From ee3391a1460cd80b910136a65f44b6400b5e38fe Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Thu, 19 Feb 2026 13:44:23 +0100 Subject: [PATCH 1/3] Fix assertion failure when sending notify fails over UDP When dns_request_create() fails in notify_send_toaddr() the TSIG key was not cleared when retrying over TCP causing assertion failure. Set the TSIG key to NULL in the dns_message to prevent the assertion failure. --- lib/dns/request.c | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/dns/request.c b/lib/dns/request.c index 93c868ecfd..64a4602e62 100644 --- a/lib/dns/request.c +++ b/lib/dns/request.c @@ -632,6 +632,7 @@ again: cleanup: if (result != ISC_R_SUCCESS) { + dns_message_settsigkey(message, NULL); req_cleanup(request); dns_request_detach(&request); req_log(ISC_LOG_DEBUG(3), "%s: failed %s", __func__, From 5a5bc6de223afc867f22d19bd9666eaf39e2b877 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Ond=C5=99ej=20Sur=C3=BD?= Date: Thu, 19 Feb 2026 13:44:28 +0100 Subject: [PATCH 2/3] Don't retry notify over TCP if it could not successed Prevent retrying the notify over TCP in case the source address is not available or the source vs the destination address family mismatch or when the destination address has been blackholed. Properly log the hard notify failures. --- lib/dns/notify.c | 28 ++++++++++++++++++++-------- 1 file changed, 20 insertions(+), 8 deletions(-) diff --git a/lib/dns/notify.c b/lib/dns/notify.c index 0ceb5b30d7..98396c25aa 100644 --- a/lib/dns/notify.c +++ b/lib/dns/notify.c @@ -464,7 +464,8 @@ again: isc_tlsctx_cache_detach(&zmgr_tlsctx_cache); - if (result == ISC_R_SUCCESS) { + switch (result) { + case ISC_R_SUCCESS: if (isc_sockaddr_pf(¬ify->dst) == AF_INET) { dns__zone_stats_increment( notify->zone, dns_zonestatscounter_notifyoutv4); @@ -472,14 +473,25 @@ again: dns__zone_stats_increment( notify->zone, dns_zonestatscounter_notifyoutv6); } - } else if (result == ISC_R_SHUTTINGDOWN || result == ISC_R_CANCELED) { - goto cleanup_key; - } else if ((notify->flags & DNS_NOTIFY_TCP) == 0) { + break; + case ISC_R_SHUTTINGDOWN: + case ISC_R_CANCELED: + case ISC_R_ADDRNOTAVAIL: + case DNS_R_BLACKHOLED: + case ISC_R_FAMILYNOSUPPORT: notify_log(notify, ISC_LOG_NOTICE, - "notify(%s) to %s failed: %s: retrying over TCP", - typebuf, addrbuf, isc_result_totext(result)); - notify->flags |= DNS_NOTIFY_TCP; - goto again; + "notify(%s) to %s failed: %s", typebuf, addrbuf, + isc_result_totext(result)); + break; + default: + if ((notify->flags & DNS_NOTIFY_TCP) == 0) { + notify_log(notify, ISC_LOG_NOTICE, + "notify(%s) to %s failed: %s: retrying over " + "TCP", + typebuf, addrbuf, isc_result_totext(result)); + notify->flags |= DNS_NOTIFY_TCP; + goto again; + } } cleanup_key: From f99d7f421767bf709859f72368e5c0ac6bce2e6a Mon Sep 17 00:00:00 2001 From: Mark Andrews Date: Wed, 1 Oct 2025 14:49:33 +1000 Subject: [PATCH 3/3] Check notify with bad notify source address and tsig named was asserting when the notify source address was not available and TSIG was being used. Check this scenario by adding a nameserver to the zone which is configured to uses a non-existent source address and a blackholed destination address and a TSIG using a server clause for that destination address. --- bin/tests/system/notify/ns2/named.conf.j2 | 16 ++++++++++++++++ bin/tests/system/notify/setup.sh | 1 + bin/tests/system/notify/tests.sh | 13 +++++++++++++ bin/tests/system/notify/tests_sh_notify.py | 2 ++ 4 files changed, 32 insertions(+) diff --git a/bin/tests/system/notify/ns2/named.conf.j2 b/bin/tests/system/notify/ns2/named.conf.j2 index 6ef327398d..3fe8caa390 100644 --- a/bin/tests/system/notify/ns2/named.conf.j2 +++ b/bin/tests/system/notify/ns2/named.conf.j2 @@ -97,3 +97,19 @@ zone x18 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; }; zone x19 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; }; zone x20 { type primary; file "generic.db"; also-notify { 10.53.0.3; }; }; zone x21 { type primary; file "x21.db"; allow-update { any; }; also-notify { x21; }; }; + +key 10.53.0.53 { + algorithm hmac-sha256; + secret "aaaabbbbccccddddeeeeffffgggghhhhiiii"; +}; + +server 10.53.0.53 { + notify-source 198.51.100.0; // non existant / not configured + keys 10.53.0.53; +}; + +zone "change-ns" { + type primary; + file "change-ns.db"; + allow-update { any; }; +}; diff --git a/bin/tests/system/notify/setup.sh b/bin/tests/system/notify/setup.sh index 5948652d13..4c8c104be1 100644 --- a/bin/tests/system/notify/setup.sh +++ b/bin/tests/system/notify/setup.sh @@ -15,3 +15,4 @@ cp -f ns2/example1.db ns2/example.db cp -f ns2/generic.db ns2/x21.db +cp -f ns2/generic.db ns2/change-ns.db diff --git a/bin/tests/system/notify/tests.sh b/bin/tests/system/notify/tests.sh index 3beb52ae9a..668573bdce 100644 --- a/bin/tests/system/notify/tests.sh +++ b/bin/tests/system/notify/tests.sh @@ -237,5 +237,18 @@ nextpartreset ns3/named.run wait_for_log 30 'retries exceeded' ns3/named.run || ret=1 test_end +test_start "checking notify with bad notify source address and tsig" +$NSUPDATE <dig.out.test$n || ret=1 +grep "ns2.change-ns." dig.out.test$n >/dev/null || ret=1 +test_end + echo_i "exit status: $status" [ $status -eq 0 ] || exit 1 diff --git a/bin/tests/system/notify/tests_sh_notify.py b/bin/tests/system/notify/tests_sh_notify.py index 74c626b76b..f4a425533b 100644 --- a/bin/tests/system/notify/tests_sh_notify.py +++ b/bin/tests/system/notify/tests_sh_notify.py @@ -15,6 +15,8 @@ pytestmark = pytest.mark.extra_artifacts( [ "awk.out.*", "dig.out.*", + "ns2/change-ns.db", + "ns2/change-ns.db.jnl", "ns2/example.db", "ns2/named-tls.conf", "ns2/x21.db*",