ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2019-01-14T12:17:22Zhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/28ednscomp web interface: empty answer for softel.cz.2019-01-14T12:17:22ZPetr Špačekpspacek@isc.orgednscomp web interface: empty answer for softel.cz.testing domain `softel.cz.` on ednscomp.isc.org produces an empty page with green `Ok`
That is confusing - could it print an explanatory message in this case?
Thank you!testing domain `softel.cz.` on ednscomp.isc.org produces an empty page with green `Ok`
That is confusing - could it print an explanatory message in this case?
Thank you!https://gitlab.isc.org/isc-projects/dhcp/-/issues/26ieee.org oui.txt URL moved2021-01-18T17:49:11ZTommy Smithieee.org oui.txt URL moved---
name: Bug report - ieee.org oui.txt URL moved
about: The location of the oui.txt file has been moved on the ieee.org website to a new URL.
---
**Describe the bug**
The URL for the oui.txt file on ieee.org has changed.
To get manufac...---
name: Bug report - ieee.org oui.txt URL moved
about: The location of the oui.txt file has been moved on the ieee.org website to a new URL.
---
**Describe the bug**
The URL for the oui.txt file on ieee.org has changed.
To get manufacturer names please download http://standards.ieee.org/regauth/oui/oui.txt to /usr/local/etc/oui.txt
**To Reproduce**
Steps to reproduce the behavior:
1. Remove /usr/local/etc/oui.txt
2. Run dhcp-lease-list
3. See message to "To get manufacturer names please download http://standards.ieee.org/regauth/oui/oui.txt to /usr/local/etc/oui.txt"
4. Attempt to download http://standards.ieee.org/regauth/oui/oui.txt
5. Get 404 error from ieee.org
**Expected behavior**
Message from dhcp-list-list should be as follows:
To get manufacturer names please download http://standards-oui.ieee.org/oui.txt to /usr/local/etc/oui.txt
**Environment:**
- ISC DHCP version: 4.3.5 to current
- OS: e.g. Ubuntu 18.04 x64
**Additional Information**
I have a patch ready to go that updates /contrib/dhcp-lease-list.pl with the correct URL.
I need to have permissions to push the branch and then make the merge request.
**Describe the solution you'd like**
I would like permission to push a branch and then submit a merge request with the fix.
**Funding its development**
ISC DHCP is run by ISC, which is a small non-profit organization without any government funding or
any permanent sponsorship organizations. Are you able and willing to participate financially in the
development costs? No.
**Participating in development**
Are you willing to participate in the feature development? ISC team always tries to make a feature
as generic as possible, so it can be used in wide variety of situations. That means the proposed
solution may be a bit different that you initially thought. Are you willing to take part in the
design discussions? Are you willing to test an unreleased engineering code? Yes.
**Contacting you**
How can ISC reach you to discuss this matter further? If you do not specify any means such as
e-mail, jabber id or a telephone, we may send you a message on github with questions when we have
them. Yes4.4.2https://gitlab.isc.org/isc-projects/bind9/-/issues/26Switch to IDNA2008 non-transitional processing (and use libidn2 for that)2023-12-01T10:23:29ZOndřej SurýSwitch to IDNA2008 non-transitional processing (and use libidn2 for that)Copied here from https://bugs.isc.org/Ticket/Display.html?id=36101
The most current (and maintained) implementation of IDNA is libidn2 and that what we should be using. Moreover the DNS world just needs to bite the bullet and switch to...Copied here from https://bugs.isc.org/Ticket/Display.html?id=36101
The most current (and maintained) implementation of IDNA is libidn2 and that what we should be using. Moreover the DNS world just needs to bite the bullet and switch to IDNA2008 non-transitional processing and finally be done with that.
Firefox, curl and wget have already switched to IDNA2008 non-transitional, and it's not like dig/host/nslookup IDNA processing would have any security implications like with the web browser software.BIND-9.13.0Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/29Issues with OpenSSL2019-01-21T00:59:58ZGhost UserIssues with OpenSSLI am unable to get the ./configure && make && make install to complete successfully. OpenSSL is on the box, but I am running into this error
./configure: line 4730: syntax error near unexpected token `OPENSSL,'
./configure: line 4730: `...I am unable to get the ./configure && make && make install to complete successfully. OpenSSL is on the box, but I am running into this error
./configure: line 4730: syntax error near unexpected token `OPENSSL,'
./configure: line 4730: ` PKG_CHECK_MODULES(OPENSSL, crypto,'
based on some research I saw that I may need some of these packages:
build-essential libfuse-dev libcurl4-openssl-dev libxml2-dev mime-support automake libtool
Still getting the same error.
Here is the code at that line (with context)
# if pkg-config is installed and openssl has installed a .pc file,
# then use that information and don't search ssldirs
PKG_CHECK_MODULES(OPENSSL, crypto, #This is line 4730#
found=true,
ssldirs="$default_ssldirs")
OS is Ubuntu 18.04 with latest OS updates.https://gitlab.isc.org/isc-projects/stork/-/issues/25Users: manage users by the user with administrator's privileges.2019-12-02T16:09:20ZMarcin SiodelskiUsers: manage users by the user with administrator's privileges.Initially, we will have two roles in the system: superuser and the regular user. The super user should be able to manage the user information: add new user with a generated password. The user should be able to log in to the system and be...Initially, we will have two roles in the system: superuser and the regular user. The super user should be able to manage the user information: add new user with a generated password. The user should be able to log in to the system and be prompted to change the password.Stork-0.2Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/27Remove the extra RFC and I-D copies from BIND source distribution2018-03-08T16:08:15ZOndřej SurýRemove the extra RFC and I-D copies from BIND source distributionCopied from here: https://bugs.isc.org/Ticket/Display.html?id=46211
@marka Argues that it's handy to have a copies, but:
* We can have an extra repository and not distribute them in the BIND 9 source code
* We are missing erratas anywa...Copied from here: https://bugs.isc.org/Ticket/Display.html?id=46211
@marka Argues that it's handy to have a copies, but:
* We can have an extra repository and not distribute them in the BIND 9 source code
* We are missing erratas anyway
We should just make a list with the RFCs and I-D and explicitly declare which standards (and at what levels) we support.BIND-9.13.0https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/30report containing zone for no NS records if possible2019-01-18T02:29:57ZMark Andrewsreport containing zone for no NS records if possiblehttps://gitlab.isc.org/isc-projects/dhcp/-/issues/28Update documentation to clarify that FQDNs configured in DHCP (e.g. next-serv...2019-12-09T16:05:38ZCathy AlmondUpdate documentation to clarify that FQDNs configured in DHCP (e.g. next-server) are resolved only once, on startupIt is not clear in the ISC DHCP documentation that when an option that will be used operationally as an IP address is configured using a FQDN, that this will be resolved only once and the resulting IP address used thereafter and never re...It is not clear in the ISC DHCP documentation that when an option that will be used operationally as an IP address is configured using a FQDN, that this will be resolved only once and the resulting IP address used thereafter and never refreshed.
In other words, DHCP is doing a one-time resolution of the FQDN that had been configured for convenience instead of using an address. The TTL of the DNS query response is not observed and the FQDN will not be resolved again until the server is restarted.
This might lead to mis-set expectations when designing a deployment that assumes that it is possible (by means of rotating DNS query responses) to load balance some client provisioning. For example: [Support ticket 14783](https://support.isc.org/Ticket/Display.html?id=14783)https://gitlab.isc.org/isc-projects/stork/-/issues/33Add schema version checking in the Stork server and upgrade if necessary2021-10-12T06:30:36ZMarcin SiodelskiAdd schema version checking in the Stork server and upgrade if necessaryWe think that server should detect database schema version upon startup. In case, the schema version is lower than the version required by the system we may either upgrade the schema or simply report an error. This ticket adds such verif...We think that server should detect database schema version upon startup. In case, the schema version is lower than the version required by the system we may either upgrade the schema or simply report an error. This ticket adds such verification to the server.Stork-0.2Marcin SiodelskiMarcin Siodelskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/28Need a build of 9.10-S with ECS subnet mask restriction removed2019-04-25T15:47:53ZVicky Riskvicky@isc.orgNeed a build of 9.10-S with ECS subnet mask restriction removedThis is for customer to test. If it works for them, they will subscribe and we will have to support them in using this in the -S edition.
In their deployment, this is not a privacy problem: they want to identify the machines (servers) t...This is for customer to test. If it works for them, they will subscribe and we will have to support them in using this in the -S edition.
In their deployment, this is not a privacy problem: they want to identify the machines (servers) that are trying to access the external Internet for system security reasons.
The sooner we can give it to them the better - they have been waiting for a response for a while. I don't want to tell them we will do it until we give them something to test, because if it doesn't work for them, the next thing they want (a proprietary OpenDNS compatibility feature) we may not want to do.https://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/31Please provide an alternative to autoconf2022-12-27T11:10:22ZVicky Riskvicky@isc.orgPlease provide an alternative to autoconfCan you provide a configure script? I got the following questions from someone trying to run this on ... Solaris.
Sorry Mark, I have no idea what I am asking for here.
-------
It only comes with configure.ac so you need autoconf. I’ve...Can you provide a configure script? I got the following questions from someone trying to run this on ... Solaris.
Sorry Mark, I have no idea what I am asking for here.
-------
It only comes with configure.ac so you need autoconf. I’ve seen the list of digs that you run, but if I eyeball them then the results are subject to my interpretation. And it’s the interpretation of the EDNS RFC that’s at the base of our current difficulties…..
-------
Do you have a version of ednscomp that I can run on a lab server that isn’t accessible from the internet? I tried downloading the source for genreport but I seem to need autoconf to generate a configure script….https://gitlab.isc.org/isc-projects/stork/-/issues/27Create user documentation for Stork 0.12019-11-06T08:41:18ZMarcin SiodelskiCreate user documentation for Stork 0.1All features implemented for Stork 0.1 should be properly documented. This includes the details about installation of Stork, Stork Agent, UI etc. It should also include description of authentication, authorization, database administratio...All features implemented for Stork 0.1 should be properly documented. This includes the details about installation of Stork, Stork Agent, UI etc. It should also include description of authentication, authorization, database administration and everything else that counts for the administrator.Stork-0.1https://gitlab.isc.org/isc-projects/kea/-/issues/49During traffic spikes that exceed Kea's throughput capacity, handle backlog m...2018-11-07T05:52:39ZGhost UserDuring traffic spikes that exceed Kea's throughput capacity, handle backlog more effectivelyThe current Kea implementation processes the inbound socket buffer as a simple queue - first in, first out. When the server is under pressure and not handling client packets as fast as they are arriving, a backlog will build up.
If t...The current Kea implementation processes the inbound socket buffer as a simple queue - first in, first out. When the server is under pressure and not handling client packets as fast as they are arriving, a backlog will build up.
If the situation continues for long enough, the client packets that the server is handling will have already timed-out on the client side, so it is pointless to spend time processing them and moreover wasting time on these old packets prevents the server from handling newer packets until they too have timed out. Effectively, it stops responding to active clients because it never gets through the backlog fast enough to reach the most recent inbounds.
Even though the initial spike in traffic may have subsided, the degraded performance can mean that clients change their behaviour, adding retries to the backlog and/or reverting back to initial discovery - thus increasing the backlog of packets to be processed and making recovery unlikely without restarting the server to clear things down.
We need to handle this situation better so that even when swamped, Kea servers are able to process a proportion of recently-received client packets, instead of none of them because it's 'stuck' with the oldest ones instead.
Suggestions being mooted so far suggest either an independent socket reading thread (or process) to manage the inbound traffic and to pull it off the sockets/interfaces on which the Kea server is listening. This will prevent the UDP buffers from overflowing as well as allowing the socket reader to apply better logic to:
- discarding the oldest client packets in favour of the most recently received
- managing the 'waiting' buffers appropriately to the throughput capacity of the server
Maximum per-server throughput will be highly dependent on both configuration and the choice of back-end (e.g database, or memfile, and if database, how and where etc..) - so it would be good to have the I/O handler be tunable too - not discarding too soon for a fast server and so on.
There's no clear operational mitigation strategy for this, other than ensuring sufficient headroom when provisioning so that there are no peaks in client traffic that can overwhelm the server(s) maximum capacity.
(Notably, increasing inbound UDP buffers is likely to make the situation worse rather than better.)Kea1.5-beta1https://gitlab.isc.org/isc-projects/stork/-/issues/35running unittest under the desk that requires Postgres should set up Postgres...2019-10-31T14:00:28ZMichal Nowikowskirunning unittest under the desk that requires Postgres should set up Postgres automaticallyStork-0.1Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/29Improve overall (networking) performance2019-11-07T21:32:34ZOndřej SurýImprove overall (networking) performanceThe asynchronous socket code is the next candidate to get replaced by external library that does things better and is actually maintained. [libuv](http://libuv.org/) is a multi-platform support library with a focus on asynchronous I/O.
...The asynchronous socket code is the next candidate to get replaced by external library that does things better and is actually maintained. [libuv](http://libuv.org/) is a multi-platform support library with a focus on asynchronous I/O.
Apart from the networking I/O, the library can also other things in a multiplatform manner:
* File system operations
* Thread pool work scheduling
* DNS utility functions
* Shared library handling
* Threading and synchronization utilities
* Miscellaneous utilities
The library is well maintained, and it would remove a great burden of maintaining our custom code. I asked @muks to look into it.BIND 9.15.xWitold KrecickiWitold Krecickihttps://gitlab.isc.org/isc-projects/DNS-Compliance-Testing/-/issues/32Extend the DNS compliance tester do that it would be useful TLD operators to ...2022-12-27T11:37:16ZMark AndrewsExtend the DNS compliance tester do that it would be useful TLD operators to do staged warnings.Extend the EDNS compliance tester so that it emits a staged warning stream at 120 days, 90 days, 60 days, 30 days, 15 days, 10 days, 5 days then daily for zones with broken servers.
This also needs to detect firewalls that are systemati...Extend the EDNS compliance tester so that it emits a staged warning stream at 120 days, 90 days, 60 days, 30 days, 15 days, 10 days, 5 days then daily for zones with broken servers.
This also needs to detect firewalls that are systematically blocking specific requests from packet loss. There needs to be a multi-day history of firewall detection before emitting the first warning.
It also needs to detect STD 13 (RFC 1034, RFC 1035) servers and not emit warnings if that is the only reason a server is otherwise flagged for EDNS protocol violations.https://gitlab.isc.org/isc-projects/dhcp/-/issues/30Coverity: memory leaks in conf file parsing2019-11-18T16:01:03ZMark AndrewsCoverity: memory leaks in conf file parsingCIDs 1448191, 1448193, 1448194, 1448195CIDs 1448191, 1448193, 1448194, 14481954.4.2Thomas MarkwalderThomas Markwalderhttps://gitlab.isc.org/isc-projects/stork/-/issues/28Coding guidelines2019-10-31T13:00:31ZTomek MrugalskiCoding guidelinesWe need coding guidelines for the Stork project written.We need coding guidelines for the Stork project written.Stork-0.1Tomek MrugalskiTomek Mrugalskihttps://gitlab.isc.org/isc-projects/stork/-/issues/23Machines: listing, add new machine, fetch a machine in both frontend and the ...2019-10-31T17:33:41ZMarcin SiodelskiMachines: listing, add new machine, fetch a machine in both frontend and the backend.We have to create a view with a list of machine and with a selected machine. We have to be able to specify new machine information and store it in the db. The operational status of the machine should be available.We have to create a view with a list of machine and with a selected machine. We have to be able to specify new machine information and store it in the db. The operational status of the machine should be available.Stork-0.1Michal NowikowskiMichal Nowikowskihttps://gitlab.isc.org/isc-projects/bind9/-/issues/30Update the default for dnssec-validation to auto2018-05-31T16:40:45ZOndřej SurýUpdate the default for dnssec-validation to autoOr even better make the `yes` behave like `auto` and deprecate `auto`.
Also related to #6.Or even better make the `yes` behave like `auto` and deprecate `auto`.
Also related to #6.BIND-9.13.1Evan HuntEvan Hunt