BIND merge requestshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests2021-11-09T09:54:52Zhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5563Remove obsolete PYTHONPATH setting from .gitlab-ci.yaml2021-11-09T09:54:52ZPetr Špačekpspacek@isc.orgRemove obsolete PYTHONPATH setting from .gitlab-ci.yamlDecember 2021 (9.16.24, 9.16.24-S1, 9.17.21)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5564Automatically cancel CI jobs on outdated branches [v9_16]2021-11-09T12:09:41ZPetr Špačekpspacek@isc.orgAutomatically cancel CI jobs on outdated branches [v9_16]Backport of MR !5558Backport of MR !5558December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5558Automatically cancel CI jobs on outdated branches2021-11-09T13:35:13ZPetr Špačekpspacek@isc.orgAutomatically cancel CI jobs on outdated branchesDecember 2021 (9.16.24, 9.16.24-S1, 9.17.21)Petr Špačekpspacek@isc.orgPetr Špačekpspacek@isc.orghttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5581Merge 9.17.20 release branch2021-11-18T08:14:41ZMichał KępieńMerge 9.17.20 release branchDecember 2021 (9.16.24, 9.16.24-S1, 9.17.21)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5582Merge 9.16.23 release branch2021-11-18T08:29:15ZMichał KępieńMerge 9.16.23 release branchDecember 2021 (9.16.24, 9.16.24-S1, 9.17.21)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5586Fix handling of mismatched responses past timeout2021-11-24T08:20:23ZMichał KępieńFix handling of mismatched responses past timeoutWhen a UDP dispatch receives a mismatched response, it checks whether
there is still enough time to wait for the correct one to arrive before
the timeout fires. If there is not, the result code is set to
ISC_R_TIMEDOUT, but it is not su...When a UDP dispatch receives a mismatched response, it checks whether
there is still enough time to wait for the correct one to arrive before
the timeout fires. If there is not, the result code is set to
ISC_R_TIMEDOUT, but it is not subsequently used anywhere as 'response'
is set to NULL a few lines earlier. This results in the higher-level
read callback (resquery_response() in case of resolver code) not being
called. However, shortly afterwards, a few levels up the call chain,
isc__nm_udp_read_cb() calls isc__nmsocket_timer_stop() on the dispatch
socket, effectively disabling read timeout handling. Combined with the
fact that reading is not restarted in such a case (e.g. by calling
dispatch_getnext() from udp_recv()), this leads to the higher-level
query structure remaining referenced indefinitely because the dispatch
socket it uses will neither be read from nor closed due to a timeout.
This in turn causes fetch contexts to linger around indefinitely, which
in turn may e.g. prevent certain cache nodes (those containing rdatasets
used by the fetch context, like fctx->nameservers) from being cleaned.
Fix by making sure the higher-level callback does get invoked with the
ISC_R_TIMEDOUT result code when udp_recv() determines there is no more
time left to receive the correct UDP response before the timeout fires.
This allows the higher-level callback to clean things up, preventing the
reference leak described above.
Closes #3002December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5592Resolve "doh_connect_makeuri fails on illumos"2021-11-25T12:58:29ZMark AndrewsResolve "doh_connect_makeuri fails on illumos"Closes #3024Closes #3024December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5591Fix "array subscript is of type 'char'" on NetBSD 92021-11-25T17:53:37ZMichal NowakFix "array subscript is of type 'char'" on NetBSD 9 In file included from rdata.c:602:
In file included from ./code.h:88:
./rdata/in_1/svcb_64.c:259:9: warning: array subscript is of type 'char' [-Wchar-subscripts]
if (!isdigit(*region->base)) {
... In file included from rdata.c:602:
In file included from ./code.h:88:
./rdata/in_1/svcb_64.c:259:9: warning: array subscript is of type 'char' [-Wchar-subscripts]
if (!isdigit(*region->base)) {
^~~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/ctype_inline.h:51:44: note: expanded from macro 'isdigit'
#define isdigit(c) ((int)((_ctype_tab_ + 1)[(c)] & _CTYPE_D))
^~~~December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Michal NowakMichal Nowakhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5594[v9_16] Fix "array subscript is of type 'char'" on NetBSD 92021-11-25T18:20:13ZMichal Nowak[v9_16] Fix "array subscript is of type 'char'" on NetBSD 9 In file included from rdata.c:602:
In file included from ./code.h:88:
./rdata/in_1/svcb_64.c:259:9: warning: array subscript is of type 'char' [-Wchar-subscripts]
if (!isdigit(*region->base)) {
... In file included from rdata.c:602:
In file included from ./code.h:88:
./rdata/in_1/svcb_64.c:259:9: warning: array subscript is of type 'char' [-Wchar-subscripts]
if (!isdigit(*region->base)) {
^~~~~~~~~~~~~~~~~~~~~~
/usr/include/sys/ctype_inline.h:51:44: note: expanded from macro 'isdigit'
#define isdigit(c) ((int)((_ctype_tab_ + 1)[(c)] & _CTYPE_D))
^~~~
(cherry picked from commit d09447287f02cdf479cf2e542e4ab0efe7a024fe)December 2021 (9.16.24, 9.16.24-S1, 9.17.21)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5562Resolve "Set -DOPENSSL_SUPPRESS_DEPRECATED for 9.16 and 9.11"2021-11-26T13:16:26ZMark AndrewsResolve "Set -DOPENSSL_SUPPRESS_DEPRECATED for 9.16 and 9.11"Closes #3009Closes #3009December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5588Resolve "dns_sdlz_putrr does not auto increase buffer"2021-11-26T21:32:04ZMark AndrewsResolve "dns_sdlz_putrr does not auto increase buffer"Closes #3021Closes #3021December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5604Update the description of fetches-per-zone counters2021-11-30T13:04:05ZMark AndrewsUpdate the description of fetches-per-zone counters(cherry picked from commit 65f6d8af75d99de22f667149435d68d3862cda36)
Closes #2850(cherry picked from commit 65f6d8af75d99de22f667149435d68d3862cda36)
Closes #2850December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5493Resolve #2854: DoH: Assign HTTP responses freshness lifetime according to th...2021-12-01T07:30:50ZArtem BoldarievResolve #2854: DoH: Assign HTTP responses freshness lifetime according to the smallest TTL found in the Answer sectionThis merge request makes BIND assign HTTP responses freshness lifetime according to the smallest TTL found in the Answer section by setting the `max-age` value in the `Cache-Control` header when appropriate. The recommendations regarding...This merge request makes BIND assign HTTP responses freshness lifetime according to the smallest TTL found in the Answer section by setting the `max-age` value in the `Cache-Control` header when appropriate. The recommendations regarding this are given in the section [5.1](https://datatracker.ietf.org/doc/html/rfc8484#section-5.1) of the specification, in particular:
> In particular, DoH servers SHOULD assign an explicit HTTP freshness
lifetime (see Section 4.2 of [RFC7234]) so that the DoH client is
more likely to use fresh DNS data. This requirement is due to HTTP
caches being able to assign their own heuristic freshness (such as
that described in Section 4.2.2 of [RFC7234]), which would take
control of the cache contents out of the hands of the DoH server.
>
> The assigned freshness lifetime of a DoH HTTP response MUST be less
than or equal to the smallest TTL in the Answer section of the DNS
response. A freshness lifetime equal to the smallest TTL in the
Answer section is RECOMMENDED. For example, if a HTTP response
carries three RRsets with TTLs of 30, 600, and 300, the HTTP
freshness lifetime should be 30 seconds (which could be specified as
"Cache-Control: max-age=30"). This requirement helps prevent expired
RRsets in messages in an HTTP cache from unintentionally being
served.
For example:
![doh_max_age_h](/uploads/4dcdad00612dd3e108cd480d9ecc6fd0/doh_max_age_h.png)
That is the only part of the specification which has been unimplemented.
Closes #2854December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Artem BoldarievArtem Boldarievhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5559Resolve "Greedy regular expression causes intermittent "nsupdate" system test...2021-12-01T08:17:20ZMark AndrewsResolve "Greedy regular expression causes intermittent "nsupdate" system test failures"Closes #3003Closes #3003December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5566Replace incorrect sed expersion with awk2021-12-01T08:17:26ZMark AndrewsReplace incorrect sed expersion with awkThe sed expression could find the wrong instance of 10.
Use awk to replace the TTL field and also to specify the
server and issue the send command.
(cherry picked from commit be879cda728b9fac3208f39148869d46c9c919e7)
Closes #3003The sed expression could find the wrong instance of 10.
Use awk to replace the TTL field and also to specify the
server and issue the send command.
(cherry picked from commit be879cda728b9fac3208f39148869d46c9c919e7)
Closes #3003December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5571Add flycheck configuration for libxml2 and json-c on Linux2021-12-01T08:28:44ZOndřej SurýAdd flycheck configuration for libxml2 and json-c on Linux(cherry picked from commit 41f86440c44e5800190f069fa74d7a997eb6e40b)(cherry picked from commit 41f86440c44e5800190f069fa74d7a997eb6e40b)December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5575Resolve "BEGIN/END DNSSEC/MANAGED KEYS in bin/named/config.c are mismatched."2021-12-01T08:29:25ZMark AndrewsResolve "BEGIN/END DNSSEC/MANAGED KEYS in bin/named/config.c are mismatched."Closes #3012Closes #3012December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5577Update comments around built in trust anchors2021-12-01T08:29:33ZMark AndrewsUpdate comments around built in trust anchorsThe comments now say "# BEGIN TRUST ANCHORS" and "# END TRUST ANCHORS".
(cherry picked from commit 43a7f3f5324a2ea09605cbf0c42bf2a6dbf78c82)
Closes #3012The comments now say "# BEGIN TRUST ANCHORS" and "# END TRUST ANCHORS".
(cherry picked from commit 43a7f3f5324a2ea09605cbf0c42bf2a6dbf78c82)
Closes #3012December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Mark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5552Make mdig use the OS-supplied ephemeral port range2021-12-01T08:31:49ZEvan HuntMake mdig use the OS-supplied ephemeral port rangemdig was always using the default 1024-65535 range for outgoing
messages, instead of using the system's configured ephemeral ports.
Closes #2374mdig was always using the default 1024-65535 range for outgoing
messages, instead of using the system's configured ephemeral ports.
Closes #2374December 2021 (9.16.24, 9.16.24-S1, 9.17.21)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5579Make mdig use the OS-supplied ephemeral port range2021-12-01T08:31:57ZEvan HuntMake mdig use the OS-supplied ephemeral port rangeDecember 2021 (9.16.24, 9.16.24-S1, 9.17.21)