1. 19 May, 2020 1 commit
  2. 21 Apr, 2020 1 commit
    • Ondřej Surý's avatar
      Complete rewrite the BIND 9 build system · 978c7b2e
      Ondřej Surý authored
      The rewrite of BIND 9 build system is a large work and cannot be reasonable
      split into separate merge requests.  Addition of the automake has a positive
      effect on the readability and maintainability of the build system as it is more
      declarative, it allows conditional and we are able to drop all of the custom
      make code that BIND 9 developed over the years to overcome the deficiencies of
      autoconf + custom Makefile.in files.
      This squashed commit contains following changes:
      - conversion (or rather fresh rewrite) of all Makefile.in files to Makefile.am
        by using automake
      - the libtool is now properly integrated with automake (the way we used it
        was rather hackish as the only official way how to use libtool is via
      - the dynamic module loading was rewritten from a custom patchwork to libtool's
        libltdl (which includes the patchwork to support module loading on different
        systems internally)
      - conversion of the unit test executor from kyua to automake parallel driver
      - conversion of the system test executor from custom make/shell to automake
        parallel driver
      - The GSSAPI has been refactored, the custom SPNEGO on the basis that
        all major KRB5/GSSAPI (mit-krb5, heimdal and Windows) implementations
        support SPNEGO mechanism.
      - The various defunct tests from bin/tests have been removed:
        bin/tests/optional and bin/tests/pkcs11
      - The text files generated from the MD files have been removed, the
        MarkDown has been designed to be readable by both humans and computers
      - The xsl header is now generated by a simple sed command instead of
        perl helper
      - The <irs/platform.h> header has been removed
      - cleanups of configure.ac script to make it more simpler, addition of multiple
        macros (there's still work to be done though)
      - the tarball can now be prepared with `make dist`
      - the system tests are partially able to run in oot build
      Here's a list of unfinished work that needs to be completed in subsequent merge
      - `make distcheck` doesn't yet work (because of system tests oot run is not yet
      - documentation is not yet built, there's a different merge request with docbook
        to sphinx-build rst conversion that needs to be rebased and adapted on top of
        the automake
      - msvc build is non functional yet and we need to decide whether we will just
        cross-compile bind9 using mingw-w64 or fix the msvc build
      - contributed dlz modules are not included neither in the autoconf nor automake
  3. 21 Feb, 2020 1 commit
  4. 22 Jan, 2020 1 commit
    • Diego dos Santos Fronza's avatar
      Added test for the proposed fix · 7417b79c
      Diego dos Santos Fronza authored
      Added test to ensure that NXDOMAIN is returned when BIND is queried for a
      non existing domain in CH class (if a view of CHAOS class is configured)
      and that it also doesn't crash anymore in those cases.
  5. 06 Dec, 2019 1 commit
    • Michał Kępień's avatar
      Automatically run clean.sh from run.sh · d8905b7a
      Michał Kępień authored
      The first step in all existing setup.sh scripts is to call clean.sh.  To
      reduce code duplication and ensure all system tests added in the future
      behave consistently with existing ones, invoke clean.sh from run.sh
      before calling setup.sh.
  6. 04 Dec, 2019 3 commits
    • Diego dos Santos Fronza's avatar
      Improved prefetch disabled test code · 994fc2e8
      Diego dos Santos Fronza authored
      Using retry_quiet to test that prefetch is disabled instead of a
      standard loop with sleep 1 between each iteration.
    • Diego dos Santos Fronza's avatar
      Fix resolver tests: prefetch 40/41 · a711d6f8
      Diego dos Santos Fronza authored
      These two tests were failing basically because in order for prefetching to
      happen, the TTL for a given DNS record must be greater than or equal to
      the prefetch config value + 9.
      The previous TTL for both records was 10, while prefetch value in
      configuration was 3, thus making only records with TTL >= 12 elligible
      for prefetching.
      TTL value for both records was adjusted to the value 13, and prefetch
      value was set to 4 (inc by 1), so records with TTL (4 + 9) >= 13 are
      elligible for prefetching.
      Adjusting prefetch value to 4 gives the test 1 second more to avoid time
      problems when sharing resources on a heavy loaded PC.
      Also prefetch value in settings is now read by the script and used
      by it to corrrectly calculate the amount of time needed to delay before
      sending a request to trigger prefetch, adding a bit of flexibility to
      fine tune the test in the future.
    • Diego dos Santos Fronza's avatar
      Fix resolver test: prefetch disabled · dd524cc8
      Diego dos Santos Fronza authored
      The previous test had two problems:
      1. It wasn't written specifically for testing what it was supposed to:
      prefetch disabled.
      2. It could fail in some circunstances if the computer's load is too
      high, due to sleeps not taking parallel tests and cpu load into account.
      The new test is testing prefetch disabled as follows:
      1. It asks for a txt record for a given domain and takes note of the
      record's TTL (which is 10).
      2. It sleeps for (TTL - 5) = 5 seconds, having a window of 5 seconds to
      issue new queries before the record expires from cache.
      3. Three(3) queries are executed in a row, with a interval of 1 second
      between them, and for each query we verify that the TTL in response is
      less than the previous one, thus ensuring that prefetch is disabled (if
      it were enabled this record would have been refreshed already and TTL
      would be >= the first TTL).
      Having a window of 5 seconds to perform 3 queries with a interval of 1
      second between them gives the test a reasonable amount of time
      to not suffer from a machine with heavy load.
  7. 23 Nov, 2019 1 commit
    • Evan Hunt's avatar
      improve system tests · d484b66a
      Evan Hunt authored
      - increase prefetch test timing tolerance.
      - remove five-second pause and explicit connection closing in tcp test
        as they are no longer necessary.
  8. 15 Nov, 2019 1 commit
    • Evan Hunt's avatar
      use DS style trust anchors in all system tests · 54a682ea
      Evan Hunt authored
      this adds functions in conf.sh.common to create DS-style trust anchor
      files. those functions are then used to create nearly all of the trust
      anchors in the system tests.
      there are a few exceptions:
       - some tests in dnssec and mkeys rely on detection of unsupported
         algorithms, which only works with key-style trust anchors, so those
         are used for those tests in particular.
       - the mirror test had a problem with the use of a CSK without a
         SEP bit, which still needs addressing
      in the future, some of these tests should be changed back to using
      traditional trust anchors, so that both types will be exercised going
  9. 07 Nov, 2019 2 commits
    • Evan Hunt's avatar
      adjust system tests to deal with possible timing issues · 24510a1f
      Evan Hunt authored
      With the netmgr in use, named may start answering queries before zones
      are loaded. This can cause transient failures in system tests after
      servers are restarted or reconfigured. This commit adds retry loops
      and sleep statements where needed to address this problem.
      Also incidentally silenced a clang warning.
    • Evan Hunt's avatar
      convert ns_client and related objects to use netmgr · 53f0b6c3
      Evan Hunt authored
      - ns__client_request() is now called by netmgr with an isc_nmhandle_t
        parameter. The handle can then be permanently associated with an
        ns_client object.
      - The task manager is paused so that isc_task events that may be
        triggred during client processing will not fire until after the netmgr is
        finished with it. Before any asynchronous event, the client MUST
        call isc_nmhandle_ref(client->handle), to prevent the client from
        being reset and reused while waiting for an event to process. When
        the asynchronous event is complete, isc_nmhandle_unref(client->handle)
        must be called to ensure the handle can be reused later.
      - reference counting of client objects is now handled in the nmhandle
        object.  when the handle references drop to zero, the client's "reset"
        callback is used to free temporary resources and reiniialize it,
        whereupon the handle (and associated client) is placed in the
        "inactive handles" queue.  when the sysstem is shutdown and the
        handles are cleaned up, the client's "put" callback is called to free
        all remaining resources.
      - because client allocation is no longer handled in the same way,
        the '-T clienttest' option has now been removed and is no longer
        used by any system tests.
      - the unit tests require wrapping the isc_nmhandle_unref() function;
        when LD_WRAP is supported, that is used. otherwise we link a
        libwrap.so interposer library and use that.
  10. 26 Sep, 2019 1 commit
  11. 30 Aug, 2019 1 commit
  12. 28 Aug, 2019 1 commit
  13. 31 Jul, 2019 1 commit
  14. 05 Jun, 2019 1 commit
  15. 09 May, 2019 1 commit
  16. 03 Apr, 2019 1 commit
    • Michał Kępień's avatar
      Do not rely on default dig options in system tests · b6cce0fb
      Michał Kępień authored
      Some system tests assume dig's default setings are in effect.  While
      these defaults may only be silently overridden (because of specific
      options set in /etc/resolv.conf) for BIND releases using liblwres for
      parsing /etc/resolv.conf (i.e. BIND 9.11 and older), it is arguably
      prudent to make sure that tests relying on specific +timeout and +tries
      settings specify these explicitly in their dig invocations, in order to
      prevent test failures from being triggered by any potential changes to
      current defaults.
  17. 01 Mar, 2019 1 commit
    • Michał Kępień's avatar
      Fix IP regex used in the "resolver" system test · 70ae48e5
      Michał Kępień authored
      If dots are not escaped in the "" regular expressions used for
      checking whether IP address is present in the tested resolver's
      answers, a COOKIE that matches such a regular expression will trigger a
      false positive for the "resolver" system test.  Properly escape dots in
      the aforementioned regular expressions to prevent that from happening.
  18. 28 Feb, 2019 1 commit
    • Michał Kępień's avatar
      Call clean.sh from all relevant setup.sh scripts · a077a3ae
      Michał Kępień authored
      For all system tests utilizing named instances, call clean.sh from each
      test's setup.sh script in a consistent way to make sure running the same
      system test multiple times using run.sh does not trigger false positives
      caused by stale files created by previous runs.
      Ideally we would just call clean.sh from run.sh, but that would break
      some quirky system tests like "rpz" or "rpzrecurse" and being consistent
      for the time being does not hurt.
  19. 29 Jan, 2019 1 commit
  20. 19 Dec, 2018 1 commit
  21. 31 Oct, 2018 1 commit
  22. 23 Oct, 2018 2 commits
    • Witold Krecicki's avatar
      Make resolver tests more civilized · 0246ea14
      Witold Krecicki authored
    • Witold Krecicki's avatar
      Set result to SERVFAIL if upstream responded with FORMERR · b5c9a8ca
      Witold Krecicki authored
      Commit ba912435 causes the resolver to
      respond to a client query with FORMERR when all upstream queries sent to
      the servers authoritative for QNAME elicit FORMERR responses.  This
      happens because resolver code returns DNS_R_FORMERR in such a case and
      dns_result_torcode() acts as a pass-through for all arguments which are
      already a valid RCODE.
      The correct RCODE to set in the response returned to the client in the
      case described above is SERVFAIL.  Make sure this happens by overriding
      the RCODE in query_gotanswer(), on the grounds that any format errors in
      the client query itself should be caught long before execution reaches
      that point.  This change should not reduce query error logging accuracy
      as the resolver code itself reports the exact reason for returning a
      DNS_R_FORMERR result using log_formerr().
  23. 31 Aug, 2018 2 commits
  24. 22 Aug, 2018 1 commit
    • Michał Kępień's avatar
      Do not treat a referral with a non-empty ANSWER section as an error · 24b9ec55
      Michał Kępień authored
      As part of resquery_response() refactoring [1], a goto statement was
      replaced [2] with a call to a new function - originally called
      rctx_delegation(), now folded into rctx_answer_none() - extracted from
      existing code.  However, one call site of that refactored function does
      not reset the "result" variable, causing a referral with a non-empty
      ANSWER section to be inadvertently treated as an error, which prevents
      resolution of names reliant on servers sending such responses.  Fix by
      resetting the "result" variable to ISC_R_SUCCESS when a response
      containing a non-empty ANSWER section can be treated as a delegation.
      [1] see RT #45362
      [2] see commit e1380a16741a3b4a57e54d7a9ce09dd12691522f
  25. 08 Aug, 2018 1 commit
  26. 19 Jul, 2018 1 commit
  27. 17 Jul, 2018 3 commits
  28. 10 Jul, 2018 1 commit
    • Michał Kępień's avatar
      Fix a Net::DNS version quirk in the "resolver" system test · 6c3c6aea
      Michał Kępień authored
      Net::DNS versions older than 0.68 insert a ./ANY RR into the QUESTION
      section if the latter is empty.  Since the latest Net::DNS version
      available with stock RHEL/CentOS 6 packages is 0.65 and we officially
      support that operating system, bin/tests/system/resolver/ans8/ans.pl
      should behave consistently for various Net::DNS versions.  Ensure that
      by making handleUDP() return the query ID and flags generated by
      Net::DNS with 8 zero bytes appended.
  29. 13 Jun, 2018 1 commit
  30. 12 Jun, 2018 2 commits
  31. 31 May, 2018 1 commit
    • Evan Hunt's avatar
      update system tests so validation won't fail when using IANA key · a7a2fa29
      Evan Hunt authored
      - all tests with "recursion yes" now also specify "dnssec-validation yes",
        and all tests with "recursion no" also specify "dnssec-validation no".
        this must be maintained in all new tests, or else validation will fail
        when we use local root zones for testing.
      - clean.sh has been modified where necessary to remove managed-keys.bind
        and viewname.mkeys files.
  32. 16 May, 2018 1 commit