BIND merge requestshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests2024-02-28T11:13:33Zhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/5800Draft: Add stress tests with DoH and DoT2024-02-28T11:13:33ZMichal NowakDraft: Add stress tests with DoH and DoTValidation pipeline: https://gitlab.isc.org/isc-projects/bind9/-/pipelines/160984
Prerequisites:
- [x] isc-private/devops!11
- [ ] isc-private/bind-qa!40
Things to consider:
- FreeBSD DoH jobs are not added because Flamethrower queries...Validation pipeline: https://gitlab.isc.org/isc-projects/bind9/-/pipelines/160984
Prerequisites:
- [x] isc-private/devops!11
- [ ] isc-private/bind-qa!40
Things to consider:
- FreeBSD DoH jobs are not added because Flamethrower queries always timeout.
- This adds 15 more CI jobs:
- Linux (AWS autoscaler): `(auth + recursive + RPZ) * (DoH + DoT) * (amd64 + arm64) = 12`
- FreeBSD (one FreeBSD runner): `(auth + recursive + RPZ) * (DoT) * (amd64) = 3`
- Autoscaler is not yet present on FreeBSD. Adding 3 CI jobs (i.e., DoT) run serially adds 3 hours to the pipeline runtime. Should we add just one FreeBSD DoT job to limit the runtime?
- DoH/DoT performance is slightly lower than pure TCP, so the threshold for the test to pass must be lowered by 5-10% (see isc-private/bind-qa!40).Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8349Log both "from" and "to" socket in debug messages2024-02-26T13:44:26ZMichał KępieńLog both "from" and "to" socket in debug messagesThis MR renames some logging functions to better convey their role,
extends one of them to enable logging both sockets that comprise each
communication channel, and ensures that the exact local socket address
(if available) is included i...This MR renames some logging functions to better convey their role,
extends one of them to enable logging both sockets that comprise each
communication channel, and ensures that the exact local socket address
(if available) is included in debug messages logging network traffic.
Minor simplifications are also applied to the related logging function
for improved code clarity.
While this MR is technically tangential to #4344/!8348, it benefits a
lot from the detailed information that !8348 enables extracting, so I
made `4344-enable-extraction-of-exact-local-socket-addresses` the target
branch for this MR.
Closes #4345May 2024 (9.18.27, 9.18.27-S1, 9.19.24)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8348Enable extraction of exact local socket addresses2024-02-24T08:20:04ZMichał KępieńEnable extraction of exact local socket addressesExtracting the exact address that each wildcard/TCP socket is bound to
locally requires issuing the getsockname() system call, which libuv
exposes via its uv_*_getsockname() functions. This is only required for
detailed logging and come...Extracting the exact address that each wildcard/TCP socket is bound to
locally requires issuing the getsockname() system call, which libuv
exposes via its uv_*_getsockname() functions. This is only required for
detailed logging and comes at a noticeable performance cost, so it
should not happen by default. However, it is useful for debugging
certain problems (e.g. cryptic system test failures), so a convenient
way of enabling that behavior should exist.
Update isc_nmhandle_localaddr() so that it calls uv_*_getsockname() when
the ISC_SOCKET_DETAILS preprocessor macro is set at compile time.
Ensure proper handling of Stream DNS sockets, which wrap the actual
underlying TCP/TLS socket.
Set the new ISC_SOCKET_DETAILS macro by default when --enable-developer
is passed to ./configure. This enables detailed logging in the system
tests run in GitLab CI without affecting performance in non-development
BIND 9 builds.
Note that setting the ISC_SOCKET_DETAILS preprocessor macro at compile
time enables all callers of isc_nmhandle_localaddr() to extract the
exact address of a given local socket, which results e.g. in dnstap
captures containing more accurate information.
Mention the new preprocessor macro in the section of the ARM that
discusses why exact socket addresses may not be logged by default.
Closes #4344May 2024 (9.18.27, 9.18.27-S1, 9.19.24)Michał KępieńMichał Kępieńhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8524Draft: clean up files in addzone system test2024-02-24T08:08:24ZEvan HuntDraft: clean up files in addzone system testsome generated files were not cleaned up after running the test.some generated files were not cleaned up after running the test.May 2024 (9.18.27, 9.18.27-S1, 9.19.24)Evan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8749[9.18] Draft: Resolve "Don't count expired / future RRSIGs in verification fa...2024-02-24T08:07:47ZMark Andrews[9.18] Draft: Resolve "Don't count expired / future RRSIGs in verification failure quota"Closes #4586Closes #4586May 2024 (9.18.27, 9.18.27-S1, 9.19.24)https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7703Draft: Resolve "OPENSSL_cleanup fails to return all memory"2024-02-08T11:20:06ZMark AndrewsDraft: Resolve "OPENSSL_cleanup fails to return all memory"This tests whether `OPENSSL_cleanup` cleans up everything or not. It should.
Closes #3870This tests whether `OPENSSL_cleanup` cleans up everything or not. It should.
Closes #3870Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8642Do HTTPS record query from host in addition2024-01-11T10:40:52ZPetr MenšíkDo HTTPS record query from host in additionUnless explicitly specified type from host command, do fourth query for
type HTTPS RR. It is expected it will become more common and some
systems already query that record for every name.Unless explicitly specified type from host command, do fourth query for
type HTTPS RR. It is expected it will become more common and some
systems already query that record for every name.https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8303Draft: Resolve "Check the size of the structure passed to dns_rdata_*struct m...2024-01-03T13:35:11ZMark AndrewsDraft: Resolve "Check the size of the structure passed to dns_rdata_*struct methods"Closes #4318Closes #4318Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8449Draft: document S-edition features2023-11-20T13:32:16ZEvan HuntDraft: document S-edition featuresper request from @sgoldlust, this branch contains documentation for features included only in the subscription edition of BIND. this can be included in regular BIND as a way to inform users of features they could have as subscribers. it ...per request from @sgoldlust, this branch contains documentation for features included only in the subscription edition of BIND. this can be included in regular BIND as a way to inform users of features they could have as subscribers. it needs substantial editing first.Long-termSuzanne GoldlustSuzanne Goldlusthttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8393Draft: Resolve "Check that a zone is served by IPv6 servers if it has AAAA re...2023-11-07T10:39:58ZMark AndrewsDraft: Resolve "Check that a zone is served by IPv6 servers if it has AAAA records"Closes #4370Closes #4370Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8166Draft: Add +human option2023-11-07T10:39:37ZJulia EvansDraft: Add +human optionDraft implementation of a `+human` flag, discussed in #4233. Right now this is extremely rough -- all of the if statements are pretty ugly, there are no tests yet, and I've probably missed a lot of things since I'm new to this codebase. ...Draft implementation of a `+human` flag, discussed in #4233. Right now this is extremely rough -- all of the if statements are pretty ugly, there are no tests yet, and I've probably missed a lot of things since I'm new to this codebase. Would love feedback.
Some notes:
* I took the approach of modifying `dns_message_pseudosectiontotext` and `dns_message_sectiontotext` instead of creating a parallel implementation (the way the `+yaml` option does) because that seems lower-maintenance and has less risk of diverging. I noticed that the YAML version already diverges from the text version a little -- it doesn't include the same warnings for example.
* sets `lookup->identify` instead of `lookup->stats` because I think it's much more readable
* turns off `printcmd` to suppress the confusing first few lines of output
* Adds a little more whitespace and indentation to make the structure of each section more clear
Here's some example output:
```
$ dig +human example.com
;; Got answer:
;; HEADER:
; opcode: QUERY
; status: NOERROR
; id: 60905
; flags: qr rd ra
; records: QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
;; QUESTION SECTION:
; example.com. IN A
;; ANSWER SECTION:
example.com. 74183 IN A 93.184.216.34
;; Received 56 bytes from 192.168.1.1#53(192.168.1.1) in 18 ms
```Not plannedhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8451Draft: Add the reader-writer synchronization with modified C-RW-WP2023-11-01T13:39:50ZOndřej SurýDraft: Add the reader-writer synchronization with modified C-RW-WPThis changes the internal isc_rwlock implementation to:
Irina Calciu, Dave Dice, Yossi Lev, Victor Luchangco, Virendra
J. Marathe, and Nir Shavit. 2013. NUMA-aware reader-writer locks.
SIGPLAN Not. 48, 8 (August 2013), 157–166.
...This changes the internal isc_rwlock implementation to:
Irina Calciu, Dave Dice, Yossi Lev, Victor Luchangco, Virendra
J. Marathe, and Nir Shavit. 2013. NUMA-aware reader-writer locks.
SIGPLAN Not. 48, 8 (August 2013), 157–166.
DOI:https://doi.org/10.1145/2517327.24425
(The full article available from:
http://mcg.cs.tau.ac.il/papers/ppopp2013-rwlocks.pdf)
The implementation is based on the The Writer-Preference Lock (C-RW-WP)
variant (see the 3.4 section of the paper for the rationale).
The implemented algorithm has been modified for simplicity and for usage
patterns in rbtdb.c.
The changes compared to the original algorithm:
* We haven't implemented the cohort locks because that would require a
knowledge of NUMA nodes, instead a simple atomic_bool is used as
synchronization point for writer lock.
* The per-thread reader counters are not being used - this would
require the internal thread id (isc_tid_v) to be always initialized,
even in the utilities; the change has a slight performance penalty,
so we might revisit this change in the future. However, this change
also saves a lot of memory, because cache-line aligned counters were
used, so on 32-core machine, the rwlock would be 4096+ bytes big.
* The readers use a writer_barrier that will raise after a while when
readers lock can't be acquired to prevent readers starvation.
* Separate ingress and egress readers counters queues to reduce both
inter and intra-thread contention.
(cherry picked from commit 6ffda5920e5092d4586a2680802143be755feb8b)
Closes #1609Ondřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8416WIP: Rewrite isc_symtab to use isc_hashmap; merge isccc_symtab to isc_symtab2023-10-24T13:04:30ZOndřej SurýWIP: Rewrite isc_symtab to use isc_hashmap; merge isccc_symtab to isc_symtabOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6334Draft: Resolve "dns64 auto configuration on nat64 networks"2023-09-13T05:31:37ZMark AndrewsDraft: Resolve "dns64 auto configuration on nat64 networks"See #3363See #3363Not plannedMark AndrewsMark Andrewshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8296WIP2023-09-12T13:58:43ZOndřej SurýWIPOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/7830Allow the tcp-clients to be specified as percent, set default to 50%2023-09-12T09:12:11ZOndřej SurýAllow the tcp-clients to be specified as percent, set default to 50%Change the tcp-clients configuration value to allow specifying
percents (out of the maximum allowed file descriptors) and set the
default to 50% of that value.
Closes #3958Change the tcp-clients configuration value to allow specifying
percents (out of the maximum allowed file descriptors) and set the
default to 50% of that value.
Closes #3958Not plannedOndřej SurýOndřej Surýhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/6610Draft: Updates to the Load Balancing section of the ARM2023-09-06T21:33:46ZSuzanne GoldlustDraft: Updates to the Load Balancing section of the ARMIncorporate Ron Aitchison's new text on load balancing into the main branchIncorporate Ron Aitchison's new text on load balancing into the main branchGreg ChoulesGreg Chouleshttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8020Refactor isc_mem_get et al. for safer allocation size calculations2023-09-04T09:21:22ZTony FinchRefactor isc_mem_get et al. for safer allocation size calculationsIf there is an integer overflow when calculating an allocation size the new memory on the heap can be too small leading to a heap buffer overflow.
To make it easier to use checked arithmetic for allocation sizes, change `isc_mem_get()` ...If there is an integer overflow when calculating an allocation size the new memory on the heap can be too small leading to a heap buffer overflow.
To make it easier to use checked arithmetic for allocation sizes, change `isc_mem_get()` to allocate an array by default. Like `calloc()`, it now takes two size arguments: an element count, and an element size. (Unlike `calloc()`, however, `ISC_MEM_ZERO` must be requested explicitly.)
There is also a new extended variant, `isc_mem_getfx()` for allocating a `struct` with a flexible array member. It uses a checked multiply-add to calculate the size.
Most of this change is done by Coccinelle. However, Coccinelle's parser has trouble with some of BIND's macros, so the refactoring is done in three stages: suppress the problematic macros; apply the `spatch`; then revert the suppression.
The `spatch` is generated by a perl script, because it is very repetitive handling all the variants of `isc_mem_get()`, `isc_mem_put()`, etc., with and without flags.Not plannedTony FinchTony Finchhttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8160remove the "dialup" and "heartbeat-interval" options2023-08-02T02:30:10ZEvan Huntremove the "dialup" and "heartbeat-interval" optionsthis is to be merged in 9.21.
Closes #4237this is to be merged in 9.21.
Closes #4237Not plannedEvan HuntEvan Hunthttps://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8098Draft: Ondrej/refactor dns catz using userspacercu2023-07-31T16:15:25ZOndřej SurýDraft: Ondrej/refactor dns catz using userspacercuOndřej SurýOndřej Surý