1. 14 Jun, 2021 9 commits
    • Mark Andrews's avatar
      Add server clause require-cookie · a3567621
      Mark Andrews authored
      Specifies if an UDP response requires a DNS COOKIE or not.
      Fallback to TCP if not present and not TSIG signed.
    • Artem Boldariev's avatar
      Merge branch 'artem/dig-large-doh-responses-support' into 'main' · 8d36cac8
      Artem Boldariev authored
      Fix BIND and dig to support large DNS messages over DoH, disable XFRs over DoH
      See merge request !5148
    • Evan Hunt's avatar
      CHANGES · f8caebe1
      Evan Hunt authored
      Mention that XFRs over DoH are explicitly disabled for now.
    • Artem Boldariev's avatar
      Set sock->iface and sock->peer properly for layered connection types · ccd2267b
      Artem Boldariev authored
      This change sets the mentioned fields properly and gets rid of klusges
      added in the times when we were keeping pointers to isc_sockaddr_t
      instead of copies. Among other things it helps to avoid a situation
      when garbage instead of an address appears in dig output.
    • Artem Boldariev's avatar
      Make BIND refuse to serve XFRs over DoH · b84fa122
      Artem Boldariev authored
      We cannot use DoH for zone transfers.  According to RFC8484 a DoH
      request contains exactly one DNS message (see Section 6: Definition of
      the "application/dns-message" Media Type,
      https://datatracker.ietf.org/doc/html/rfc8484#section-6).  This makes
      DoH unsuitable for zone transfers as often (and usually!) these need
      more than one DNS message, especially for larger zones.
      As zone transfers over DoH are not (yet) standardised, nor discussed
      in RFC8484, the best thing we can do is to return "not implemented."
      Technically DoH can be used to transfer small zones which fit in one
      message, but that is not enough for the generic case.
      Also, this commit makes the server-side DoH code ensure that no
      multiple responses could be attempted to be sent over one HTTP/2
      stream. In HTTP/2 one stream is mapped to one request/response
      transaction. Now the write callback will be called with failure error
      code in such a case.
    • Artem Boldariev's avatar
      Pass an HTTP handle to the read callback when finishing a stream · 009752ca
      Artem Boldariev authored
      This commit fixes a leftover from an earlier version of the client-side
      DoH code when the underlying transport handle was used directly.
    • Artem Boldariev's avatar
      Fix a crash in the client-side DoH code (header processing callback) · d5d20ceb
      Artem Boldariev authored
      Support a situation in header processing callback when client side
      code could receive a belated response or part of it. That could
      happen when the HTTP/2 session was already closed, but there were some
      response data from server in flight. Other client-side nghttp2
      callbacks code already handled this case.
      The bug became apparent after HTTP/2 write buffering was supported,
      leading to rare unit test failures.
    • Artem Boldariev's avatar
      Nullify connect.cstream in time and keep track of all client streams · 2dfc0d9a
      Artem Boldariev authored
      This commit ensures that sock->h2.connect.cstream gets nullified when
      the object in question is deleted. This fixes a nasty crash in dig
      exposed when receiving large responses leading to double free()ing.
      Also, it refactors how the client-side code keeps track of client
      streams (hopefully) preventing from similar errors appearing in the
    • Artem Boldariev's avatar
      Fix BIND to serve large HTTP responses · 5b507c11
      Artem Boldariev authored
      This commit makes NM code to report HTTP as a stream protocol. This
      makes it possible to handle large responses properly. Like:
      dig +https @ A cmts1-dhcp.longlines.com
  2. 13 Jun, 2021 2 commits
  3. 12 Jun, 2021 1 commit
  4. 10 Jun, 2021 9 commits
    • Michał Kępień's avatar
      Merge branch '2759-fix-no-ds-proofs-for-wildcard-cname-delegations' into 'main' · e5673b89
      Michał Kępień authored
      Fix "no DS" proofs for wildcard+CNAME delegations
      Closes #2759
      See merge request !5155
    • Michał Kępień's avatar
      Add release note · 16708682
      Michał Kępień authored
    • Michał Kępień's avatar
      Add CHANGES entry · c223d816
      Michał Kępień authored
    • Michał Kępień's avatar
      Fix "no DS" proofs for wildcard+CNAME delegations · 7a87bf46
      Michał Kępień authored
      When answering a query requires wildcard expansion, the AUTHORITY
      section of the response needs to include NSEC(3) record(s) proving that
      the QNAME does not exist.
      When a response to a query is an insecure delegation, the AUTHORITY
      section needs to include an NSEC(3) proof that no DS record exists at
      the parent side of the zone cut.
      These two conditions combined trip up the NSEC part of the logic
      contained in query_addds(), which expects the NS RRset to be owned by
      the first name found in the AUTHORITY section of a delegation response.
      This may not always be true, for example if wildcard expansion causes an
      NSEC record proving QNAME nonexistence to be added to the AUTHORITY
      section before the delegation is added to the response.  In such a case,
      named incorrectly omits the NSEC record proving nonexistence of QNAME
      from the AUTHORITY section.
      The same block of code is affected by another flaw: if the same NSEC
      record proves nonexistence of both the QNAME and the DS record at the
      parent side of the zone cut, this NSEC record will be added to the
      AUTHORITY section twice.
      Fix by looking for the NS RRset in the entire AUTHORITY section and
      adding the NSEC record to the delegation using query_addrrset() (which
      handles duplicate RRset detection).
    • Michał Kępień's avatar
      Add AUTHORITY tests for CNAME-sourced delegations · 26ec4b9a
      Michał Kępień authored
      Add a set of system tests which check the contents of the AUTHORITY
      section for signed, insecure delegation responses constructed from CNAME
      records and wildcards, both for zones using NSEC and NSEC3.
    • Michał Kępień's avatar
      Merge branch 'michal/fix-the-variable-checked-by-a-post-load-assertion' into 'main' · 439efc6e
      Michał Kępień authored
      Fix the variable checked by a post-load assertion
      See merge request !5164
    • Mark Andrews's avatar
      Fix the variable checked by a post-load assertion · 098639dc
      Mark Andrews authored
      Instead of checking the value of the variable modified two lines earlier
      (the number of SOA records present at the apex of the old version of the
      zone), one of the RUNTIME_CHECK() assertions in zone_postload() checks
      the number of SOA records present at the apex of the new version of the
      zone, which is already checked before.  Fix the assertion by making it
      check the correct variable.
    • Michał Kępień's avatar
      Merge branch 'michal/update-release-checklist' into 'main' · 9ec886bc
      Michał Kępień authored
      Update release checklist
      See merge request !5165
    • Michał Kępień's avatar
      Update release checklist · d0886bd9
      Michał Kępień authored
      Add two items to the release checklist to ensure that the start and the
      end of the code freeze for each release cycle is announced on
  5. 09 Jun, 2021 11 commits
    • Mark Andrews's avatar
      Merge branch '2760-db-unit-test-failure' into 'main' · b3ef4512
      Mark Andrews authored
      Resolve "db unit test failure"
      Closes #2760
      See merge request !5156
    • Mark Andrews's avatar
      Adjust acceptable count values · 2bc454dc
      Mark Andrews authored
      usleep(100000) can be slightly less than 10ms so allow the count
      to reach 11.
    • Mark Andrews's avatar
      Merge branch... · efacee3d
      Mark Andrews authored
      Merge branch '2720-threadsanitizer-data-race-lib-isc-unix-time-c-110-in-isc_time_isepoch' into 'main'
      Resolve "ThreadSanitizer: data race lib/isc/unix/time.c:110 in isc_time_isepoch"
      Closes #2720
      See merge request !5124
    • Mark Andrews's avatar
      Address race between zone_settimer and set_key_expiry_warning by · 3d66e97a
      Mark Andrews authored
      adding missing lock.
          WARNING: ThreadSanitizer: data race
          Read of size 4 at 0x000000000001 by thread T1 (mutexes: read M1, write M2):
          #0 isc_time_isepoch lib/isc/unix/time.c:110
          #1 zone_settimer lib/dns/zone.c:14649
          #2 dns_zone_maintenance lib/dns/zone.c:6281
          #3 dns_zonemgr_forcemaint lib/dns/zone.c:18190
          #4 view_loaded server.c:9654
          #5 call_loaddone lib/dns/zt.c:301
          #6 doneloading lib/dns/zt.c:575
          #7 zone_asyncload lib/dns/zone.c:2259
          #8 task_run lib/isc/task.c:845
          #9 isc_task_run lib/isc/task.c:938
          #10 isc__nm_async_task lib/isc/netmgr/netmgr.c:855
          #11 process_netievent lib/isc/netmgr/netmgr.c:934
          #12 process_queue lib/isc/netmgr/netmgr.c:1003
          #13 process_all_queues lib/isc/netmgr/netmgr.c:775
          #14 async_cb lib/isc/netmgr/netmgr.c:804
          #15 <null> <null>
          #16 isc__trampoline_run lib/isc/trampoline.c:191
          #17 <null> <null>
          Previous write of size 4 at 0x000000000001 by thread T2:
          #0 isc_time_set lib/isc/unix/time.c:93
          #1 set_key_expiry_warning lib/dns/zone.c:6430
          #2 del_sigs lib/dns/zone.c:6711
          #3 zone_resigninc lib/dns/zone.c:7113
          #4 zone_maintenance lib/dns/zone.c:11111
          #5 zone_timer lib/dns/zone.c:14588
          #6 task_run lib/isc/task.c:845
          #7 isc_task_run lib/isc/task.c:938
          #8 isc__nm_async_task lib/isc/netmgr/netmgr.c:855
          #9 process_netievent lib/isc/netmgr/netmgr.c:934
          #10 process_queue lib/isc/netmgr/netmgr.c:1003
          #11 process_all_queues lib/isc/netmgr/netmgr.c:775
          #12 async_cb lib/isc/netmgr/netmgr.c:804
          #13 <null> <null>
          #14 isc__trampoline_run lib/isc/trampoline.c:191
          #15 <null> <null>
          SUMMARY: ThreadSanitizer: data race lib/isc/unix/time.c:110 in isc_time_isepoch
    • Ondřej Surý's avatar
      Merge branch '2690-remove-windows-support-for-bind-9-17-9-18' into 'main' · 0f47ad87
      Ondřej Surý authored
      Completely remove BIND 9 Windows support
      Closes #2690
      See merge request !5073
    • Ondřej Surý's avatar
      Add CHANGES and release note for GL #2690 · 0b5f205b
      Ondřej Surý authored
    • Ondřej Surý's avatar
      Completely remove BIND 9 Windows support · 440fb3d2
      Ondřej Surý authored
      The Windows support has been completely removed from the source tree
      and BIND 9 now no longer supports native compilation on Windows.
      We might consider reviewing mingw-w64 port if contributed by external
      party, but no development efforts will be put into making BIND 9 compile
      and run on Windows again.
    • Matthijs Mekking's avatar
      Merge branch '2725-nsec3param-changes-on-restart' into 'main' · ad130e45
      Matthijs Mekking authored
      Fix NSEC3 resalt on restart
      Closes #2725
      See merge request !5126
    • Matthijs Mekking's avatar
    • Matthijs Mekking's avatar
      Fix NSEC3 resalting upon restart · 0ae3ffdc
      Matthijs Mekking authored
      When named restarts, it will examine signed zones and checks if the
      current denial of existence strategy matches the dnssec-policy. If not,
      it will schedule to create a new NSEC(3) chain.
      However, on startup the zone database may not be read yet, fooling
      BIND that the denial of existence chain needs to be created. This
      results in a replacement of the previous NSEC(3) chain.
      Change the code such that if the NSEC3PARAM lookup failed (the result
      did not return in ISC_R_SUCCESS or ISC_R_NOTFOUND), we will try
      again later. The nsec3param structure has additional variables to
      signal if the lookup is postponed. We also need to save the signal
      if an explicit resalt was requested.
      In addition to the two added boolean variables, we add a variable to
      store the NSEC3PARAM rdata. This may have a yet to be determined salt
      value. We can't create the private data yet because there may be a
      mismatch in salt length and the NULL salt value.
    • Matthijs Mekking's avatar
      Add test for NSEC3PARAM not changed after restart · 08a9e7ad
      Matthijs Mekking authored
      Add a test case where 'named' is restarted and ensure that an already
      signed zone does not change its NSEC3 parameters.
      The test case first tests the current zone and saves the used salt
      value. Then after restart it checks if the salt (and other parameters)
      are the same as before the restart.
      This test case changes 'set_nsec3param'. This will now reset the salt
      value, and when checking for NSEC3PARAM we will store the salt and
      use it when testing the NXDOMAIN response. This does mean that for
      every test case we now have to call 'set_nsec3param' explicitly (and
      can not omit it because it is the same as the previous zone).
      Finally, slightly changed some echo output to make debugging friendlier.
  6. 04 Jun, 2021 2 commits
  7. 03 Jun, 2021 4 commits
  8. 02 Jun, 2021 2 commits