Merge tag 'v9.21.16'

doc/arm/changelog.rst

@@ -18,6 +18,7 @@ Changelog
    development. Regular users should refer to :ref:`Release Notes <relnotes>`
    for changes relevant to them.
 
+.. include:: ../changelog/changelog-9.21.16.rst
 .. include:: ../changelog/changelog-9.21.15.rst
 .. include:: ../changelog/changelog-9.21.14.rst
 .. include:: ../changelog/changelog-9.21.13.rst

doc/arm/notes.rst

@@ -47,6 +47,7 @@ The list of known issues affecting the latest version in the 9.21 branch can be
 found at
 https://gitlab.isc.org/isc-projects/bind9/-/wikis/Known-Issues-in-BIND-9.21
 
+.. include:: ../notes/notes-9.21.16.rst
 .. include:: ../notes/notes-9.21.15.rst
 .. include:: ../notes/notes-9.21.14.rst
 .. include:: ../notes/notes-9.21.13.rst

doc/changelog/changelog-9.21.16.rst

@@ -0,0 +1,306 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+BIND 9.21.16
+------------
+
+New Features
+~~~~~~~~~~~~
+
+- Add +[no]showtruncated and +[no]showallmessages to dig. ``e78e6150e5``
+
+  The dig option +showtruncated adds the ability to display the
+  truncated message before retrying the query over TCP.
+
+  The dig option +showallmessages add a short cut which is the
+  equivalent of "dig +qr +showbadcookie +showbadversion +showtruncated".
+  :gl:`#5657` :gl:`!11275`
+
+- Add spatch to detect implicit bool/int/result cast. ``2affdbce19``
+
+  Detection of implicit cast from a boolean into an int, or an
+  isc_result_t into a boolean (either in an assignement or return
+  position).
+
+  If such pattern is found, a warning comment is added into the code
+  (and the CI will fails) so the error can be spotted and manually
+  fixed. :gl:`!11095`
+
+Removed Features
+~~~~~~~~~~~~~~~~
+
+- Remove internal memory filling in favor of jemalloc opt.junk.
+  ``def4be7cb6``
+
+  Instead of having our own implementation of memory junk filling, rely
+  on the jemalloc opt.junk feature (set with MALLOC_CONF="junk:true").
+  :gl:`!11270`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Improve output of 'rndc dnssec -status' ``814f7a72cd``
+
+  Add a new parameter ``-v`` to the ``rndc dnssec -status`` command for
+  more verbose output. Previously, key states were printed, and keys
+  that can be purged were listed. This made the output hard to read.
+  This information is now only shown in the verbose output.
+
+  Add more meaningful messages to the status output, making it clearer
+  what the state of a rollover is.
+
+  This makes the output more condense, improving its readability.
+  :gl:`#3938` :gl:`!11099`
+
+- Use atomics for CMM_{LOAD,STORE}_SHARED with ThreadSanitizer.
+  ``6fd209b6f0``
+
+  Upstream has removed the atomics implementation of CMM_LOAD_SHARED and
+  CMM_STORE_SHARED as these can be used also with non-stdatomics types.
+  As we only use the CMM api with stdatomics types, we can restore the
+  previous behaviour to prevent ThreadSanitizer warnings. :gl:`#5660`
+  :gl:`!11288`
+
+- Change the QNAME minimization algorithm to follow the standard.
+  ``15494053b1``
+
+  In !9155, the QNAME minimization was changed to not leak the query
+  type to the parent name server.  This violates RFC 9156 Section 3,
+  step (3) and it is not necessary.  It also breaks some (weird)
+  authoritative DNS setups, especially when CNAMEs are involved.  Also
+  there is really no privacy leak with query type. :gl:`#5661`
+  :gl:`!11293`
+
+- Add RRSIG if required as soon as they are found. ``2955bb90c8``
+
+  When EDNS DO flag (`dig +dnssec`) flag is set, an rdataset is
+  allocated to hold the RRSIG of an RR, if present in DB. However, this
+  allocation is not done if the zone DB is not considered as secure
+  (`dns_db_issecure() == false`). Changes this behaviour by allocating
+  the rdataset anyway, so the RRSIG can be associated in the answer
+  section of the response as soon it is found from the DB.
+
+  The fact we attach the rrsig potentially more often (though it
+  probably occurs in edge cases) doesn't seems to affect performance in
+  any ways: :gl:`!11317`
+
+- Add dns_message functions to set EDNS options. ``b4d638473e``
+
+  The new `dns_message_ednsinit()` and `dns_message_ednsaddopt()`
+  functions allow EDNS options to be added to a message one at a time;
+  it is no longer necessary to construct a full array of EDNS options
+  and set them all at once.
+
+  This allows us to simplify EDNS option handling code, and in the
+  future it wlil allow plugins to add EDNS options to existing messages.
+  :gl:`!11261`
+
+- Enforce bounds of prefetch configuration option. ``103799ac23``
+
+  The prefetch configuration option now enforces boundaries. The
+  configuration (including when using `named-checkconf`) now fails if
+  the trigger (first value) is above 10, and if the eligibility (second
+  optional value) isn't at least six seconds greater than the trigger
+  value. :gl:`!11243`
+
+- Enforces the fact that catalog-zone can not be used in non IN views.
+  ``346007d52d``
+
+  Catalog-zones can't be used in a view which is not from the IN class.
+  This is now enforced as the server won't load (instead of loading
+  without the catalog-zone) if such configuration is detected. This
+  configuration error is now also caught by `named-checkconf`.
+  :gl:`!11245`
+
+- No effective config as text if allow-new-zones is yes. ``416826d4ea``
+
+  Do not save the text version of the effective configuration when
+  `allow-new-zones` is enabled, as in that case the object tree can be
+  printed on demand, reducing unnecessary memory consumption.
+  :gl:`!11242`
+
+- Provide more information when the memory allocation fails.
+  ``94ffc96897``
+
+  Provide more information about the failure when the memory allocation
+  fails. :gl:`!11272`
+
+- Reduce the number of outgoing queries. ``37d851df37``
+
+  Reduces the number of outgoing queries when resolving the nameservers
+  for delegation points.  This helps the DNS resolver with cold cache
+  resolve client queries with complex delegation chains and
+  redirections. :gl:`!11148`
+
+- Refactor zone fetch code. ``32322ffdd8``
+
+  There is code duplication between `keyfetch` and `nsfetch`, refactor
+  to allow common code paths to differentiate between them. This is in
+  preparation for support of generalized DNS notifications, that will
+  require fetching DSYNC records. :gl:`!11176`
+
+- Remove exclusive mode when scheduling zone load. ``2958b3733c``
+
+  Remove exclusive mode when scheduling the zone load, as it is no
+  longer necessary; data that can be read or written by multiple threads
+  are locked or atomic.
+
+  The detection of the post zone DB loading logic has been refactored to
+  take into account the fact that zone databases may be loaded before
+  the function scheduling the loads. :gl:`!11231`
+
+- Use malloc_usable_size()/malloc_size() for memory accounting.
+  ``d8410f93d2``
+
+  Restore usage of malloc_usable_size()/malloc_size(), but this time
+  only for memory accounting and statistics purposes.  This should
+  reduce the memory footprint in case of compilation without jemalloc as
+  we don't have to keep track of the allocated memory size ourselves.
+  :gl:`!11271`
+
+Bug Fixes
+~~~~~~~~~
+
+- Fix the spurious timeouts while resolving names. ``908b7c1f34``
+
+  Sometimes the loops in the resolving (e.g. to resolve or validate
+  ns1.example.com we need to resolve ns1.example.com) were not properly
+  detected leading to spurious 10 seconds delay.  This has been fixed
+  and such loops are properly detected. :gl:`#3033`, #5578 :gl:`!11138`
+
+- Fix bug where zone switches from NSEC3 to NSEC after retransfer.
+  ``ddd1040761``
+
+  When a zone is re-transferred, but the zone journal on an
+  inline-signing secondary is out of sync, the zone could fall back to
+  using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527`
+  :gl:`!11226`
+
+- Add support for more linkers with LTO. ``1ede6683cd``
+
+  Link-time optimization requires close coordination between the
+  compiler and the linker, so not all combinations of compiler and
+  linker support it.
+
+  Previously, when compiling with Clang, we checked only for lld. With
+  this commit, we expand the list of supported linkers we check for.
+  :gl:`#5536` :gl:`!11022`
+
+- Attach socket before async streamdns_resume_processing. ``fec55d786a``
+
+  Call to `streamdns_resume_processing` is asynchronous but the socket
+  passed as argument is not attached when scheduling the call.
+
+  While there is no reproducible way (so far) to make the socket
+  reference number down to 0 before `streamdns_resume_processing` is
+  called, attach the socket before scheduling the call. This guard
+  against an hypothetic case where, for some reasons, the socket
+  refcount would reach 0, and be freed from memory when
+  `streamdns_resume_processing` is called. :gl:`#5620` :gl:`!11247`
+
+- Fix caching RRSIG covering cache NODATA record. ``a81aad0cdc``
+
+  When a RRSIG for type that we already have cached NODATA record was
+  cached due to mismatch of the records on the upstream nameservers, an
+  assertion failure could trigger.  This has been fixed. :gl:`#5633`
+  :gl:`!11228`
+
+- Fix building on OpenBSD 7.8 with Clang 19.1.7. ``d30fdf063c``
+
+  Add the OpenBSD and Clang combination to the existing kludge to
+  recognize size_t and uintXX_t types as same when using a generic.
+  :gl:`#5635` :gl:`!11235`
+
+- AMTRELAY type 0 presentation format handling was wrong. ``d091771b42``
+
+  RFC 8777 specifies a placeholder value of "." for the gateway field
+  when the gateway type is 0 (no gateway).  This was not being checked
+  for nor emitted when displaying the record. This has been corrected.
+
+  Instances of this record will need the placeholder period added to
+  them when upgrading. :gl:`#5639` :gl:`!11240`
+
+- Fix parsing bug in remote-servers with key or tls. ``51af07cdee``
+
+  The :any:`remote-servers` clause enable the following pattern using a
+  named ``server-list``:
+
+  remote-servers a { 1.2.3.4; ... };         remote-servers b { a key
+  foo; };
+
+  However, such configuration was wrongly rejected, with an "unexpected
+  token 'foo'" error. Such configuration is now accepted. :gl:`#5646`
+  :gl:`!11252`
+
+- Fix allow-recursion/allow-query-cache inheritance. ``4a4368a5ec``
+
+  The merging of the user options and defaults into the effective
+  configuration broke the mutual inheritance of the `allow-recursion`,
+  `allow-query`, and `allow-query-cache` ACLs, and of the
+  `allow-recursion-on` and `allow-query-cache-on` ACLs. This has been
+  fixed. :gl:`#5647` :gl:`!11254`
+
+- Fix TLS contexts cache object usage bug in the resolver.
+  ``d441e14cbf``
+
+  :iscman:`named` could terminate unexpectedly when reconfiguring or
+  reloading, and if client-side TLS transport was in use (for example,
+  when forwarding queries to a DoT server). This has been fixed.
+  :gl:`#5653` :gl:`!11295`
+
+- Fix uninitialized pointer check on getipandkeylist. ``dd2d690d98``
+
+  Function `named_config_getipandkeylist` could, in case of error in the
+  early code attempting to get the `port` or `tls-port`, make a pointer
+  check on a non-initialized value. This is now fixed. :gl:`!11303`
+
+- Pass isc_buffer_t pointers when applicable. ``53ea41b459``
+
+  In commit aea251f3bce7, `isc_buffer_reserve()` was changed to take a
+  simple `isc_buffer_t *` instead of `isc_buffer_t **`. A number of
+  functions calling it have now been similarly modified. :gl:`!11282`
+
+- Remove holes in `dns_zoneflg_t` enum. ``1a9f7539bd``
+
+  The `dns_zoneflg_t` enum defined multiple possible flags for a zone,
+  but contains numerous holes (likely from flag removed in the past).
+  This fixes the holes, and use a bit-shift and decimal notation to make
+  holes easier to spot. :gl:`!11189`
+
+- Save configuration as text. ``09bcacbd36``
+
+  A `cfg_obj_t` object tree structure takes up considerably more space
+  than the equivalent canonical text. If `allow-new-zones` is disabled
+  and catalog zones are not in use, then we don't need the object tree.
+  By storing the configuration in text format, we can use less memory,
+  and `rndc showconf` and `rndc showzone` still work. :gl:`!11236`
+
+- Standardize CHECK and RETERR macros. ``a45d253882``
+
+  Previously, there were over 40 separate definitions of `CHECK` macros,
+  of which most used `goto cleanup`, and the rest `goto failure` or
+  `goto out`. There were another 10 definitions of `RETERR`, of which
+  most were identical to `CHECK`, but some simply returned a result code
+  instead of jumping to a cleanup label.
+
+  This has now been standardized throughout the code base: `RETERR` is
+  for returning an error code in the case of an error, and `CHECK` is
+  for jumping to a cleanup tag, which is now always called `cleanup`.
+  Both macros are defined in `isc/util.h`. :gl:`!10472`
+
+- Adding NSEC3 opt-out records could leave invalid records in
+  chain. ``6d03b4f9c6``
+
+  When creating an NSEC3 opt-out chain, a node in the chain could be
+  removed too soon, causing the previous NSEC3 being unable to be found,
+  resulting in invalid NSEC3 records to be left in the zone. This has
+  been fixed. :gl:`#5671`
+

doc/notes/notes-9.21.16.rst

@@ -0,0 +1,144 @@
+.. Copyright (C) Internet Systems Consortium, Inc. ("ISC")
+..
+.. SPDX-License-Identifier: MPL-2.0
+..
+.. This Source Code Form is subject to the terms of the Mozilla Public
+.. License, v. 2.0.  If a copy of the MPL was not distributed with this
+.. file, you can obtain one at https://mozilla.org/MPL/2.0/.
+..
+.. See the COPYRIGHT file distributed with this work for additional
+.. information regarding copyright ownership.
+
+Notes for BIND 9.21.16
+----------------------
+
+New Features
+~~~~~~~~~~~~
+
+- Add ``+[no]showtruncated`` and ``+[no]showallmessages`` to :iscman:`dig`.
+
+  The option :option:`dig +showtruncated` adds the ability to display the
+  truncated message before retrying the query over TCP.
+
+  The option :option:`dig +showallmessages` adds a shortcut, which is the
+  equivalent of ``dig +qr +showbadcookie +showbadversion +showtruncated``.
+  :gl:`#5657`
+
+Feature Changes
+~~~~~~~~~~~~~~~
+
+- Reduce the number of outgoing queries.
+
+  Reduce the number of outgoing queries when resolving the nameservers
+  for delegation points. This helps a DNS resolver with a cold cache
+  resolve client queries with complex delegation chains and
+  redirections. :gl:`!11148`
+
+- Improve output of ``rndc dnssec -status``
+
+  Add a new parameter ``-v`` to the ``rndc dnssec -status`` command for
+  more verbose output. Previously, key states were printed, and keys
+  that could be purged were listed. This made the output hard to read.
+  This information is now only shown in the verbose output.
+
+  Add more meaningful messages to the status output, making it clearer
+  what the state of a rollover is.
+
+  This makes the output more condensed, improving its readability.
+  :gl:`#3938`
+
+- Change the QNAME minimization algorithm to follow the standard.
+
+  In :gl:`!9155`, QNAME minimization was changed to not leak the query
+  type to the parent name server.  This violates :rfc:`9156` Section 3,
+  step (3) and it is not necessary.  It also breaks some unusual
+  authoritative DNS setups, especially when CNAMEs are involved.
+  There is really no privacy leak with query type, so these changes
+  were not beneficial. :gl:`#5661`
+
+- Enforce bounds of :any:`prefetch` configuration option.
+
+  The :any:`prefetch` configuration option now enforces boundaries. The
+  configuration (including when using :iscman:`named-checkconf`) now fails if
+  the trigger (first value) is above 10, and if the eligibility (second
+  optional value) is not at least six seconds greater than the trigger
+  value. :gl:`!11243`
+
+- Enforce the fact that catalog zones cannot be used in non-IN views.
+
+  Catalog zones cannot be used in a view which is not from the IN class.
+  This is now enforced, as the server won't load (instead of loading
+  without the catalog zone) if such a configuration is detected. This
+  configuration error is now also caught by :iscman:`named-checkconf`.
+  :gl:`!11245`
+
+- Provide more information when memory allocation fails.
+
+  BIND now provides more information about the failure when memory allocation
+  fails. :gl:`!11272`
+
+Bug Fixes
+~~~~~~~~~
+
+- Adding NSEC3 opt-out records could leave invalid records in chain.
+
+  When creating an NSEC3 opt-out chain, a node in the chain could be
+  removed too soon. The previous NSEC3 would therefore not be found,
+  resulting in invalid NSEC3 records being left in the zone. This has
+  been fixed. :gl:`#5671`
+
+- Fix spurious timeouts while resolving names.
+
+  Sometimes, loops in the resolving process (e.g., to resolve or validate
+  ``ns1.example.com``, we need to resolve ``ns1.example.com``) were not properly
+  detected, leading to a spurious 10-second delay. This has been fixed,
+  and such loops are properly detected. :gl:`#3033` :gl:`#5578`
+
+- Fix bug where zone switches from NSEC3 to NSEC after retransfer.
+
+  When a zone was re-transferred but the zone journal on an
+  inline-signing secondary was out of sync, the zone could fall back to
+  using NSEC records instead of NSEC3. This has been fixed. :gl:`#5527`
+
+- Fix caching RRSIG covering cached NODATA record.
+
+  If a cached NODATA record was already present for an RRSIG type
+  due to a mismatch of records on the upstream nameservers, it could
+  trigger an assertion failure. This has been fixed. :gl:`#5633`
+
+- ``AMTRELAY`` type 0 presentation format handling was wrong.
+
+  :rfc:`8777` specifies a placeholder value of ``.`` for the gateway field
+  when the gateway type is 0 (no gateway). This was not being checked
+  for, nor was it emitted when displaying the record. This has been corrected.
+
+  Instances of this record will need the placeholder period added to
+  them when upgrading. :gl:`#5639`
+
+- Fix parsing bug in :any:`remote-servers` with key or TLS.
+
+  The :any:`remote-servers` clause enables the following pattern using a
+  named ``server-list``::
+
+      remote-servers a { 1.2.3.4; ... };
+      remote-servers b { a key foo; };
+
+  However, such a configuration was wrongly rejected, with an ``unexpected
+  token 'foo'`` error. This configuration is now accepted. :gl:`#5646`
+
+- Fix :any:`allow-recursion`/:any:`allow-query-cache` inheritance.
+
+  The merging of the user options and defaults into the effective
+  configuration broke the mutual inheritance of the :any:`allow-recursion`,
+  :any:`allow-query`, and :any:`allow-query-cache` ACLs, and of the
+  :any:`allow-recursion-on` and :any:`allow-query-cache-on` ACLs. This has been
+  fixed. :gl:`#5647`
+
+- Fix DoT reconfigure/reload bug in the resolver.
+
+  If client-side TLS transport was in use (for example, when
+  forwarding queries to a DoT server), :iscman:`named` could
+  terminate unexpectedly when reconfiguring or reloading. This
+  has been fixed.
+  :gl:`#5653`
+