ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2019-01-10T12:46:48Zhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/24Invalid JSON produced under certain options2019-01-10T12:46:48ZGhost UserInvalid JSON produced under certain optionsIn several cases, but for example with -j (json output) -E (EDNS only) the output is an invalid JSON document. The problem lies in the array of tests and the splitting of its values. Looking at the text output its error is tests:
{ , d...In several cases, but for example with -j (json output) -E (EDNS only) the output is an invalid JSON document. The problem lies in the array of tests and the splitting of its values. Looking at the text output its error is tests:
{ , dns:ok edns:ok ....
So because its limited tests it leaves a first , in the tests output. Removing this single character fixes the broken JSON. please restructure the building of the JSON output and validate the JSON when outputting to prevent these errorshttps://gitlab.isc.org/isc-projects/dhcp/-/issues/22[keama] dhcp4 option 67 wrong name2019-11-12T15:01:31ZChris[keama] dhcp4 option 67 wrong nameI used keama quite successfully to convert an existing ISC-dhcpd config to use as template (awesome work!), but came upon an incomplete conversion of dhcp4 option 67: bootfile-name
Kea config uses the name "boot-file-name", but keama ou...I used keama quite successfully to convert an existing ISC-dhcpd config to use as template (awesome work!), but came upon an incomplete conversion of dhcp4 option 67: bootfile-name
Kea config uses the name "boot-file-name", but keama outputs "bootfile-name".
isc-dhcpd source:
```
option bootfile-name "boot.pxe"
```
keama output:
```
"option-data": [
{
"space": "dhcp4",
"name": "bootfile-name",
"code": 67,
"data": "boot.pxe"
}
]
```
While discussions can (and maybe should) be held whether the kea name is "incorrect" in the first place (both RFC2132 and kea's own [KB](https://kb.isc.org/docs/aa-01323) for supported options refer to it as "Bootfile Name") or should support both versions, the goal of keama is to create valid kea configs and should output "boot-file-name".4.4.2Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/stork/-/issues/20Create the initial Stork database schema and the migrations tooling2019-10-17T14:42:41ZMarcin SiodelskiCreate the initial Stork database schema and the migrations toolingWe need initial version of the database which requires tables for storing users and passwords as well as the tables for sessions. There should be a way to create this database using the *migrations* tool.We need initial version of the database which requires tables for storing users and passwords as well as the tables for sessions. There should be a way to create this database using the *migrations* tool.Stork-0.1https://gitlab.isc.org/isc-projects/stork/-/issues/26Create stub stork agent with the code generated by grpc.2019-10-24T07:55:58ZMarcin SiodelskiCreate stub stork agent with the code generated by grpc.The Stork agent will be running on the remote machine and "talk" to the services running there. Initially the Stork agent will be installed manually by the administrator. The server will use grpc to communicate with the agent. This ticke...The Stork agent will be running on the remote machine and "talk" to the services running there. Initially the Stork agent will be installed manually by the administrator. The server will use grpc to communicate with the agent. This ticket creates the stub agent implementation and returns basic information about itself, e.g. its version.Stork-0.1Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/stork/-/issues/22Integrate sessions mechanism with the backend and connect to the logging page2019-11-04T21:44:11ZMarcin SiodelskiIntegrate sessions mechanism with the backend and connect to the logging pageWe have a stub logging page, but we now have to enable logging in the database and integrate it with the sessions mechanism via scs. This will require adding sessions to the goswagger spec and appropriate action to create/refresh the ses...We have a stub logging page, but we now have to enable logging in the database and integrate it with the sessions mechanism via scs. This will require adding sessions to the goswagger spec and appropriate action to create/refresh the session.Stork-0.1https://gitlab.isc.org/isc-projects/bind9/-/issues/22Do an crypto algorithm audit and remove obsolete / insecure crypto algorithms2023-12-22T10:28:30ZOndřej SurýDo an crypto algorithm audit and remove obsolete / insecure crypto algorithmsThis is like a general and recurring issue. For each release we should review the used crypto algorithms and remove/deprecate the insecure and obsolete algorithms (RSAMD5 was a fine example)? Perhaps also change the recommended and def...This is like a general and recurring issue. For each release we should review the used crypto algorithms and remove/deprecate the insecure and obsolete algorithms (RSAMD5 was a fine example)? Perhaps also change the recommended and default algorithms.BIND-9.13.6Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/25DNS-Flag-day fail condition(s) is not clearly explained2019-01-10T07:42:02ZGhost UserDNS-Flag-day fail condition(s) is not clearly explainedThe website states that you 'must not have timeout result in any of plain DNS and EDNS version 0 test' and in the DNS Administrators part, however in the DNS software developers part is states 'This effectivelly means that all DNS server...The website states that you 'must not have timeout result in any of plain DNS and EDNS version 0 test' and in the DNS Administrators part, however in the DNS software developers part is states 'This effectivelly means that all DNS servers which do not respond at all to EDNS queries are going to be treated as dead'
Should the part for owners not be more elaborate stating the same issue combining if ALL nameservers report suchs errors and the tool only reports a FAIL if this is the case. In same events the tool reports a zone error, simply because a zone with 3 NS (dual stacked) has a only 1 nameserver with broken IPv6 will be considered broken.
So the test should say FAIL if _all_ nameservers are really broken, or report FAIL_UNDER_CONDITIONS saying it might work now, but failure of on or more nameserver will not provide the redundancy as expected.
For more less experienced users of the tool it might be prudent to explicitly show which tests are EDNS version 0 and which are not.https://gitlab.isc.org/isc-projects/dhcp/-/issues/23add routing table to all routing configurations2019-06-19T20:00:52ZGhost Useradd routing table to all routing configurations---
name: Feature request
about: I suggest that a way should be provided to define a suitable routing table for each interface managed by dhclient.
My host is a typical 3 interfaces hosts and will get all three interface IPs via DHCP. ...---
name: Feature request
about: I suggest that a way should be provided to define a suitable routing table for each interface managed by dhclient.
My host is a typical 3 interfaces hosts and will get all three interface IPs via DHCP. This includes also a Default GW and so on. The only way to support multiple default interfaces each for a specific host ip is by using multiple routing tables. Currently there is no way to support this from my point of view (CentOs 7.4 / Ubuntu 18.04.02 LTS )
I currently writing some config/restore scripts for dhclient.d but a full support would be better done if the dhclient-script would support a environment variable like all the others like interface which provides the routing table to be used for this interfacehttps://gitlab.isc.org/isc-projects/stork/-/issues/21add detecting base dependencies like java in Rakefile2022-05-11T09:38:13ZMichal Nowikowskiadd detecting base dependencies like java in RakefileThis is a safe net in case something is missing.
Base deps:
- wget
- xz-utils
- java
- gcc
- ubuntu 18.04
- tar
- gzip
- docker-composeThis is a safe net in case something is missing.
Base deps:
- wget
- xz-utils
- java
- gcc
- ubuntu 18.04
- tar
- gzip
- docker-compose1.3https://gitlab.isc.org/isc-projects/stork/-/issues/461Config Review component needed: step 1(design)2021-11-17T11:18:42ZTomek MrugalskiConfig Review component needed: step 1(design)While working on #433 (Stork not able to show stats if stat_cmds hook is not loaded), I realized that there will be many cases like this. Instead of adding specific check for this particular case, I think we need a new component that wil...While working on #433 (Stork not able to show stats if stat_cmds hook is not loaded), I realized that there will be many cases like this. Instead of adding specific check for this particular case, I think we need a new component that will do the Kea config inspection.
For the time being, the checks will be simple:
- if the stat_cmds hook is not loaded, show a note about missing statistics
The code should be written in a way that will be easily extensible with other checks in the future. If possible each entry should be shown as a separate line (maybe an itemized list?). In the far future, we'll probably extend this with a "fix" button that would improve the underlying condition.
Those are not necessarily warnings, more like notes. In many cases it's impossible to tell if certain aspect is a problem or not (e.g. the deployment may not use DB for storing reservations, so they don't care about host cmds). This shouldn't be alarmist.
Here's a bunch of potential things we may check here. Those are out of scope for this ticket. I'm putting them to give you a better perspective how to address the extensibility requirement:
- if the host_cmds hook is not loaded, show a note about being unable to monitor reservations in DB (not included in initial implementation)
- if there is only one subnet in a shared network, suggest disabling shared network;
- if there is in-pool reservation enabled, but there are no in-pool reservations, suggest out-of-pool as better performant;
- if there is custom option definition, but no option-data that uses it, suggest removing unused defintions;
- if there are subnets without any pools and no reservations, suggest removing unused subnets;
- inspect HA configs of both servers and make sure there are no discrepancies;
- it's possible to misconfigure ports in HA+MT configuration, so it's still connecting via CA rather than with DHCP directly.
The follow-up ticket with many more checkers expected is #611.0.22Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/stork/-/issues/558Stork Agent registers with different token on each service/server restart2021-09-07T08:46:54ZToozStork Agent registers with different token on each service/server restartWhen using auto registration to stork server from stork agent side, the same machine registers with different agent token each time, so you have to move it from unauthorised to authorised on each server/service restart, configuration eg:...When using auto registration to stork server from stork agent side, the same machine registers with different agent token each time, so you have to move it from unauthorised to authorised on each server/service restart, configuration eg:
```
STORK_AGENT_SERVER_URL=http://example.com
STORK_AGENT_ADDRESS=111.111.111.111
```
to reproduce this just use the configuration above, restart `isc-stork-agent` and look at the Machines dashboard, it is moved from Authorised to Unauthorised and has different token provided.
Not sure if this behaviour is expected?0.20https://gitlab.isc.org/isc-projects/bind9/-/issues/23DDoS mitigation2023-12-22T10:28:30ZOndřej SurýDDoS mitigationThis is a placeholder bug for general DDoS mitigation techniques that needs to be introduced into BIND to cope with current DNS landscape.This is a placeholder bug for general DDoS mitigation techniques that needs to be introduced into BIND to cope with current DNS landscape.Not plannedhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/26Undefined references in `dotest`2019-01-11T17:43:58ZGhost UserUndefined references in `dotest`On Debian stretch 9.6 I get this error in `make`:
```
make all-am
make[1]: Entering directory '/home/sebastianw/DNS-Compliance-Testing'
CC genreport.o
CCLD genreport
genreport.o: In function `dotest':
/home/sebastianw/DNS-...On Debian stretch 9.6 I get this error in `make`:
```
make all-am
make[1]: Entering directory '/home/sebastianw/DNS-Compliance-Testing'
CC genreport.o
CCLD genreport
genreport.o: In function `dotest':
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1629: undefined reference to `HMAC_CTX_new'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1632: undefined reference to `EVP_sha256'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1632: undefined reference to `HMAC_Init_ex'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1733: undefined reference to `HMAC_CTX_free'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1634: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1640: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1649: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1663: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1677: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1679: undefined reference to `HMAC_Final'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:1687: undefined reference to `HMAC_CTX_free'
genreport.o: In function `process':
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2573: undefined reference to `HMAC_CTX_new'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2577: undefined reference to `EVP_sha256'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2577: undefined reference to `HMAC_Init_ex'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2583: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2586: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2592: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2597: undefined reference to `HMAC_Update'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2602: undefined reference to `HMAC_Update'
genreport.o:/home/sebastianw/DNS-Compliance-Testing/genreport.c:2606: more undefined references to `HMAC_Update' follow
genreport.o: In function `process':
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2620: undefined reference to `HMAC_Final'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2622: undefined reference to `HMAC_CTX_free'
/home/sebastianw/DNS-Compliance-Testing/genreport.c:2846: undefined reference to `HMAC_CTX_free'
collect2: error: ld returned 1 exit status
Makefile:382: recipe for target 'genreport' failed
make[1]: *** [genreport] Error 1
make[1]: Leaving directory '/home/sebastianw/DNS-Compliance-Testing'
Makefile:286: recipe for target 'all' failed
make: *** [all] Error 2
```
The executables are built fine however. Maybe a missing `-lssl` or `-lcrypto` somewhere?https://gitlab.isc.org/isc-projects/dhcp/-/issues/24ISC DHCP crash while using failover function2020-07-03T08:23:53ZGhost UserISC DHCP crash while using failover functionI hit a crash in ISC dhcpd while using the failover function. It appears to be a double free error and happens when the connectivity to peer is broken. (crash signature is attached below)
Please review and share if this is seen before.
D...I hit a crash in ISC dhcpd while using the failover function. It appears to be a double free error and happens when the connectivity to peer is broken. (crash signature is attached below)
Please review and share if this is seen before.
Do you need more information from the system/configuration perspective?
Apparently this is happening on a error scenario of select returning failure in omapi_one_dispatch()
394 /* poll once */
395 count = select(max + 1, &r, &w, &x, &now); >>>> (count < 0)
Also, I would like to know whether ISC has a paid support scheme wherein individuals or corporates get expedited support from ISC.
Thanks,
Isaac.
p.s.
<Crash signature>
```
* #0 0x2ae2e774 in raise (sig=6) at ../nptl/sysdeps/unix/sysv/linux/raise.c:67
* #1 0x2ae302c0 in abort () at abort.c:92
* #2 0x2ae6cb50 in __libc_message (do_abort=<value optimized out>, fmt=0x2af439c0 "*** glibc detected *** %s: %s: 0x%s ***\n") \nat ../sysdeps/unix/sysv/linux/libc_fatal.c:186
* #3 0x2ae73ebc in malloc_printerr (action=3, str=0x2af43c6c "double free or corruption (!prev)", ptr=<value optimized out>) at malloc.c:6267
* #4 0x2ae79d64 in __libc_free (mem=<value optimized out>) at malloc.c:3739
* #5 0x2add1ea8 in mm_chunk_free (handle=<value optimized out>, chunk=0x26d3, caller=<value optimized out>) at mm_chunk.c:186
* #6 0x2add17d8 in mm_free (h=0x528008, ptr=<value optimized out>, caller=<value optimized out>) at mm_main.c:222
* #7 0x0049edf0 in omapi_object_dereference (h=0x7feac178, file=0x4cc2ac "omapip/dispatch.c", line=476) at omapip/alloc.c:695
* #8 0x004a1d30 in omapi_one_dispatch (wo=<value optimized out>, t=0x7feac500) at omapip/dispatch.c:476
* #9 0x0043223c in dispatch () at dispatch.c:92
* #10 0x00462da4 in main (argc=<value optimized out>, argv=<value optimized out>) at dhcpd.c:1555
```
**To Reproduce**
Steps to reproduce the behavior:
1. Run dhcpd with 5 /24 pools and failover function to one peer
2. Connectivity among the peer goes off
3. The server then crashed
**Environment:**
- ISC DHCP version: which release? dhcpd-4.1-ESV-R12-P1
- OS: [e.g. Ubuntu 16.04 x64] Kernel 2.6.32
**Funding its development**
Is there a paid support contract option with ISC?
**Contacting you**
Email: isaactheogaraj@gmail.comOutstandinghttps://gitlab.isc.org/isc-projects/bind9/-/issues/24Remove compilation without DNSSEC2023-12-22T10:28:30ZOndřej SurýRemove compilation without DNSSECRemove support to compile without DNSSEC. Either OpenSSL or PKCS11 would be mandatory to compile BIND.Remove support to compile without DNSSEC. Either OpenSSL or PKCS11 would be mandatory to compile BIND.BIND-9.13.1Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/kea/-/issues/24script to install yang models2018-09-12T17:29:06ZFrancis Dupontscript to install yang models```pkg-config libsysrepo --variable=SR_REPOSITORY_LOC``` returns the sysrepo repository directory so we can:
- use it in configure to set a autoconf variable to it
- update the script in tools to do the same thing
- provide a scrip...```pkg-config libsysrepo --variable=SR_REPOSITORY_LOC``` returns the sysrepo repository directory so we can:
- use it in configure to set a autoconf variable to it
- update the script in tools to do the same thing
- provide a script in the `models` directory to install it. As it should be run once it is enough.
- update the documentation (i.e. `netconf.xml`)
- port this to kea-yangKea1.5-beta1Francis DupontFrancis Duponthttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/27all OK when it should be warning?2022-12-27T13:15:00ZGhost Userall OK when it should be warning?My understanding is that edns1=ok should result in a warning. on some domains the web based tool repeatedly returns 'all ok' even though the dig output shows ok for edns1.
example
https://ednscomp.isc.org/ednscomp/f04f6d9052My understanding is that edns1=ok should result in a warning. on some domains the web based tool repeatedly returns 'all ok' even though the dig output shows ok for edns1.
example
https://ednscomp.isc.org/ednscomp/f04f6d9052https://gitlab.isc.org/isc-projects/dhcp/-/issues/25unable to send option 66 in offer message2019-07-16T19:40:23ZGhost Userunable to send option 66 in offer messagei have included the following 2 lines in the dhcp.conf, but DHCP server is not sending option 66 in the offer for a received DISCOVER. my requirement is to must send the option 66 in OFFER, irrespective of the requested option list from ...i have included the following 2 lines in the dhcp.conf, but DHCP server is not sending option 66 in the offer for a received DISCOVER. my requirement is to must send the option 66 in OFFER, irrespective of the requested option list from client DISCOVER.
option boot-server code 66 = string;
option tftp-server-name "192.168.50.11";Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/bind9/-/issues/25Revise what gets linked where and improve overlinking/underlinking2023-12-22T10:28:30ZOndřej SurýRevise what gets linked where and improve overlinking/underlinkingEspecially the non-essential libraries. As an example the optional libraries like libgeoip, libxml2, libjson are linked to libisc.Especially the non-essential libraries. As an example the optional libraries like libgeoip, libxml2, libjson are linked to libisc.https://gitlab.isc.org/isc-projects/kea/-/issues/25move daemon code out of dhcpsrv library2018-09-10T09:33:46ZFrancis Dupontmove daemon code out of dhcpsrv library`daemon.{h,cc}` defines a few common things: get version, pid file, config file, ...
It should clearly be moved from the dhcpsrv library to somewhere else. A few proposals:
- move it the process library (make sense but add a dependenc...`daemon.{h,cc}` defines a few common things: get version, pid file, config file, ...
It should clearly be moved from the dhcpsrv library to somewhere else. A few proposals:
- move it the process library (make sense but add a dependency to old server code)
- move it to config (or similar) library
- move it to its own library
IMHO the last option is the best one but some can have a concern with an increasing number of libraries.Kea1.5-beta1Tomek MrugalskiTomek Mrugalski