- 06 May, 2019 1 commit
-
-
Mark Andrews authored
(cherry picked from commit 4889e06c)
-
- 26 Apr, 2019 2 commits
-
-
Michał Kępień authored
[v9_11] Simplify trailing period handling in system tests See merge request !1878
-
Michał Kępień authored
Windows systems do not allow a trailing period in file names while Unix systems do. When BIND system tests are run, the $TP environment variable is set to an empty string on Windows systems and to "." on Unix systems. This environment variable is then used by system test scripts for handling this discrepancy properly. In multiple system test scripts, a variable holding a zone name is set to a string with a trailing period while the names of the zone's corresponding dlvset-* and/or dsset-* files are determined using numerous sed invocations like the following one: dlvsets="$dlvsets dlvset-`echo $zone |sed -e "s/.$//g"`$TP" In order to improve code readability, use zone names without trailing periods and replace sed invocations with variable substitutions. To retain local consistency, also remove the trailing period from certain other zone names used in system tests that are not subsequently processed using sed. (cherry picked from commit da2c1b74)
-
- 25 Apr, 2019 13 commits
-
-
Ondřej Surý authored
Prep release v9 11 See merge request !1865
-
Tinderbox User authored
(cherry picked from commit 40b034f5)
-
Tinderbox User authored
(cherry picked from commit 6195f229)
-
Ondřej Surý authored
Replace atomic operations in bin/named/client.c with isc_refcount reference counting See merge request !1864
-
Ondřej Surý authored
-
Ondřej Surý authored
Resolve "tcp-clients mostly ineffective" See merge request !1863
-
Evan Hunt authored
in the "refactor tcpquota and pipeline refs" commit, the counting of active interfaces was tightened in such a way that named could fail to listen on an interface if there were more interfaces than tcp-clients. when checking the quota to start accepting on an interface, if the number of active clients was above zero, then it was presumed that some other client was able to handle accepting new connections. this, however, ignored the fact that the current client could be included in that count, so if the quota was already exceeded before all the interfaces were listening, some interfaces would never listen. we now check whether the current client has been marked active; if so, then the number of active clients on the interface must be greater than 1, not 0. (cherry picked from commit 0b4e2cd4) (cherry picked from commit d01023aa)
-
Evan Hunt authored
- if the TCP quota has been exceeded but there are no clients listening for new connections on the interface, we can now force attachment to the quota using isc_quota_force(), instead of carrying on with the quota not attached. - the TCP client quota is now referenced via a reference-counted 'ns_tcpconn' object, one of which is created whenever a client begins listening for new connections, and attached to by members of that client's pipeline group. when the last reference to the tcpconn object is detached, it is freed and the TCP quota slot is released. - reduce code duplication by adding mark_tcp_active() function. - convert counters to atomic. (cherry picked from commit 7e822237) (cherry picked from commit 49394512) (cherry picked from commit 13f7c918)
-
Evan Hunt authored
- ensure that tcpactive is cleaned up correctly when accept() fails. - set 'client->tcpattached' when the client is attached to the tcpquota. carry this value on to new clients sharing the same pipeline group. don't call isc_quota_detach() on the tcpquota unless tcpattached is set. this way clients that were allowed to accept TCP connections despite being over quota (and therefore, were never attached to the quota) will not inadvertently detach from it and mess up the accounting. - simplify the code for tcpquota disconnection by using a new function tcpquota_disconnect(). - before deciding whether to reject a new connection due to quota exhaustion, check to see whether there are at least two active clients. previously, this was "at least one", but that could be insufficient if there was one other client in READING state (waiting for messages on an open connection) but none in READY (listening for new connections). - before deciding whether a TCP client object can to go inactive, we must ensure there are enough other clients to maintain service afterward -- both accepting new connections and reading/processing new queries. A TCP client can't shut down unless at least one client is accepting new connections and (in the case of pipelined clients) at least one additional client is waiting to read. (cherry picked from commit c7394738) (cherry picked from commit e965d5f1) (cherry picked from commit 87d43116)
-
Michał Kępień authored
Track pipeline groups using a shared reference counter instead of a linked list. (cherry picked from commit 513afd33) (cherry picked from commit 9446629b)
-
Witold Krecicki authored
the TCP client quota could still be ineffective under some circumstances. this change: - improves quota accounting to ensure that TCP clients are properly limited, while still guaranteeing that at least one client is always available to serve TCP connections on each interface. - uses more descriptive names and removes one (ntcptarget) that was no longer needed - adds comments (cherry picked from commit 924651f1) (cherry picked from commit 55a7a458)
-
Witold Krecicki authored
tcp-clients settings could be exceeded in some cases by creating more and more active TCP clients that are over the set quota limit, which in the end could lead to a DoS attack by e.g. exhaustion of file descriptors. If TCP client we're closing went over the quota (so it's not attached to a quota) mark it as mortal - so that it will be destroyed and not set up to listen for new connections - unless it's the last client for a specific interface. (cherry picked from commit f97131d2) (cherry picked from commit 9689ffc4)
-
- 24 Apr, 2019 5 commits
-
-
Matthijs Mekking authored
Fix dnssec test intermittent failure related to kskonly bugfix See merge request !1858
-
Matthijs Mekking authored
In 9.11 there are some log messages not existing, but the tests rely on. Adjust the grep call that gives confidence the rollover step has occurred.
-
Matthijs Mekking authored
Key IDs may accidentally match dig output that is not the key ID (for example the RRSIG inception or expiration time, the query ID, ...). Search for key ID + signer name should prevent that, as that is what only should occur in the RRSIG record, and signer name always follows the key ID. (cherry picked from commit 83473b97)
-
Matthijs Mekking authored
Remove sleep calls from test, rely on wait_for_log(). Make wait_for_log() and dnssec_loadkeys_on() fail the test if the appropriate log line is not found. Slightly adjust the echo_i() lines to print only the key ID (not the key name). (cherry picked from commit 67f0635f)
-
Mark Andrews authored
Resolve "dlz_open_driver: fix build failure without dlfcn.h" See merge request !1855
-
- 23 Apr, 2019 9 commits
-
-
Mark Andrews authored
(cherry picked from commit 19e40981)
-
Mark Andrews authored
(cherry picked from commit eee80847)
-
Michał Kępień authored
[v9_11] Minor "nsupdate" system test tweaks See merge request !1849
-
Michał Kępień authored
One second may not be enough for an NSEC3 chain change triggered by an UPDATE message to complete. Wait up to 10 seconds when checking whether a given NSEC3 chain change is complete in the "nsupdate" system test. (cherry picked from commit f8746cdd)
-
Michał Kępień authored
In the "nsupdate" system test, do not sleep before checking results of changes which are expected to be processed synchronously, i.e. before nsupdate returns. (cherry picked from commit 1c8e5ea3)
-
Mark Andrews authored
Merge branch '962-bind-just-disables-gssapi-support-if-no-gssapi-krb5-headers-found-v9_11' into 'v9_11' Resolve "Bind just disables GSSAPI support if no GSSAPI/KRB5 headers found" See merge request !1843
-
Mark Andrews authored
(cherry picked from commit e420078c)
-
Mark Andrews authored
using 0 instead of false See merge request !1840
-
Mark Andrews authored
(cherry picked from commit da7f683a)
-
- 19 Apr, 2019 10 commits
-
-
Michał Kępień authored
[v9_11] Miscellaneous Windows system test fixes See merge request !1835
-
Michał Kępień authored
Make bin/tests/system/ifconfig.bat also configure addresses ending with 9 and 10, so that the script is in sync with its Unix counterpart. Update comments listing the interfaces created by ifconfig.{bat,sh} so that they do not include addresses whose last octet is zero (since an address like 10.53.1.0/24 is not a valid host address and thus the aforementioned scripts do not even attempt configuring them). (cherry picked from commit b6c1cdff)
-
Michał Kępień authored
On Windows, the bin/tests/system/dnssec/signer/example.db.signed file contains carriage return characters at the end of each line. Remove them before passing the aforementioned file to the awk script extracting key IDs so that the latter can work properly. (cherry picked from commit e4280ed9)
-
Michał Kępień authored
As signals are currently not handled by named on Windows, instances terminated using signals are not able to perform a clean shutdown, which involves e.g. removing the lock file. Thus, waiting for a given instance's lock file to be removed beforing assuming it is shut down is pointless on Windows, so do not even attempt it. (cherry picked from commit 761ba451)
-
Michał Kępień authored
[v9_11] win32: remove lock file upon shutdown See merge request !1833
-
Michał Kępień authored
5214. [bug] win32: named now removes its lock file upon shutdown. [GL #979] (cherry picked from commit e0484368)
-
Michał Kępień authored
Upon named shutdown, the lock file should not just be unlocked but also removed. (cherry picked from commit c506077d)
-
Michał Kępień authored
[v9_11] win32: fix service state reported during shutdown See merge request !1831
-
Michał Kępień authored
5213. [bug] win32: Eliminated a race which allowed named.exe running as a service to be killed prematurely during shutdown. [GL #978] (cherry picked from commit e7332343)
-
Michał Kępień authored
When a Windows service receives a request to stop, it should not set its state to SERVICE_STOPPED until it is completely shut down as doing that allows the operating system to kill that service prematurely, which in the case of named may e.g. prevent the PID file and/or the lock file from being cleaned up. Set service state to SERVICE_STOP_PENDING when named begins its shutdown and only report the SERVICE_STOPPED state immediately before exiting. (cherry picked from commit 964749df)
-