and kinda important
- some increase in complexity
- may break resolution with some servers that work now
- we already have DNS COOKIE and should prioritize thatNot plannedEvan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/stork/-/issues/1139Any plans to implement DHCP Bulk Leasequery?2023-09-12T13:35:24Zfue36Any plans to implement DHCP Bulk Leasequery?---
name: Feature request
about: Suggest an idea for this project
---
Command support added to leasequery hook in Kea-DHCP as of 2.3.5 on dhcp-4 and dhcp-6 when using memfile back-end. :smile:
https://kea.readthedocs.io/en/latest/arm/...---
name: Feature request
about: Suggest an idea for this project
---
Command support added to leasequery hook in Kea-DHCP as of 2.3.5 on dhcp-4 and dhcp-6 when using memfile back-end. :smile:
https://kea.readthedocs.io/en/latest/arm/hooks.html#lease-query-leasequerybackloghttps://gitlab.isc.org/isc-projects/kea/-/issues/3013Prepared statement needs to be re-prepared2023-08-24T13:27:42ZYehuda KatzPrepared statement needs to be re-prepared**Describe the bug**
This probably doesn't qualify as a Kea bug, but I thought it might be worth asking about.
We are running 2 kea servers with a shared MySQL (MariaDB) backend. We recently upgraded from MariaDB 10.3 to MariaDB 10.5.
W...**Describe the bug**
This probably doesn't qualify as a Kea bug, but I thought it might be worth asking about.
We are running 2 kea servers with a shared MySQL (MariaDB) backend. We recently upgraded from MariaDB 10.3 to MariaDB 10.5.
We replaced the `hosts` table with a `hosts_history` TABLE (added a `deleted_at` column to allow for keeping host history) and a `hosts` VIEW that only shows non-deleted items. This has been working for us for many years.
Everything seems to work for a while until randomly, we start getting errors for systems with host reservations.
The error in the log is:
```
2023-08-14 18:52:59.613 DEBUG [kea-dhcp4.bad-packets/169655.139690552555648] DHCP4_PACKET_DROP_0007 [hwtype=1 xx:xx:xx:xx:xx:17], cid=[no info], tid=0xee1b36c3
: failed to process packet: unable to execute for <SELECT h.host_id, h.dhcp_identifier, h.dhcp_identifier_type, h.dhcp4_subnet_id, h.dhcp6_subnet_id, h.ipv4_address, h.hostname, h.dhcp4_client_classes, h.dhcp6_client_classes, h.us
er_context, h.dhcp4_next_server, h.dhcp4_server_hostname, h.dhcp4_boot_file_name, h.auth_key, o.option_id, o.code, o.value, o.formatted_value, o.space, o.persistent, o.user_context FROM hosts AS h LEFT JOIN dhcp4_options AS o ON h
.host_id = o.host_id WHERE h.dhcp4_subnet_id = ? AND h.dhcp_identifier_type = ? AND h.dhcp_identifier = ? ORDER BY h.host_id, o.option_id>, reason: Prepared statement needs to be re-prepared (error code 1615)
```
When this happens, the host making the request gets no response, not even an error. (Similar to #281?)
It is not clear exactly how to reproduce this error. We even created a completely new copy of the database using `kea-admin` and it ran fine for just less than 24 hours before stopping with the same error.
**To Reproduce**
Steps to reproduce the behavior:
1. Create a MySQL database. Rename the `hosts` table to `hosts_history` and create a VIEW for `hosts`:
```sql
CREATE VIEW `hosts` AS select distinct `hosts_history`.`host_id` AS `host_id`,
`hosts_history`.`dhcp_identifier` AS `dhcp_identifier`,`hosts_history`.`dhcp_identifier_type` AS `dhcp_identifier_type`,
`hosts_history`.`dhcp4_subnet_id` AS `dhcp4_subnet_id`,`hosts_history`.`dhcp6_subnet_id` AS `dhcp6_subnet_id`,
`hosts_history`.`ipv4_address` AS `ipv4_address`,`hosts_history`.`hostname` AS `hostname`,`hosts_history`.`dhcp4_client_classes` AS `dhcp4_client_classes`,
`hosts_history`.`dhcp6_client_classes` AS `dhcp6_client_classes`,`hosts_history`.`dhcp4_next_server` AS `dhcp4_next_server`,
`hosts_history`.`dhcp4_server_hostname` AS `dhcp4_server_hostname`,`hosts_history`.`dhcp4_boot_file_name` AS `dhcp4_boot_file_name`,
`hosts_history`.`user_context` AS `user_context`,`hosts_history`.`auth_key` AS `auth_key`
from `hosts_history` where `hosts_history`.`deleted` IS NULL
```
1. Run Kea dhcp4 with standard mysql configuration
1. The client uses the standard linux dhclient or the Nagios `check_dhcp` plugin.
1. The server usually send standard responses except sometimes when it logs this error and sends no response.
**Expected behavior**
1. Valid responses should always be sent
2. An error should be sent back to the client when there is a server error.
**Environment:**
- Kea version: Supplied from RHEL9 EPEL respository
```
# kea-dhcp4 -V
2.2.0
tarball
linked with:
log4cplus 2.0.5
OpenSSL 3.0.7 1 Nov 2022
database:
MySQL backend 14.0, library 3.2.6
PostgreSQL backend 13.0, library 130011
Memfile backend 2.1
```
- OS: RHEL 9.2outstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/4261Detect unexpected files created during system test run with pytest runner2023-12-06T15:51:28ZTom KrizekDetect unexpected files created during system test run with pytest runner> we should have a check whether the named haven't produced any unexpected files. But that's only tangential to cleaning up the cruft. Perhaps this can take a form of .gitignore(?) with expected files for each test.
https://gitlab.isc.o...> we should have a check whether the named haven't produced any unexpected files. But that's only tangential to cleaning up the cruft. Perhaps this can take a form of .gitignore(?) with expected files for each test.
https://gitlab.isc.org/isc-projects/bind9/-/issues/4246#note_395492
Related #3810Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/3015Post audit: update docs2023-09-21T10:10:46ZTomek MrugalskiPost audit: update docs@manu completed an audit and pointed the following problems [in his report](https://gitlab.isc.org/isc-private/kea/-/wikis/Kea-Security-Review-02-2023):
- [ ] 2. Elaborate more about \[meta\] package, in particular how to run only selec...@manu completed an audit and pointed the following problems [in his report](https://gitlab.isc.org/isc-private/kea/-/wikis/Kea-Security-Review-02-2023):
- [ ] 2. Elaborate more about \[meta\] package, in particular how to run only selected service. Looks like a good idea also to update the security section and point out that one should only run the services that are strictly needed.
- [ ] 3. Elaborate more about `interface` requirement for making the service running in [ARM QuickStart section](https://kea.readthedocs.io/en/kea-2.2.0/arm/quickstart.html#quick-start-guide-for-dhcpv4-and-dhcpv6-services) - this should be easy, a sentence or two pointing out that binding address is by default set to defensive 127.0.0.1.
- [ ] 4. Correct references in configs
- [ ] 5. Clarify sentence in DDNS (it's `dhcp-ddns` in `Dhcp4` or `Dhcp6`)
- [ ] 6. Clarify about sockets open by default (add something like this "While Kea doesn't open any sockets by default on its own, the default configs shipped with packages do define some socket and Kea opens them).next-stable-2.6https://gitlab.isc.org/isc-projects/bind9/-/issues/4268There is a performance waste in the rpz check2023-08-22T07:06:22ZMr BenThere is a performance waste in the rpz check
### Summary
This is not a strict bug, it should belong to performance optimization.
When using rpz, if a domain name contains a cname domain name, the domain name will go through multiple rpz checks.
### BIND version used
```
BIND 9....
### Summary
This is not a strict bug, it should belong to performance optimization.
When using rpz, if a domain name contains a cname domain name, the domain name will go through multiple rpz checks.
### BIND version used
```
BIND 9.16.11 (Stable Release) <id:5218cdf>
running on Linux x86_64 3.10.0-1160.45.1.el7.x86_64 #1 SMP Wed Oct 13 17:20:51 UTC 2021
built by make with '--enable-dnstap' '--enable-epoll' '--with-dlz-filesystem' '--with-libjson' '--with-libtool' '--enable-dnsdrps' '--prefix=/data/named/' 'CFLAGS= -O0 -g -DDEBUG' 'PKG_CONFIG_PATH=/usr/local/lib/pkgconfig'
compiled by GCC 4.8.5 20150623 (Red Hat 4.8.5-44)
compiled with OpenSSL version: OpenSSL 1.1.1p 21 Jun 2022
linked to OpenSSL version: OpenSSL 1.1.1k FIPS 25 Mar 2021
compiled with libuv version: 1.43.0
linked to libuv version: 1.43.0
compiled with libxml2 version: 2.9.1
linked to libxml2 version: 20901
compiled with json-c version: 0.11
linked to json-c version: 0.11
compiled with zlib version: 1.2.7
linked to zlib version: 1.2.7
compiled with protobuf-c version: 1.3.0
linked to protobuf-c version: 1.3.0
threads support is enabled
default paths:
named configuration: /data/named/etc/named.conf
rndc configuration: /data/named/etc/rndc.conf
DNSSEC root key: /data/named/etc/bind.keys
nsupdate session key: /data/named/var/run/named/session.key
named PID file: /data/named/var/run/named/named.pid
named lock file: /data/named/var/run/named/named.lock
```
### Steps to reproduce
```
options {
response-policy {
zone "in-addr.arpa.";
};
};
zone "in-addr.arpa." {
type primary;
file "badlist.zone";
allow-query {none;};
};
```
### What is the current *bug* behavior?
It is not reflected in the function, but it is reflected in the code logic.
```
eg:
dig @127.0.0.1 www.microsoft.com
;; ANSWER SECTION:
www.microsoft.com. 1496 IN CNAME www.microsoft.com-c-3.edgekey.net.
www.microsoft.com-c-3.edgekey.net. 247 IN CNAME www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net.
www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net. 203 IN CNAME e13678.ca2.s.tl88.net.
e13678.ca2.s.tl88.net. 158 IN A 218.58.101.49
```
The rpz module checks the following domain names twice, which is a huge waste of performance:
www.microsoft.com, www.microsoft.com-c-3.edgekey.net, www.microsoft.com-c-3.edgekey.net.globalredir.akadns.net
### What is the expected *correct* behavior?
Each domain name is checked only once。
### Relevant configuration files
```
Configure the rpz module normally:
options {
response-policy {
zone "in-addr.arpa.";
};
};
zone "in-addr.arpa." {
type primary;
file "badlist.zone";
allow-query {none;};
};
and the file of badlist.zone is:
$TTL 1H
@ SOA LOCALHOST. named-mgr.example.com (1 1h 15m 30d 2h)
NS LOCALHOST.
nxdomain.domain.com CNAME . ; NXDOMAIN policy
```
### Relevant logs and/or screenshots
none.
### Possible fixes
The call of the rpz module should be migrated from query_gotanswer to before query_gotanswer:
```
if (!RECURSING(qctx->client) &&
!dns_name_equal(qctx->client->query.qname, dns_rootname))
{
result = query_checkrpz(qctx, result);
if (result == ISC_R_COMPLETE) {
return (ns_query_done(qctx));
}
}
```
After the query resume function is triggered, it will execute to ns_query_start. It is not necessary to call rpz in query_gotanswer after query_resume, but call rpz in ns_query_start, which reduces the number of rpz calls.Long-termhttps://gitlab.isc.org/isc-projects/bind9/-/issues/4272stress:rpz:fedora:38:arm64 crashed (async_restart at query.c:5843)2023-10-03T15:24:25ZMichal Nowakstress:rpz:fedora:38:arm64 crashed (async_restart at query.c:5843)After one minute runtime, the `stress:rpz:fedora:38:arm64` [crashed](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3599502) on `main`.
```
Core was generated by `/builds/isc-projects/bind9/.local/usr/local/sbin/named -f -c ./named.co...After one minute runtime, the `stress:rpz:fedora:38:arm64` [crashed](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3599502) on `main`.
```
Core was generated by `/builds/isc-projects/bind9/.local/usr/local/sbin/named -f -c ./named.conf'.
Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x0000ffff9949e5e0 in async_restart (arg=0xffff15302000) at query.c:5843
5843 isc_mem_put(client->manager->mctx, qctx, sizeof(*qctx));
[Current thread is 1 (Thread 0xffff96cfe300 (LWP 24042))]
#0 0x0000ffff9949e5e0 in async_restart (arg=0xffff15302000) at query.c:5843
#1 0x0000ffff99755b10 in isc__async_cb (handle=<optimized out>) at async.c:111
#2 0x0000ffff98cda0c0 in uv__async_io (loop=0xffff974830a0, w=0xffff97483270, events=1) at /usr/src/libuv-v1.46.0/src/unix/async.c:176
#3 0x0000ffff98cf6d0c in uv__io_poll (loop=0xffff974830a0, timeout=5) at /usr/src/libuv-v1.46.0/src/unix/linux.c:1476
#4 0x0000ffff98cdb084 in uv_run (loop=0xffff974830a0, mode=UV_RUN_DEFAULT) at /usr/src/libuv-v1.46.0/src/unix/core.c:447
#5 0x0000ffff99768800 in loop_thread (arg=arg@entry=0xffff97483080) at loop.c:282
#6 0x0000ffff997787c8 in thread_body (wrap=wrap@entry=0x3e733a90) at thread.c:85
#7 0x0000ffff997787f8 in thread_run (wrap=0x3e733a90) at thread.c:100
#8 0x0000ffff9861bc74 in start_thread () from /lib64/libc.so.6
#9 0x0000ffff9868925c in thread_start () from /lib64/libc.so.6
```
[core.24039-backtrace.txt](/uploads/61b63bae17f042b4dc2d1153cc9948dc/core.24039-backtrace.txt)
[named.log](/uploads/10dd091e5632bfcc7457c0f367874b4b/named.log)
On [retry](https://gitlab.isc.org/isc-projects/bind9/-/jobs/3600371) it didn't immediately crash.Not plannedhttps://gitlab.isc.org/isc-projects/kea/-/issues/3018motd (message of the day) in kea2023-08-24T13:35:43ZTomek Mrugalskimotd (message of the day) in keaWe could implement a message in Kea, the if configured, would be logged when Kea is started or reconfigured. Trivial to implement.
This would be useful in Docker. We need to put some config file in a Docker image, with the expectation t...We could implement a message in Kea, the if configured, would be logged when Kea is started or reconfigured. Trivial to implement.
This would be useful in Docker. We need to put some config file in a Docker image, with the expectation that the user will replace it with a real config. If the user doesn't, Kea should start, but print something like "please edit your config file, map your volume when starting Docker image, etc.". The text would be configurable in a config file.
This is similar to Unix idea of `/etc/motd` (its content is printed as a welcome message to the user every time he/she logs in).backlog