GitLab

Add missing dnssec-keygen dependency on libisccfg

Closes #1134

See merge request isc-projects/bind9!2555

Commit 09ac224c made dnssec-keygen
depend on libisccfg but the Visual Studio solution file was not updated
to reflect that change.  Make sure the dnssec-keygen Visual Studio
project depends on the libisccfg project to prevent compilation issues
during parallel builds.

Split release notes into per-version sections

See merge request isc-projects/bind9!2524

Some URLs used in release notes became outdated.  Make sure they point
to currently available resources.

Intertwining release notes from different BIND releases in a single XML
file has caused confusion in the past due to different (and often
arbitrary) approaches to keeping/removing release notes from older
releases on different BIND branches.  Divide doc/arm/notes.xml into
per-version sections to simplify determining the set of changes
introduced by a given release and to make adding/reviewing release notes
less error-prone.

Wait a little bit longer for autosign, bail out on not enough categories

See merge request isc-projects/bind9!2554

Check if the RRSIG jitter falls <mean-2.5*stddev;mean+2.5*stddev>

Closes #1309

See merge request isc-projects/bind9!2553

This reverts commit e17b7ee0.

libuv-based network manager

Closes #29

See merge request isc-projects/bind9!2528

With the netmgr in use, named may start answering queries before zones
are loaded. This can cause transient failures in system tests after
servers are restarted or reconfigured. This commit adds retry loops
and sleep statements where needed to address this problem.

Also incidentally silenced a clang warning.

- ns__client_request() is now called by netmgr with an isc_nmhandle_t
  parameter. The handle can then be permanently associated with an
  ns_client object.
- The task manager is paused so that isc_task events that may be
  triggred during client processing will not fire until after the netmgr is
  finished with it. Before any asynchronous event, the client MUST
  call isc_nmhandle_ref(client->handle), to prevent the client from
  being reset and reused while waiting for an event to process. When
  the asynchronous event is complete, isc_nmhandle_unref(client->handle)
  must be called to ensure the handle can be reused later.
- reference counting of client objects is now handled in the nmhandle
  object.  when the handle references drop to zero, the client's "reset"
  callback is used to free temporary resources and reiniialize it,
  whereupon the handle (and associated client) is placed in the
  "inactive handles" queue.  when the sysstem is shutdown and the
  handles are cleaned up, the client's "put" callback is called to free
  all remaining resources.
- because client allocation is no longer handled in the same way,
  the '-T clienttest' option has now been removed and is no longer
  used by any system tests.
- the unit tests require wrapping the isc_nmhandle_unref() function;
  when LD_WRAP is supported, that is used. otherwise we link a
  libwrap.so interposer library and use that.

This allows a task to be temporary disabled so that objects won't be
processed simultaneously by libuv events and isc_task events. When a
task is paused, currently running events may complete, but no further
event will added to the run queue will be executed until the task is
unpaused.

When a task manager is created, we can now specify an `isc_nm`
object to associate with it; thereafter when the task manager is
placed into exclusive mode, the network manager will be paused.

This is a replacement for the existing isc_socket and isc_socketmgr
implementation. It uses libuv for asynchronous network communication;
"networker" objects will be distributed across worker threads reading
incoming packets and sending them for processing.

UDP listener sockets automatically create an array of "child" sockets
so each worker can listen separately.

TCP sockets are shared amongst worker threads.

A TCPDNS socket is a wrapper around a TCP socket, which handles the
the two-byte length field at the beginning of DNS messages over TCP.

(Other wrapper socket types can be implemented in the future to handle
DNS over TLS, DNS over HTTPS, etc.)

this is a lockless queue based on hazard pointers.

The double-locked queue implementation is still currently in use
in ns_client, but will be replaced by a fetch-and-add array queue.
This commit moves it from queue.h to list.h so that queue.h can be
used for the new data structure, and clean up dependencies between
list.h and types.h. Later, when the ISC_QUEUE is no longer is use,
it will be removed completely.

this is a mechanism to allow safe lock-free data structures.

This converts from struct sockaddr to isc_sockaddr_t

Fix "tcp" system test

Closes #1308

See merge request isc-projects/bind9!2549

Address all outstanding warnings that ShellCheck reports for
bin/tests/system/tcp/tests.sh.

Ensure any unexpected failure in the "tcp" system test causes it to be
immediately interrupted with an error to make the aforementioned test
more reliable.  Since the exit code for "expr 0 + 0" is 1, the status
variable needs to be updated using arithmetic expansion.

Ensure any "rndc stats" failure causes the "tcp" system test to fail.
Do not hide "rndc stats" output.

Ensure all checks in the "tcp" system test are numbered, so that
forensic data is preserved in case of any failure.

assert_int_equal() calls in bin/tests/system/tcp/tests.sh pass the found
value as the first argument and the expected value as the second
argument, while the function interprets its arguments the other way
round.  Fix argument handling in assert_int_equal() to make sure the
error messages printed by that function are correct.

In the TCP high-water checks, "rndc stats" is run after ans6 reports
that it opened the requested number of TCP connections.  However, we
fail to account for the fact that ns5 might not yet have called accept()
for these connections, in which case the counts output by "rndc stats"
will be off.  To prevent intermittent "tcp" system test failures, allow
the relevant connection count checks to be retried (just once, after one
second, as that should be enough for any system to accept() a dozen TCP
connections under any circumstances).

temporarily disable jitter tests in the 'autosign' system test

See merge request isc-projects/bind9!2551

the current method used for testing distribution of signatures
is failure-prone. we need to replace it with something both
effective and portable, but in the meantime we're commenting
out the jitter test.