BIND issueshttps://gitlab.isc.org/isc-projects/bind9/-/issues2018-03-08T10:16:40Zhttps://gitlab.isc.org/isc-projects/bind9/-/issues/76Setup a GitLab CI check for up-to-date copyright year2018-03-08T10:16:40ZOndřej SurýSetup a GitLab CI check for up-to-date copyright yearA GitLab CI check should fire before running the build to check whether all files are properly copyrighted. This would involve running `util/merge_copyrights` and bailing out when `util/copyrights` and `util/newcopyrights` differ.
This...A GitLab CI check should fire before running the build to check whether all files are properly copyrighted. This would involve running `util/merge_copyrights` and bailing out when `util/copyrights` and `util/newcopyrights` differ.
This will need to be merged to `9.11+` branches.Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/77Post GPG keys in a machine readable format.2018-05-23T10:12:02ZGhost UserPost GPG keys in a machine readable format.This is only partly a BIND issue, but I didn't want to email security-officer@.
The GPG ISC Code Signing keys used to be posted at: wget https://www.isc.org/files/pgpkey*.txt (e.g: wget https://www.isc.org/files/pgpkey2009.txt) - this w...This is only partly a BIND issue, but I didn't want to email security-officer@.
The GPG ISC Code Signing keys used to be posted at: wget https://www.isc.org/files/pgpkey*.txt (e.g: wget https://www.isc.org/files/pgpkey2009.txt) - this was useful.
Now it seems that the key is only buried in the HTML at https://www.isc.org/downloads/software-support-policy/openpgp-key/
Can the key please be reposted at e.g: https://www.isc.org/files/pgpkey2017.txt ? Scraping it from the HTML is icky. Yes.I get the irony of fetching the package src from ftp, and validating it with the key from https://, but it's better than not validating it at all :-)Cathy AlmondCathy Almondhttps://gitlab.isc.org/isc-projects/bind9/-/issues/78dig domainname not returning ips2018-02-19T21:08:27ZGhost Userdig domainname not returning ipsdig domainname
On Fedora 27
result
`
; <<>> DiG 9.11.2-P1-RedHat-9.11.2-1.P1.fc27 <<>> domainname
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 59086
;; flags: qr rd; QUERY: 1, ANSWER: 0, AU...dig domainname
On Fedora 27
result
`
; <<>> DiG 9.11.2-P1-RedHat-9.11.2-1.P1.fc27 <<>> domainname
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: FORMERR, id: 59086
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
; COOKIE: d445b5c0309825e4 (echoed)
;; QUESTION SECTION:
;domainname. IN A
;; Query time: 0 msec
;; SERVER: 192.168.0.1#53(192.168.0.1)
;; WHEN: Mon Feb 19 10:55:36 MST 2018
;; MSG SIZE rcvd: 53
`
same command on ubuntu 16.04
`
; <<>> DiG 9.10.3-P4-Ubuntu <<>> domainname
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 10164
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4000
;; QUESTION SECTION:
;domainname. IN A
;; ANSWER SECTION:
domainname. 600 IN A 192.168.0.1
domainname. 600 IN A 192.168.0.2
domainname. 600 IN A 192.168.0.3
;; Query time: 0 msec
;; SERVER: 127.0.1.1#53(127.0.1.1)
;; WHEN: Mon Feb 19 10:53:41 MST 2018
;; MSG SIZE rcvd: 89
`
nslookup domainname lists the IPs.
What is going on?
Interesting. I have one dc that is 2012R2 the other two are 2008R2
if I "dig domainname @2012DC"
I get IPs
if I dig against my other two I do not.
on ubuntu I get IPs against all 3 DCshttps://gitlab.isc.org/isc-projects/bind9/-/issues/79Add working directory to example in doc/dev/dev.md2018-03-19T22:21:25ZGhost UserAdd working directory to example in doc/dev/dev.mdAdd missing working directory to example in doc/dev/dev.md, as it is usually not set in path.
(This is my gitlab test ticket.)Add missing working directory to example in doc/dev/dev.md, as it is usually not set in path.
(This is my gitlab test ticket.)BIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/80Use event loops in task manager2019-05-11T16:30:09ZGhost UserUse event loops in task managerIn named on unix built with threads enabled, there are a variety of threads:
The main named thread is an isc_app which sleeps once startup completes, and essentially waits for shutdown to occur at some later time. Typically, the app t...In named on unix built with threads enabled, there are a variety of threads:
The main named thread is an isc_app which sleeps once startup completes, and essentially waits for shutdown to occur at some later time. Typically, the app thread waits for SIGTERM, and another thread sends this signal using pthread_kill(). As part of startup, named creates an isc_taskmgr and sets up the system so that events flow to the thread pool.
named creates an isc_taskmgr during startup which is a thread pool. It contains as many threads as processors (by default). The thread pool in isc_taskmgr is used for all processing within named. Work distribution to threads is done via isc_event lists and synchronization occurs using condition variable + mutex. The actual work is dispatched using isc_event structs, which basically results in a callback to an action function with a void* within the worker thread that processes the event. A task is a queue of events. Events are delivered to action callback functions, and a grouping of such events / callback functions is called a isc_task such that only one event of a task may be executing at a time within the thread pool (task manager). So you could say that tasks sequence related callbacks (delivered by events) of a particular activity with mutual exclusion among them.
An isc_timermgr creates a thread that waits for timer events to occur. The timer manager maintains various timers in a heap structure. The thread waits for the next timeout using pthread_cond_timedwait(). When a timeout occurs, it dispatches it as an event to a callback function to be run in the main thread pool (task manager).
An isc_socketmgr creates a single socket listening thread which handles listening for events from all network sockets. Any network IO events are handled first by this thread. This thread uses an event loop (select/epoll_wait/kevent/etc.) to watch the registered sockets for activity, and when a socket is ready for read or writing the following occurs:
* with read as example, the listening thread via process_fd() -> dispatch_recv() sends an event to internal_recv() run under client task indicating the socket is ready for reading, and then turns off the socket for monitoring read indication in the listening thread (i.e., it is no longer listening for such an event on that socket).
* the client task receives the event in internal_recv() within the thread pool and reads on the socket. Then, the read buffer is again sent via an event to the originally provided action callback within the client task (e.g., to ns__client_request()). If more read requests are requested by calling code for the socket, internal_recv() turns on the socket for monitoring the read indication in the listening thread.
With this description, the following can be noted:
* a single incoming message requires switching from A->B->C threads so far (at least 2 context switches).
* Currently a isc_taskmgr's worker thread waits for work by calling pthread_cond_wait(). When the condvar is signaled, the thread unblocks and goes to look for work. The worker thread cannot monitor descriptors for work to be done. By using condition variable + mutex synchronization, the threadpool is unsuitable for monitoring descriptors directly, so if one were to want to bind to the port from multiple threads using SO_REUSEPORT, it would need another pool of threads that run event loops, and still would not avoid context switches for processing.
What is needed then, is for the main thread pool to be converted, so individual threads use event loops so that they can monitor for a variety of events:
* work to be sent to the threads
* ready indications on sockets
* timer timeouts firing
... and synchronously process them within the same thread as much as possible.
(Add notes about sending too)https://gitlab.isc.org/isc-projects/bind9/-/issues/81shorten allow_query system test2020-01-05T16:13:28ZEvan Huntshorten allow_query system testThis test takes a long time because the name server needs to be reconfigured fifty-odd times with different combinations of allow-query ACLs. Between each reconfiguration we sleep for a few seconds.
I propose instead setting up ns1 thor...This test takes a long time because the name server needs to be reconfigured fifty-odd times with different combinations of allow-query ACLs. Between each reconfiguration we sleep for a few seconds.
I propose instead setting up ns1 thorugh ns8, each of which would have eight views, listening for different source addresses. If you send a query from 10.53.0.1->10.53.0.1 you get one configuration; 10.53.0.1->10.53.0.2 gets a different one, and so forth up to 10.53.0.8->10.53.0.8. This would give us 64 configurations we can test without having to reconfigure and sleep, and probably reduce the runtime to a few seconds.BIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/82cacheclean test is not robust.2018-03-19T22:19:05ZMark Andrewscacheclean test is not robust.sed -n '/plain success\/timeout/,/Unassociated entries/p' ns2/named_dump.db.$n.b
should be checked that it contains both the start and end lines. Similarly for ns2/named_dump.db.$n.ased -n '/plain success\/timeout/,/Unassociated entries/p' ns2/named_dump.db.$n.b
should be checked that it contains both the start and end lines. Similarly for ns2/named_dump.db.$n.aBIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/83Convert docbook to md/rst2021-07-12T08:28:23ZOndřej SurýConvert docbook to md/rstA placeholder issue to convert the documentation from docbook to a human readable format.A placeholder issue to convert the documentation from docbook to a human readable format.June 2020 (9.11.20, 9.11.20-S1, 9.16.4, 9.17.2)https://gitlab.isc.org/isc-projects/bind9/-/issues/84Crash at shutdown in rpz.c2020-06-18T11:31:48ZTony FinchCrash at shutdown in rpz.cAfter running `rndc stop` shortly after starting the server,
```
2018-02-21.12:58:47.215 general: critical: rpz.c:2202: REQUIRE(rpz != ((void *)0)) failed
2018-02-21.12:58:47.215 general: critical: exiting (due to assertion failure)
```...After running `rndc stop` shortly after starting the server,
```
2018-02-21.12:58:47.215 general: critical: rpz.c:2202: REQUIRE(rpz != ((void *)0)) failed
2018-02-21.12:58:47.215 general: critical: exiting (due to assertion failure)
```
```
#0 0x00007fc47dcc2067 in __GI_raise (sig=sig@entry=6)
at ../nptl/sysdeps/unix/sysv/linux/raise.c:56
#1 0x00007fc47dcc3448 in __GI_abort () at abort.c:89
#2 0x000055ad8a459439 in assertion_failed (file=0x55ad8a6e0e8f "rpz.c", line=2202,
type=2325208112, cond=0x55ad8a6e0efa "rpz != ((void *)0)") at ./main.c:248
#3 0x000055ad8a64f9ba in isc_assertion_failed (
file=file@entry=0x55ad8a6e0e8f "rpz.c", line=line@entry=2202,
type=type@entry=isc_assertiontype_require,
cond=cond@entry=0x55ad8a6e0efa "rpz != ((void *)0)") at assertions.c:49
#4 0x000055ad8a5bc932 in dns_rpz_add (rpzs=0x7fc470200500, rpz_num=2 '\002',
src_name=<optimized out>) at rpz.c:2202
#5 0x000055ad8a5bd08b in update_quantum (task=0x5045, event=0x0) at rpz.c:1914
#6 0x000055ad8a676177 in dispatch (manager=0x7fc47f89f010) at task.c:1138
#7 run (uap=0x7fc47f89f010) at task.c:1310
#8 0x00007fc47e3a7064 in start_thread (arg=0x7fc47a72c700) at pthread_create.c:309
#9 0x00007fc47dd7562d in clone () at ../sysdeps/unix/sysv/linux/x86_64/clone.S:111
```
I have not investigated this in any detail yet - I'll add more info to this issue if/when I have it.BIND 9.15.xMichał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/87Implement a upstream version check a startup2021-10-04T12:24:48ZOndřej SurýImplement a upstream version check a startupThe BIND would have an option to issue a special query to predefined server(s) to check whether a new upstream version is available and the recommended course of action (CRITICAL, RECOMMENDED, MINOR upgrade).
There's a similar feature i...The BIND would have an option to issue a special query to predefined server(s) to check whether a new upstream version is available and the recommended course of action (CRITICAL, RECOMMENDED, MINOR upgrade).
There's a similar feature in PowerDNS and Knot DNS servers.
The option would be enabled for builds from the source, and disabled for pre-packaged builds.Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/88Make all BIND libraries private2021-10-05T10:13:20ZOndřej SurýMake all BIND libraries privateBIND currently exports number of libraries, but there's virtually no external projects that we are aware of that would be using those libraries. Keeping the ABI and API stable is big burden, and we are exploring possibility of merging a...BIND currently exports number of libraries, but there's virtually no external projects that we are aware of that would be using those libraries. Keeping the ABI and API stable is big burden, and we are exploring possibility of merging all the libraries into a tightly-coupled private library that wouldn't be used outside of BIND (and tools) effectively making those libraries private.
The BIND 9.13/9.14 would be the first release that would drop the libraries.
The BIND 9.11 ESV would keep those libraries until 2022, so any external users would have enough time to migrate to other DNS libraries.
Known external users of libisc and friends:
* ISC DHCP (will continue using BIND 9.11 libraries)
* dnsperf (either use BIND 9.11 libraries, or make it ISC project)October 2021 (9.11.36, 9.11.36-S1, 9.16.22, 9.16.22-S1, 9.17.19)https://gitlab.isc.org/isc-projects/bind9/-/issues/89New Geolocation protocol with greater privacy protection for end user2021-10-04T12:26:02ZVicky Riskvicky@isc.orgNew Geolocation protocol with greater privacy protection for end userCan we try to design a new way to specify the end-users geographic location, for purposes of sending them to an efficient, local content source (as an alternative to EDNS client-subnet-identifier)?
Goals
* Provide authority with informa...Can we try to design a new way to specify the end-users geographic location, for purposes of sending them to an efficient, local content source (as an alternative to EDNS client-subnet-identifier)?
Goals
* Provide authority with information about client geography suitable for routing purposes
* Minimize excessive cache bloating by only carving out caches at a level of specificity actually useful for content routing
* Avoid identifying the client by IP address or other specific identifier (preserving privacy)
Ideas
* The resolver could tag the query with a geo location, rather than forwarding client ID to the authority
* We could consider using the LOC rr (type 29)
* The IATA code (closest airport) is probably granular enough for content routing
* Adding the AS of the network the user is on might also be relevant and useful
We should discuss with the other open source DNS developers, perhaps in our usual get-together at the next IETFNot plannedhttps://gitlab.isc.org/isc-projects/bind9/-/issues/90remove "I:check flushtree clears adb correctly" from cacheclean in BIND 9.92018-02-22T13:06:41ZMark Andrewsremove "I:check flushtree clears adb correctly" from cacheclean in BIND 9.9The functionality to support this was only added in 9.10.0The functionality to support this was only added in 9.10.0BIND-9.9.13Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/issues/91complete the conversion of system tests to parallel2018-03-19T22:18:55ZEvan Huntcomplete the conversion of system tests to parallelThis is mostly done in the branch parallel-tests. On my system using four processors, system tests now complete in a little over four minutes. There are a couple of trivial tests remaining to convert (ecdsa, eddsa, gost), and I'll do a s...This is mostly done in the branch parallel-tests. On my system using four processors, system tests now complete in a little over four minutes. There are a couple of trivial tests remaining to convert (ecdsa, eddsa, gost), and I'll do a squash rebase before I put in a merge request.BIND-9.13.0Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/92Add Release Note about the fix for dnstap output file rolling2018-03-19T22:21:34ZOndřej SurýAdd Release Note about the fix for dnstap output file rolling@vicky wrote in !21:
> There is no release note about this in the 9.12.1 RC - can we please mention that this is fixed? I think there were users who noticed it was broken in 9.12.0 who will be wondering if it is now fixed. https://bugs...@vicky wrote in !21:
> There is no release note about this in the 9.12.1 RC - can we please mention that this is fixed? I think there were users who noticed it was broken in 9.12.0 who will be wondering if it is now fixed. https://bugs.isc.org/Public/Bug/Display.html?id=46942BIND-9.13.0Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/issues/93Drop seccomp support [RT #46729]2018-03-19T22:18:59ZOndřej SurýDrop seccomp support [RT #46729]This ticket proposes complete removal of seccomp support from BIND
source code due to a number of issues with both seccomp itself and the
way it is implemented in BIND. Removal is planned to be announced in
BIND 9.12.0 release notes and ...This ticket proposes complete removal of seccomp support from BIND
source code due to a number of issues with both seccomp itself and the
way it is implemented in BIND. Removal is planned to be announced in
BIND 9.12.0 release notes and then performed in the next .0 release.
The reasons for suggesting removal of seccomp support from BIND are:
- Compiling an exhaustive list of system calls which should be
whitelisted is very tricky for a piece of software as complex as
BIND; while an application needs to declare a complete whitelist of
system calls which need to be allowed, it cannot assume anything
about what system calls libc is going to use in response to the
standard C library calls issued (see e.g. open() vs. openat(),
setrlimit() vs. prlimit()).
- Alternative mechanisms for achieving the same kind of protection
exist, e.g. SELinux or AppArmor. Fine-tuning policies enforced by
those mechanisms does not require any changes to be introduced into
BIND's source code.
- For threaded builds of BIND, seccomp is implemented in a way which
provides virtually no extra protection as the only thread which is
protected using seccomp is the main thread which waits for libisc to
exit its main loop; worker threads are not protected at all because
seccomp is initialized after worker threads are spawned. However,
this causes odd system test issues e.g. due to named getting killed
by SIGSYS after it logs an "exiting" message, but before it gets a
chance to clean up its lock file and PID file.
- For non-threaded builds of BIND, we are currently whitelisting over
60 systems calls, including open(), read(), write(), close(),
mmap(), chdir() and unlink(). These system calls alone are enough
for potential exploits to wreak havoc in the system, so such
protection arguably does not limit the attack surface significantly.
- Considering planned implementation of hooks and enabling external
hook modules to be loaded at runtime, either users will potentially
need to locally update the seccomp system call whitelist if their
module is going to use anything not currently on the list or we will
need to provide hook modules with a way of adding extra system calls
to the whitelist. Both of these options would further limit
seccomp's usefulness.
[NOTE: Not copying the other conversation from RT, it could be looked up there.]BIND-9.13.0Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/94Replace idnkit-1 support with idnkit-2 support (or drop it)2018-03-19T22:14:18ZOndřej SurýReplace idnkit-1 support with idnkit-2 support (or drop it)Currently, BIND doesn't compile with idnkit-2:
```
host.c:20:10: fatal error: 'idn/result.h' file not found
#include <idn/result.h>
^~~~~~~~~~~~~~
dighost.c:30:10: fatal error: 'idn/result.h' file not found
#include <idn/result...Currently, BIND doesn't compile with idnkit-2:
```
host.c:20:10: fatal error: 'idn/result.h' file not found
#include <idn/result.h>
^~~~~~~~~~~~~~
dighost.c:30:10: fatal error: 'idn/result.h' file not found
#include <idn/result.h>
^~~~~~~~~~~~~~
1 error generated.
```
and for IDNA2008 support, we need to either add support for [idnkit-2](https://jprs.co.jp/idn/index-e.html) or drop idnkit-1 support and leave only libidn2 support (!56). The only reason why to keep idnkit-2 would be the licensing. idnkit-2 is licensed under custom JPRS BSD-like (with additional restrictions) license, and libidn2 is LGPL3+ (for our purposes) licensed.BIND-9.13.0https://gitlab.isc.org/isc-projects/bind9/-/issues/95dyndb system test fails intermittently2018-02-23T22:52:07ZOndřej Surýdyndb system test fails intermittentlyThree failures have been observed so far:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/1603
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/2081
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/2082
```
S:dyndb:Thu Feb 22 12...Three failures have been observed so far:
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/1603
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/2081
* https://gitlab.isc.org/isc-projects/bind9/-/jobs/2082
```
S:dyndb:Thu Feb 22 12:21:06 UTC 2018
T:dyndb:1:A
A:dyndb:System test dyndb
I:dyndb:PORTRANGE:5300 - 5399
I:adding test1.ipv4.example.nil. A 10.53.0.10 (1)
I:adding test2.ipv4.example.nil. A 10.53.0.11 (2)
I:adding test3.ipv4.example.nil. A 10.53.0.12 (3)
I:adding test4.ipv6.example.nil. AAAA 2001:db8::1 (4)
I:deleting test1.ipv4.example.nil. A (was 10.53.0.10) (5)
I:deleting test2.ipv4.example.nil. A (was 10.53.0.11) (6)
I:deleting test3.ipv4.example.nil. A (was 10.53.0.12) (7)
I:deleting test4.ipv6.example.nil. AAAA (was 2001:db8::1) (8)
I:checking parameter logging (9)
I:checking dyndb still works after reload
I:ns1 server reload successful
I:adding test5.ipv4.example.nil. A 10.53.0.10 (10)
I:adding test6.ipv6.example.nil. AAAA 2001:db8::1 (11)
I:deleting test5.ipv4.example.nil. A (was 10.53.0.10) (12)
I:deleting test6.ipv6.example.nil. AAAA (was 2001:db8::1) (13)
I:exit status: 1
R:dyndb:FAIL
E:dyndb:Thu Feb 22 12:21:11 UTC 2018
```
Repacked artifacts (removed .o, .a and .libs) from the first failure attached: [dyndb-artifacts.tar.xz](/uploads/70ad65f49760afedb72f03d53ee14231/dyndb-artifacts.tar.xz)BIND-9.13.0Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/issues/96Update contributors guide and move it at top level, so it's recognised by GitLab2018-03-01T14:26:20ZOndřej SurýUpdate contributors guide and move it at top level, so it's recognised by GitLabGitLab can recognise file called `CONTRIBUTING.md` at the top level, we should move `doc/dev/contrib.md` to this more visible place and update it with up-to-date information.GitLab can recognise file called `CONTRIBUTING.md` at the top level, we should move `doc/dev/contrib.md` to this more visible place and update it with up-to-date information.Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/issues/97Windows version of BIND failing to build2018-03-19T22:18:33ZStephen MorrisWindows version of BIND failing to buildThe Windows build of master has just started failing with the following error:
```
libisc.def : error LNK2001: unresolved external symbol isc_net_aton [c:\cygwin64\home\jenkins\workspace\bind9-master-win2012-x64-systests\lib\isc\win32\l...The Windows build of master has just started failing with the following error:
```
libisc.def : error LNK2001: unresolved external symbol isc_net_aton [c:\cygwin64\home\jenkins\workspace\bind9-master-win2012-x64-systests\lib\isc\win32\libisc.vcxproj]
.\Release\libisc.lib : fatal error LNK1120: 1 unresolved externals [c:\cygwin64\home\jenkins\workspace\bind9-master-win2012-x64-systests\lib\isc\win32\libisc.vcxproj]
```
When fixing that, consideration should also be given to fixing a warning reported in the build:
` ..\random.c(391): warning C4267: '-=' : conversion from 'size_t' to 'int', possible loss of data [c:\cygwin64\home\jenkins\workspace\bind9-master-win2012-x64-systests\lib\isc\win32\libisc.vcxproj]`BIND-9.13.0Ondřej SurýOndřej Surý