Skip to content

xfer-in don't promote expiration timestamp

Summary

successull ixfr-in don't promote expiration timestamp

BIND version used

BIND 9.20.3 (Stable Release) <id:>
running on FreeBSD amd64 14.1-RELEASE-p5 FreeBSD 14.1-RELEASE-p5 GENERIC
built by make with '--localstatedir=/var' '--sysconfdir=/usr/local/etc/namedb' '--with-libxml2' '--with-openssl=/usr' '--enable-dnsrps' '--with-readline=libedit' '--disable-tracing' '--enable-dnstap' '--disable-fixed-rrset' '--disable-geoip' '--without-maxminddb' '--without-gssapi' '--with-libidn2=/usr/local' '--with-json-c' '--disable-largefile' '--with-lmdb=/usr/local' '--disable-querytrace' '--enable-tcp-fastopen' '--prefix=/usr/local' '--mandir=/usr/local/share/man' '--disable-silent-rules' '--infodir=/usr/local/share/info/' '--build=amd64-portbld-freebsd14.1' 'build_alias=amd64-portbld-freebsd14.1' 'CC=cc' 'CFLAGS=-O2 -pipe -DLIBICONV_PLUG -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing ' 'LDFLAGS= -L/usr/local/lib -ljson-c -fstack-protector-strong ' 'LIBS=-L/usr/local/lib' 'CPPFLAGS=-DLIBICONV_PLUG -isystem /usr/local/include' 'CPP=cpp' 'PKG_CONFIG=pkgconf' 'PKG_CONFIG_LIBDIR=/home/bag/work-bind/usr/home/bag/work/dns/bind9-20-3/work/.pkgconfig:/usr/local/libdata/pkgconfig:/usr/local/share/pkgconfig:/usr/libdata/pkgconfig'
compiled by CLANG FreeBSD Clang 18.1.5 (https://github.com/llvm/llvm-project.git llvmorg-18.1.5-0-g617a15a9eac9)
compiled with OpenSSL version: OpenSSL 3.0.13 30 Jan 2024
linked to OpenSSL version: OpenSSL 3.0.13 30 Jan 2024
compiled with libuv version: 1.48.0
linked to libuv version: 1.48.0
compiled with liburcu version: 0.14.0
compiled with system jemalloc version: 2020110501
compiled with libnghttp2 version: 1.63.0
linked to libnghttp2 version: 1.63.0
compiled with libxml2 version: 2.11.9
linked to libxml2 version: 21109
compiled with json-c version: 0.18
linked to json-c version: 0.18
compiled with zlib version: 1.3.1
linked to zlib version: 1.3.1
compiled with protobuf-c version: 1.4.1
linked to protobuf-c version: 1.4.1
threads support is enabled
DNSSEC algorithms: RSASHA1 NSEC3RSASHA1 RSASHA256 RSASHA512 ECDSAP256SHA256 ECDSAP384SHA384 ED25519 ED448
DS algorithms: SHA-1 SHA-256 SHA-384
HMAC algorithms: HMAC-MD5 HMAC-SHA1 HMAC-SHA224 HMAC-SHA256 HMAC-SHA384 HMAC-SHA512
TKEY mode 2 support (Diffie-Hellman): no
TKEY mode 3 support (GSS-API): no

default paths:
named configuration: /usr/local/etc/namedb/named.conf
rndc configuration: /usr/local/etc/namedb/rndc.conf
nsupdate session key: /var/run/named/session.key
named PID file: /var/run/named/pid

Steps to reproduce

Set up the primary and secondary server with ixfr style zone transfers.

Perform the first zone transfer. Check timestamp (mtime) of zonefile at secondary server.

Wait for a while.

Update serial on the primary server and check timestamp (mtime) of zonefile at secondary server after succesfull zone xfer -> timestamp isn't updated

What is the current bug behavior?

Timestamp of zonefile at secondary server is used for zone expiration calculation. But it not updated after succesfull zone xfer-in.

What is the expected correct behavior?

Timestamp should be promoted.

Relevant configuration files

Relevant logs and/or screenshots

25-Oct-2024 14:04:22.623 xfer-in: info: zone hostmaster.ua/IN: notify from yyyy:yyyy:yyyy::234#36938: serial 2024102500
25-Oct-2024 14:04:22.643 xfer-in: info: zone hostmaster.ua/IN: Transfer started.
25-Oct-2024 14:04:22.663 xfer-in: info: 0x37abf0616000: transfer of 'hostmaster.ua/IN' from yyyy:yyyy:yyyy::234#53: connected using yyyy:yyyy:yyyy::234#53 TSIG xfr-key-name
25-Oct-2024 14:04:22.783 xfer-in: info: zone hostmaster.ua/IN: transferred serial 2024102500: TSIG 'xfr-key-name'
25-Oct-2024 14:04:22.783 xfer-in: info: 0x37abf0616000: transfer of 'hostmaster.ua/IN' from yyyy:yyyy:yyyy::234#53: Transfer status: success
25-Oct-2024 14:04:22.783 xfer-in: info: 0x37abf0616000: transfer of 'hostmaster.ua/IN' from yyyy:yyyy:yyyy::234#53: Transfer completed: 8 messages, 1334 records, 129024 bytes, 0.119 secs (1084235 bytes/sec) (serial 2024102500)

> ls -laF hostmaster.ua*
-rw-r--r--  1 bind bind  218670 Oct 22 14:21 hostmaster.ua
-rw-r--r--  1 bind bind 6488237 Oct 22 14:21 hostmaster.ua.jnl

Possible fixes

It seems that wrong timestamp calculation is here:

https://gitlab.isc.org/isc-projects/bind9/-/blame/main/lib/dns/zone.c?ref_type=heads#L11966

https://gitlab.isc.org/isc-projects/bind9/-/blame/main/lib/dns/zone.c?ref_type=heads#L17924

Edited by Andrey Blokhintsev
To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information