Merge branch '2844-rndc-freeze-command-always-fails-perhaps-due-to-in-view' into 'main'

Resolve "`rndc freeze` command always fails, perhaps due to `in-view`" Closes #2844 See merge request isc-projects/bind9!5311
2026-03-20 01:27:20 -04:00 · 2021-08-12 00:13:32 +00:00 · 2021-08-12 00:13:32 +00:00 · ce8527252c
commit ce8527252c
parent 812d1027f7 1f8ef7cfe2
8 changed files with 83 additions and 12 deletions
--- a/3
+++ b/3
@ -1,3 +1,6 @@
+5691.	[bug]		'rndc freeze' with in-view zones present would
+			spuriously report failures. [GL #2844]
+
 5690.	[func]		Change "dnssec-signzone" to honor the Predecessor and
 			Successor metadata values, and allow for gradual
 			replacement of RRSIGs. In other words, don't sign
--- a/bin/tests/system/rndc/clean.sh
+++ b/bin/tests/system/rndc/clean.sh
@ -18,6 +18,7 @@ rm -f ns2/nil.db ns2/other.db ns2/static.db ns2/*.jnl
 rm -f ns2/session.key
 rm -f ns3/named_dump.db*
 rm -f ns4/*.nta
+rm -f ns4/example.db ns4/example.db.jnl
 rm -f ns4/key?.conf
 rm -f ns6/huge.zone.db
 rm -f ns*/named.conf
--- a/bin/tests/system/rndc/ns4/named.conf.in
+++ b/bin/tests/system/rndc/ns4/named.conf.in
@ -15,13 +15,22 @@ options {
 	listen-on { 10.53.0.4; };
 	listen-on-v6 { none; };
 	recursion yes;
-    dnssec-validation yes;
+	dnssec-validation yes;
 };

 view normal {
 	match-clients { any; };
+
+	zone example {
+		type primary;
+		file "example.db";
+		allow-update { any; };
+	};
 };

 view "view with a space" {
 	match-clients { none; };
+	zone example {
+		in-view normal;
+	};
 };
--- a/bin/tests/system/rndc/setup.sh
+++ b/bin/tests/system/rndc/setup.sh
@ -15,6 +15,8 @@ $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/nil.db
 $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/other.db
 $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns2/static.db

+$SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns4/example.db
+
 $SHELL ${TOP_SRCDIR}/bin/tests/system/genzone.sh 2 >ns6/huge.zone.db

 # we make the huge zone less huge if we're running under
--- a/bin/tests/system/rndc/tests.sh
+++ b/bin/tests/system/rndc/tests.sh
@ -40,7 +40,7 @@ if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))

 echo_i "rndc freeze"
-$RNDCCMD 10.53.0.2 freeze | sed 's/^/ns2 /' | cat_i | cat_i
+$RNDCCMD 10.53.0.2 freeze | sed 's/^/ns2 /' | cat_i

 n=$((n+1))
 echo_i "checking zone was dumped ($n)"
@ -426,7 +426,7 @@ n=$((n+1))
 echo_i "testing automatic zones are reported ($n)"
 ret=0
 $RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf status > rndc.out.1.test$n || ret=1
-grep "number of zones: 200 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1
+grep "number of zones: 201 (198 automatic)" rndc.out.1.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))

@ -689,5 +689,49 @@ lines=`cat rndc.out.test$n | wc -l`
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status+ret))

+n=$((n+1))
+echo_i "check 'rndc freeze' with in-view zones works ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf freeze > rndc.out.test$n 2>&1 || ret=1
+test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking non in-view zone instance is not writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} > /dev/null 2>&1 <<END && ret=1
+server 10.53.0.4
+zone example.
+update add text2.example. 600 IN TXT "addition 3"
+send
+END
+$DIG $DIGOPTS @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
+grep 'addition 3' dig.out.1.test$n >/dev/null && ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "check 'rndc thaw' with in-view zones works ($n)"
+ret=0
+$RNDC -s 10.53.0.4 -p ${EXTRAPORT6} -c ns4/key6.conf thaw > rndc.out.test$n 2>&1 || ret=1
+test -s rndc.out.test$n && sed 's/^/ns2 /' rndc.out.test$n | cat_i
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
+n=$((n+1))
+echo_i "checking non in-view zone instance is now writable ($n)"
+ret=0
+$NSUPDATE -p ${PORT} > nsupdate.out.test$n 2>&1 <<END || ret=1
+server 10.53.0.4
+zone example.
+update add text2.example. 600 IN TXT "addition 3"
+send
+END
+$DIG $DIGOPTS @10.53.0.4 -p ${PORT} text2.example. TXT > dig.out.1.test$n
+grep 'addition 3' dig.out.1.test$n >/dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status+ret))
+
 echo_i "exit status: $status"
 [ $status -eq 0 ] || exit 1
--- a/lib/dns/include/dns/zt.h
+++ b/lib/dns/include/dns/zt.h
@ -160,7 +160,7 @@ dns_zt_asyncload(dns_zt_t *zt, bool newonly, dns_zt_allloaded_t alldone,
 */

 isc_result_t
-dns_zt_freezezones(dns_zt_t *zt, bool freeze);
+dns_zt_freezezones(dns_zt_t *zt, dns_view_t *view, bool freeze);
 /*%<
 * Freeze/thaw updates to master zones.
 * Any pending updates will be flushed.
--- a/lib/dns/view.c
+++ b/lib/dns/view.c
@ -1855,7 +1855,7 @@ dns_view_freezezones(dns_view_t *view, bool value) {
 	REQUIRE(DNS_VIEW_VALID(view));
 	REQUIRE(view->zonetable != NULL);

-	return (dns_zt_freezezones(view->zonetable, value));
+	return (dns_zt_freezezones(view->zonetable, view, value));
 }

 void
--- a/lib/dns/zt.c
+++ b/lib/dns/zt.c
@ -55,6 +55,11 @@ struct dns_zt {
 	dns_rbt_t *table;
 };

+struct zt_freeze_params {
+	dns_view_t *view;
+	bool freeze;
+};
+
 #define ZTMAGIC	     ISC_MAGIC('Z', 'T', 'b', 'l')
 #define VALID_ZT(zt) ISC_MAGIC_VALID(zt, ZTMAGIC)

@ -375,13 +380,14 @@ asyncload(dns_zone_t *zone, void *zt_) {
 }

 isc_result_t
-dns_zt_freezezones(dns_zt_t *zt, bool freeze) {
+dns_zt_freezezones(dns_zt_t *zt, dns_view_t *view, bool freeze) {
 	isc_result_t result, tresult;
+	struct zt_freeze_params params = { view, freeze };

 	REQUIRE(VALID_ZT(zt));

 	RWLOCK(&zt->rwlock, isc_rwlocktype_read);
-	result = dns_zt_apply(zt, false, &tresult, freezezones, &freeze);
+	result = dns_zt_apply(zt, false, &tresult, freezezones, &params);
 	RWUNLOCK(&zt->rwlock, isc_rwlocktype_read);
 	if (tresult == ISC_R_NOTFOUND) {
 		tresult = ISC_R_SUCCESS;
@ -391,7 +397,7 @@ dns_zt_freezezones(dns_zt_t *zt, bool freeze) {

 static isc_result_t
 freezezones(dns_zone_t *zone, void *uap) {
-	bool freeze = *(bool *)uap;
+	struct zt_freeze_params *params = uap;
 	bool frozen;
 	isc_result_t result = ISC_R_SUCCESS;
 	char classstr[DNS_RDATACLASS_FORMATSIZE];
@ -406,6 +412,12 @@ freezezones(dns_zone_t *zone, void *uap) {
 	if (raw != NULL) {
 		zone = raw;
 	}
+	if (params->view != dns_zone_getview(zone)) {
+		if (raw != NULL) {
+			dns_zone_detach(&raw);
+		}
+		return (ISC_R_SUCCESS);
+	}
 	if (dns_zone_gettype(zone) != dns_zone_master) {
 		if (raw != NULL) {
 			dns_zone_detach(&raw);
@ -420,7 +432,7 @@ freezezones(dns_zone_t *zone, void *uap) {
 	}

 	frozen = dns_zone_getupdatedisabled(zone);
-	if (freeze) {
+	if (params->freeze) {
 		if (frozen) {
 			result = DNS_R_FROZEN;
 		}
@ -428,7 +440,7 @@ freezezones(dns_zone_t *zone, void *uap) {
 			result = dns_zone_flush(zone);
 		}
 		if (result == ISC_R_SUCCESS) {
-			dns_zone_setupdatedisabled(zone, freeze);
+			dns_zone_setupdatedisabled(zone, params->freeze);
 		}
 	} else {
 		if (frozen) {
@ -455,8 +467,8 @@ freezezones(dns_zone_t *zone, void *uap) {
 	level = (result != ISC_R_SUCCESS) ? ISC_LOG_ERROR : ISC_LOG_DEBUG(1);
 	isc_log_write(dns_lctx, DNS_LOGCATEGORY_GENERAL, DNS_LOGMODULE_ZONE,
 		      level, "%s zone '%s/%s'%s%s: %s",
-		      freeze ? "freezing" : "thawing", zonename, classstr, sep,
-		      vname, isc_result_totext(result));
+		      params->freeze ? "freezing" : "thawing", zonename,
+		      classstr, sep, vname, isc_result_totext(result));
 	if (raw != NULL) {
 		dns_zone_detach(&raw);
 	}