ISC Open Source Projects issueshttps://gitlab.isc.org/groups/isc-projects/-/issues2018-05-22T23:42:37Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/272Windows build broken2018-05-22T23:42:37ZCurtis BlackburnWindows build brokenhttps://jenkins.isc.org/job/bind9-master-win2012-x64-systests/1103/
the build failed at 769551c336e09e2740af2db75f2dccb4c7c28c08
the last successful build was at ee83b59e5e2379bc22158102650f372887855ec0
https://jenkins.isc.org/job/bind9-master-win2012-x64-systests/1103/
the build failed at 769551c336e09e2740af2db75f2dccb4c7c28c08
the last successful build was at ee83b59e5e2379bc22158102650f372887855ec0
BIND-9.13.0Ondřej SurýOndřej Surý2018-05-23https://gitlab.isc.org/isc-projects/bind9/-/issues/271Release 9.13.02018-07-09T11:41:50ZOndřej SurýRelease 9.13.01. [x] Prepare the sources for tarball generation
1. [x] Change software version and library versions in `configure.in`
2. [x] Update CHANGES
3. [x] [Ensure the release notes are correct for this release](https://wiki.isc.org/bin/view...1. [x] Prepare the sources for tarball generation
1. [x] Change software version and library versions in `configure.in`
2. [x] Update CHANGES
3. [x] [Ensure the release notes are correct for this release](https://wiki.isc.org/bin/view/Main/BindReleaseProcedures#Ensure_the_release_notes_are_cor)
4. [x] [Ensure the metainformation is correct for this release](https://wiki.isc.org/bin/view/Main/BindReleaseProcedures#Ensure_the_metainformation_is_co)
3. [x] Make sure the tests are passing
4. [x] Create a tag (name `vX_Y_Z[-alphatag]`, content `BIND X.Y.Z[-alphatag]`, signed with a developer's GPG key): `git tag -u <DEVELOPER_KEYID> -a -s -m "BIND X.Y.Z" vX.Y.Z`
5. [x] Push the changes and tag
6. [x] [Create the tarball](https://wiki.isc.org/bin/view/Main/BindReleaseProcedures#Create_the_tar_ball_using_a_util)
7. [x] [Create the Windows zips](https://wiki.isc.org/bin/view/Main/BindReleaseProcedures#Creating_Windows_zips)
7. [x] Have QA sanity check the tarball and zips
9. [x] Request the signature on the tarballs
10. [x] Make tarballs and signatures available to download
10. [x] Communication
1. [x] Edit the release https://gitlab.isc.org/isc-projects/bind9/tags and the NEWS snippet + links to the tarballs
2. [x] Update the website(?), public release notes(?)
3. [x] Write release e-mail to bind9-announce
4. [x] Post short note to Twitter
5. [x] Update http://en.wikipedia.org/wiki/BIND
11. [x] Update DEB and RPM packagesBIND-9.13.0Curtis BlackburnCurtis Blackburn2018-05-22https://gitlab.isc.org/isc-projects/bind9/-/issues/249Address GCC 8 compilation warnings2018-05-10T08:56:10ZMichał KępieńAddress GCC 8 compilation warningsGCC 8.1.0 on Arch Linux emits some compilation warnings that were not triggered by GCC 7.3.1 on the same system:
* in `bin/named/server.c`:
```
./server.c: In function ‘named_server_zonestatus’:
./server.c:13990:11: warning: ‘%s’ direc...GCC 8.1.0 on Arch Linux emits some compilation warnings that were not triggered by GCC 7.3.1 on the same system:
* in `bin/named/server.c`:
```
./server.c: In function ‘named_server_zonestatus’:
./server.c:13990:11: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 512 [-Wformat-truncation=]
"%s/%s", namebuf, typebuf);
^- -------
./server.c:13989:4: note: ‘snprintf’ output between 2 and 1035 bytes into a destination of size 512
snprintf(resignbuf, sizeof(resignbuf),
^-------------------------------------
"%s/%s", namebuf, typebuf);
--------------------------
```
* in `bin/tests/system/dlzexternal/driver.c`:
```
driver.c: In function ‘dlz_lookup’:
driver.c:424:3: warning: ‘strncpy’ output may be truncated copying 255 bytes from a string of length 255 [-Wstringop-truncation]
strncpy(last, full_name, 255);
^----------------------------
```
* in `lib/dns/dnssec.c`:
```
dnssec.c: In function ‘dns_dnssec_findzonekeys’:
dnssec.c:800:21: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 242 [-Wformat-truncation=]
"key file for %s/%s/%d",
^-
namebuf, algbuf, dst_key_id(pubkey));
-------
dnssec.c:800:7: note: directive argument in the range [0, 65535]
"key file for %s/%s/%d",
^----------------------
dnssec.c:799:5: note: ‘snprintf’ output between 17 and 1063 bytes into a destination of size 255
snprintf(filename, sizeof(filename) - 1,
^---------------------------------------
"key file for %s/%s/%d",
------------------------
namebuf, algbuf, dst_key_id(pubkey));
------------------------------------
dnssec.c: In function ‘dns_dnssec_keylistfromrdataset’:
dnssec.c:1692:21: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size 242 [-Wformat-truncation=]
"key file for %s/%s/%d",
^-
namebuf, algbuf, dst_key_id(pubkey));
-------
dnssec.c:1692:7: note: directive argument in the range [0, 65535]
"key file for %s/%s/%d",
^----------------------
dnssec.c:1691:5: note: ‘snprintf’ output between 17 and 1063 bytes into a destination of size 255
snprintf(filename, sizeof(filename) - 1,
^---------------------------------------
"key file for %s/%s/%d",
------------------------
namebuf, algbuf, dst_key_id(pubkey));
------------------------------------
```
* in `lib/dns/rdata/generic/loc_29.c`:
```
In file included from code.h:56,
from rdata.c:560:
rdata/generic/loc_29.c: In function ‘totext_loc.isra.328’:
rdata/generic/loc_29.c:558:60: warning: ‘snprintf’ output may be truncated before the last format character [-Wformat-truncation=]
"%d %d %d.%03d %s %d %d %d.%03d %s %s%lu.%02lum %s %s %s",
^
rdata/generic/loc_29.c:557:2: note: ‘snprintf’ output between 33 and 75 bytes into a destination of size 74
snprintf(buf, sizeof(buf),
^-------------------------
"%d %d %d.%03d %s %d %d %d.%03d %s %s%lu.%02lum %s %s %s",
----------------------------------------------------------
d1, m1, s1, fs1, north ? "N" : "S",
-----------------------------------
d2, m2, s2, fs2, east ? "E" : "W",
----------------------------------
below ? "-" : "", altitude/100, altitude % 100,
-----------------------------------------------
sbuf, hbuf, vbuf);
-----------------
```
* in `lib/isc/{unix,win32}/file.c`:
```
file.c: In function 'isc_file_sanitize':
file.c:742:36: error: '%s' directive output may be truncated writing up to 1 bytes into a region of size between 0 and 4096 [-Werror=format-truncation=]
snprintf(buf, sizeof(buf), "%s%s%s%s%s",
^-
file.c:742:2: note: 'snprintf' output 1 or more bytes (assuming 4098) into a destination of size 4096
snprintf(buf, sizeof(buf), "%s%s%s%s%s",
^---------------------------------------
dir != NULL ? dir : "", dir != NULL ? "/" : "",
-----------------------------------------------
hash, ext != NULL ? "." : "", ext != NULL ? ext : "");
-----------------------------------------------------
file.c:752:36: error: '%s' directive output may be truncated writing up to 1 bytes into a region of size between 0 and 4096 [-Werror=format-truncation=]
snprintf(buf, sizeof(buf), "%s%s%s%s%s",
^-
file.c:752:2: note: 'snprintf' output 1 or more bytes (assuming 4098) into a destination of size 4096
snprintf(buf, sizeof(buf), "%s%s%s%s%s",
^---------------------------------------
dir != NULL ? dir : "", dir != NULL ? "/" : "",
-----------------------------------------------
hash, ext != NULL ? "." : "", ext != NULL ? ext : "");
-----------------------------------------------------
```
* in `lib/ns/notify.c`:
```
notify.c: In function ‘ns_notify_start’:
notify.c:128:53: warning: ‘%s’ directive output may be truncated writing up to 1023 bytes into a region of size between 0 and 1023 [-Wformat-truncation=]
snprintf(tsigbuf, sizeof(tsigbuf), ": TSIG '%s' (%s)",
^-
namebuf, cnamebuf);
--------
notify.c:128:4: note: ‘snprintf’ output between 13 and 2059 bytes into a destination of size 1034
snprintf(tsigbuf, sizeof(tsigbuf), ": TSIG '%s' (%s)",
^-----------------------------------------------------
namebuf, cnamebuf);
------------------
```
None of these look serious to me. AFAICT, the worst case scenario is truncated output.BIND-9.13.0Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/191Remove OpenSSL < 1.0.0 support2018-05-03T20:32:48ZOndřej SurýRemove OpenSSL < 1.0.0 supportThe current code is #ifdef spaghetti supporting OpenSSL 1.1, OpenSSL 1.0/LibreSSL and OpenSSL 0.9.6/0.9.8. Let's remove OpenSSL 0.9.x support to simplify the code.The current code is #ifdef spaghetti supporting OpenSSL 1.1, OpenSSL 1.0/LibreSSL and OpenSSL 0.9.6/0.9.8. Let's remove OpenSSL 0.9.x support to simplify the code.BIND-9.13.0Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/171problems detected by LGTM static analyzer2018-04-22T20:01:36ZEvan Huntproblems detected by LGTM static analyzerhttps://lgtm.com/projects/g/isc-projects/bind9/alerts?mode=listhttps://lgtm.com/projects/g/isc-projects/bind9/alerts?mode=listBIND-9.13.0Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/168coverity: Incorrect shifting in DNS_RPZ_ZMASK2018-03-19T22:14:45ZGhost Usercoverity: Incorrect shifting in DNS_RPZ_ZMASK```
________________________________________________________________________________________________________
*** CID 1430160: (BAD_SHIFT)
/lib/ns/query.c: 2610 in rpz_get_zbits()
2604 * the smallest name,
2605 ...```
________________________________________________________________________________________________________
*** CID 1430160: (BAD_SHIFT)
/lib/ns/query.c: 2610 in rpz_get_zbits()
2604 * the smallest name,
2605 * the longest IP address prefix,
2606 * the lexically smallest address.
2607 */
2608 if (st->m.policy != DNS_RPZ_POLICY_MISS) {
2609 if (st->m.type >= rpz_type) {
>>> CID 1430160: (BAD_SHIFT)
>>> In expression "1 << st->m.rpz->num + 1", left shifting by more than 31 bits has undefined behavior. The shift amount, "st->m.rpz->num + 1", is as much as 63.
2610 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num);
2611 } else{
2612 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num) >> 1;
2613 }
2614 }
2615
/lib/ns/query.c: 2612 in rpz_get_zbits()
2606 * the lexically smallest address.
2607 */
2608 if (st->m.policy != DNS_RPZ_POLICY_MISS) {
2609 if (st->m.type >= rpz_type) {
2610 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num);
2611 } else{
>>> CID 1430160: (BAD_SHIFT)
>>> In expression "1 << st->m.rpz->num + 1", left shifting by more than 31 bits has undefined behavior. The shift amount, "st->m.rpz->num + 1", is as much as 63.
2612 zbits &= DNS_RPZ_ZMASK(st->m.rpz->num) >> 1;
2613 }
2614 }
2615
2616 /*
2617 * If the client wants recursion, allow only compatible policies.
```BIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/167coverity: Dereferencing a null pointer in lib/dns/tests/rbt_test.c2018-03-19T22:56:03ZGhost Usercoverity: Dereferencing a null pointer in lib/dns/tests/rbt_test.c```
** CID 1430161: (NULL_RETURNS)
/lib/dns/tests/rbt_test.c: 1142 in atfu_rbt_addname_body()
/lib/dns/tests/rbt_test.c: 1153 in atfu_rbt_addname_body()
_______________________________________________________________________________...```
** CID 1430161: (NULL_RETURNS)
/lib/dns/tests/rbt_test.c: 1142 in atfu_rbt_addname_body()
/lib/dns/tests/rbt_test.c: 1153 in atfu_rbt_addname_body()
________________________________________________________________________________________________________
*** CID 1430161: (NULL_RETURNS)
/lib/dns/tests/rbt_test.c: 1142 in atfu_rbt_addname_body()
1136 result = dns_test_begin(NULL, ISC_TRUE);
1137 ATF_CHECK_EQ(result, ISC_R_SUCCESS);
1138
1139 ctx = test_context_setup();
1140
1141 n = isc_mem_get(mctx, sizeof(size_t));
>>> CID 1430161: (NULL_RETURNS)
>>> Dereferencing a null pointer "n".
1142 *n = 1;
1143
1144 dns_test_namefromstring("d.e.f.g.h.i.j.k", &fname);
1145 name = dns_fixedname_name(&fname);
1146
1147 /* Add a name that doesn't exist */
/lib/dns/tests/rbt_test.c: 1153 in atfu_rbt_addname_body()
1147 /* Add a name that doesn't exist */
1148 result = dns_rbt_addname(ctx->rbt, name, n);
1149 ATF_REQUIRE_EQ(result, ISC_R_SUCCESS);
1150
1151 /* Now add again, should get ISC_R_EXISTS */
1152 n = isc_mem_get(mctx, sizeof(size_t));
>>> CID 1430161: (NULL_RETURNS)
>>> Dereferencing a null pointer "n".
1153 *n = 2;
1154 result = dns_rbt_addname(ctx->rbt, name, n);
1155 ATF_REQUIRE_EQ(result, ISC_R_EXISTS);
1156 isc_mem_put(mctx, n, sizeof(size_t));
1157
1158 test_context_teardown(ctx);
```BIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/166statistics system test numbering is bad2018-03-19T22:14:37ZMark Andrewsstatistics system test numbering is badBIND-9.13.0Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/165Always use OpenSSL or PKCS#11 random data providers2021-05-19T16:44:22ZOndřej SurýAlways use OpenSSL or PKCS#11 random data providersCurrently, we support OpenSSL, PKCS#11 or own (libisc) random bytes provider. Remove the embedded entropy provider and always use crypto library providers.Currently, we support OpenSSL, PKCS#11 or own (libisc) random bytes provider. Remove the embedded entropy provider and always use crypto library providers.BIND-9.13.0Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/164Remove useless OpenSSL warning from configure script2018-03-19T22:14:23ZOndřej SurýRemove useless OpenSSL warning from configure scriptThere's a OpenSSL warning in `configure` script that's obsolete:
> The latest stable version is the 1.1.0 series. The 1.0.2 series is our Long Term Support (LTS) release, supported until 31st December 2019. The 0.9.8, 1.0.0 and 1.0.1 ve...There's a OpenSSL warning in `configure` script that's obsolete:
> The latest stable version is the 1.1.0 series. The 1.0.2 series is our Long Term Support (LTS) release, supported until 31st December 2019. The 0.9.8, 1.0.0 and 1.0.1 versions are now out of support and should not be used.
and it should be removed as it is not BIND's place to teach users to update their system anyway.BIND-9.13.0Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/163Add libidn2 info to "Configuration summary"2018-04-05T10:08:12ZOndřej SurýAdd libidn2 info to "Configuration summary"BIND-9.13.0Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/162Remove idnkit-1.0 from BIND sources2018-03-17T13:15:03ZOndřej SurýRemove idnkit-1.0 from BIND sourcesThere's a local copy of outdated idnkit-1.0 library in BIND source. Let's just get rid of it (and cleanup relevant documentation).There's a local copy of outdated idnkit-1.0 library in BIND source. Let's just get rid of it (and cleanup relevant documentation).BIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/159Improve handling of inline signed zones with missing signing keys2018-04-25T19:25:27ZMichał KępieńImprove handling of inline signed zones with missing signing keys[RT #35502](https://bugs.isc.org/Ticket/Display.html?id=35502) points out that `named` treats inline signed zones with no associated signing keys in a somewhat confusing way. It boils down to two issues:
1. Bumped signed serial is logg...[RT #35502](https://bugs.isc.org/Ticket/Display.html?id=35502) points out that `named` treats inline signed zones with no associated signing keys in a somewhat confusing way. It boils down to two issues:
1. Bumped signed serial is logged even when an error occurs while updating signatures later on. To reproduce the problem, configure a zone like this:
```
zone "foo." {
type master;
file "foo.db";
inline-signing yes;
auto-dnssec maintain;
};
```
Do not create any signing keys, prepare zone file `foo.db` with serial number 1, start `named`. Then update `foo.db` by setting the serial number to 2 and run `rndc reload foo`. Something like this will be logged:
```
16-Mar-2018 23:33:46.839 zone foo/IN (unsigned): loaded serial 2
16-Mar-2018 23:33:46.839 zone foo/IN (signed): serial 2 (unsigned 2)
16-Mar-2018 23:33:46.840 zone foo/IN (signed): could not get zone keys for secure dynamic update
16-Mar-2018 23:33:46.840 zone foo/IN (signed): receive_secure_serial: not found
```
However, `named` will still be serving version 1 of the zone.
1. While configuring an inline signed zone without any signing keys results in an unsigned version of the zone being served, any subsequent updates to the raw zone are not reflected in the secure zone. While not creating signing keys for a zone explicitly designated to be signed may be considered a self-foot-shoot, it would arguably be a more user-friendly approach to keep applying raw zone changes to the secure zone as long as it is safe to do so, i.e. until signing keys become available (at which point applying raw zone changes without the accompanying signature changes would break existing signatures).BIND-9.13.0Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/157Windows build fails2018-03-19T22:15:43ZCurtis BlackburnWindows build failsThe build fails on windows, because the sln file still references lib/tests, which was removed.
see: https://jenkins.isc.org/view/BIND/job/bind9-master-win2012-x64-systests/1072/consoleThe build fails on windows, because the sln file still references lib/tests, which was removed.
see: https://jenkins.isc.org/view/BIND/job/bind9-master-win2012-x64-systests/1072/consoleBIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/154Build failure on OSX with --disable-atomic --enable-developer2018-03-19T22:14:14ZCurtis BlackburnBuild failure on OSX with --disable-atomic --enable-developer<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [...<!--
If the bug you are reporting is potentially security-related - for example,
if it involves an assertion failure or other crash in `named` that can be
triggered repeatedly - then please do *NOT* report it here, but send an
email to [security-officer@isc.org](security-officer@isc.org).
-->
### Summary
BIND9 fails to build on OSX with --disable-atomic and --enable developer
see output at: https://jenkins.isc.org/view/BIND/job/bind9-master-macmini--disable-atomic/513/console
### Steps to reproduce
$ ./configure --disable-atomic --without-zlib --with-atf=/Users/jenkins/opt/atf --with-openssl=/usr/local/opt/openssl/ --with-libxml2=/usr/local/opt/libxml2 --enable-full-report --enable-developer
$ make
### What is the current *bug* behavior?
atomic_test.c:319:16: error: unused parameter 'tp' [-Werror,-Wunused-parameter]
ATF_TP_ADD_TCS(tp) {
^
1 error generated.
make[3]: *** [atomic_test.o] Error 1
### What is the expected *correct* behavior?
a successful build
### Relevant configuration files
none
### Relevant logs and/or screenshots
see https://jenkins.isc.org/view/BIND/job/bind9-master-macmini--disable-atomic/513/console
### Possible fixes
we probably need an UNUSED(tp) on line 320 of atomic_test.cBIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/146Fix existing auth ECS support as much as possible2018-03-28T16:08:47ZGhost UserFix existing auth ECS support as much as possibleBIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/145different RRSIG expiry for DNSKEY2018-08-02T19:33:02ZEvan Huntdifferent RRSIG expiry for DNSKEYAs reported by @cathya, a customer has a use case in which they keep the KSK offline most of the time, but bring it online periodically so that the zone's DNSKEY RRSIGs can be refreshed. They'd like to have a longer signature validity pe...As reported by @cathya, a customer has a use case in which they keep the KSK offline most of the time, but bring it online periodically so that the zone's DNSKEY RRSIGs can be refreshed. They'd like to have a longer signature validity period for the DNSKEY only. This is similar to what's done by `dnssec-signzone -X`, but done by the automatic signing process in `named`.BIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/139Tests for IDNA2008 (libidn2)2018-04-04T13:52:44ZOndřej SurýTests for IDNA2008 (libidn2)The following discussion from !56 should be addressed:
- [ ] @ondrej started a [discussion](https://gitlab.isc.org/isc-projects/bind9/merge_requests/56#note_4595):
> This mostly looks fine to me (after the nits being fixed), but t...The following discussion from !56 should be addressed:
- [ ] @ondrej started a [discussion](https://gitlab.isc.org/isc-projects/bind9/merge_requests/56#note_4595):
> This mostly looks fine to me (after the nits being fixed), but the biggest issue before merging the code would be having tests for the code.
>
> Could you come up with couple of tests cases (IDNA2008 compliant, and also some tests that should "fail" because the encoding is broken, etc.) and either write the tests yourself (preferred :)), or just shove it to us and we'll take care of the tests. But they need to be present before the final merge.BIND-9.13.0Stephen MorrisStephen Morrishttps://gitlab.isc.org/isc-projects/bind9/-/issues/137Remove support for systems without ftello/fseeko2018-03-19T22:14:27ZOndřej SurýRemove support for systems without ftello/fseeko`fseeko` and `ftello` conforms to SUSv2, POSIX.1-2001. The `configure.in` says:
```
# BSDI doesn't have ftello fseeko
AC_CHECK_FUNCS(ftello fseeko)
```
The last version of BSD/OS was released in 2003, henceforth I believe it's safe to...`fseeko` and `ftello` conforms to SUSv2, POSIX.1-2001. The `configure.in` says:
```
# BSDI doesn't have ftello fseeko
AC_CHECK_FUNCS(ftello fseeko)
```
The last version of BSD/OS was released in 2003, henceforth I believe it's safe to remove this workaround.BIND-9.13.0Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/136cds system test fails intermittently2018-03-19T22:15:52ZMichał Kępieńcds system test fails intermittentlyThe failure mode below has been observed 2 times so far:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/3108
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/3340
```
S:cds:Tue Mar 6 15:58:36 UTC 2018
T:cds:1:A
A:cds:System test...The failure mode below has been observed 2 times so far:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/3108
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/3340
```
S:cds:Tue Mar 6 15:58:36 UTC 2018
T:cds:1:A
A:cds:System test cds
I:cds:PORTRANGE:6200 - 6299
I:cds:usage (1)
I:cds:need a DS file (2)
I:cds:name of dsset in directory (3)
I:cds:load a file (4)
I:cds:load DS records (5)
I:cds:missing DNSKEY (6)
I:cds:sigs too old (7)
I:cds:sigs too old, verbosely (8)
I:cds:old sigs are allowed (9)
I:cds:no CDS/CDNSKEY records (10)
I:cds:no child records, verbosely (11)
I:cds:unsigned CDS (12)
I:cds:correct signature inception time (13)
I:cds:in-place reads modification time (14)
I:cds:in-place output correct modification time (15)
D:stderr did not match ''
D:bad mtime 3610 at checkmtime.pl line 15.
I:cds:failed
D:exit status does not match 0
I:cds:failed
I:cds:in-place backup correct modification time (16)
D:stderr did not match ''
D:bad mtime 7210 at checkmtime.pl line 15.
I:cds:failed
D:exit status does not match 0
I:cds:failed
I:cds:in-place correct output (17)
I:cds:in-place backup unmodified (18)
I:cds:one mangled DS (19)
I:cds:other mangled DS (20)
I:cds:both mangled DS (21)
I:cds:mangle RRSIG CDS by ZSK (22)
I:cds:mangle RRSIG CDS by KSK (23)
I:cds:mangle CDS 1 (24)
I:cds:inconsistent digests (25)
I:cds:inconsistent algorithms (26)
I:cds:add DS records (27)
I:cds:update add (28)
I:cds:remove DS records (29)
I:cds:update del (30)
I:cds:swap DS records (31)
I:cds:update swap (32)
I:cds:TTL from -T (33)
I:cds:update TTL from -T (34)
I:cds:update TTL from dsset (35)
I:cds:TTL from -T overrides dsset (36)
I:cds:stable DS record order (changes) (37)
I:cds:CDNSKEY default algorithm (38)
I:cds:CDNSKEY SHA1 (39)
I:cds:CDNSKEY two algorithms (40)
I:cds:CDNSKEY two algorithms, reversed (41)
I:cds:CDNSKEY and CDS (42)
I:cds:prefer CDNSKEY (43)
I:cds:exit status: 4
R:cds:FAIL
E:cds:Tue Mar 6 15:59:05 UTC 2018
```
Contents of `bin/tests/system/cds/` from both jobs listed above are [attached](/uploads/9472df3aa2bfa776e40e1a8ae20737c6/cds.tar.gz).BIND-9.13.0