Commit graph

45571 commits

Author SHA1 Message Date
Ondřej Surý
29f0b07e8c fix: dev: Fix data race during rndc dumpdb or zone load
Some checks are pending
CodeQL / Analyze (push) Waiting to run
SonarCloud / Build and analyze (push) Waiting to run
'rndc dumpdb' against a server with zones, and async zone load,
had a timing window where the operation's completion could fire
before the server had finished registering the operation,
occasionally leading to a possible crash.  The completion is now
delivered after the registration is in place.

Closes #5952

Merge branch '5952-fix-masterdump-async-ctx-race' into 'main'

See merge request isc-projects/bind9!11991
2026-05-14 08:52:58 +02:00
Ondřej Surý
8ae464d552
Fix data race in async master dump/load context publication
Bouncing the offload itself to the target loop let the after-work
callback fire on the target thread and run the user's done callback
before the calling thread had published *dctxp / *lctxp.  Enqueue on
the calling loop and bounce only the done callback instead, so the
publish is sequenced before the cross-thread hand-off by construction
and cannot be reintroduced by reordering the entry-point body.
2026-05-14 08:51:39 +02:00
Mark Andrews
2091d703ac fix: usr: Disable output escaping in bind9.xsl
Some checks are pending
CodeQL / Analyze (push) Waiting to run
SonarCloud / Build and analyze (push) Waiting to run
The statistics charts where not displaying on some browsers.
This has been fixed.

Closes #5990

Merge branch '5990-disable-output-escaping-in-bind9-xsl' into 'main'

See merge request isc-projects/bind9!12018
2026-05-14 12:06:41 +10:00
Mark Andrews
9b6c018425 Disable output escaping in bind9.xsl
The statistics charts where not displaying on some browsers (e.g. Chrome)
due to '>' being escaped as '>'.  Use disable-output-escaping="yes" to
turn this off.
2026-05-14 10:00:21 +10:00
Colin Vidal
b4e8e431eb fix: test: Fix cyclic glues (again)
Some checks are pending
CodeQL / Analyze (push) Waiting to run
SonarCloud / Build and analyze (push) Waiting to run
Previous fix `ed90d578b3a98f45eb8bc09966e9c4ab870a156d` uses
`wait_for_line()` by mistake, and the test aims to wait for two log
lines to be printed before continuing.

In principle, `wait_for_all()` should do, but `running` should always be
printed first, so `wait_for_sequence()` seems to be the right fit here.

Merge branch 'colin/fix-cyclic-glues-again' into 'main'

See merge request isc-projects/bind9!12013
2026-05-13 22:31:32 +02:00
Colin Vidal
5655fa9183 Fix cyclic glues (again)
Previous fix `ed90d578b3a98f45eb8bc09966e9c4ab870a156d` uses
`wait_for_line()` by mistake as the test aims to wait for two log lines
to be printed before continuing (and not continuing as soon as one of
them is printed).

Instead, `wait_for_all()` is used since the order between the two
expected log line is not guaranteed.
2026-05-13 22:27:05 +02:00
Michal Nowak
d8e196a76a fix: ci: Don't forward parent yaml variables to stress child pipelines
The global RUNNER_SCRIPT_TIMEOUT: 55m in the parent pipeline was being
forwarded to the stress and tsan:stress child pipelines, where forwarded
yaml variables outrank job-level variables. That caused stress jobs with
BIND_STRESS_TESTS_RUN_TIME >= 60 to be killed at 55 minutes, regardless
of the per-job RUNNER_SCRIPT_TIMEOUT set in the generated child config.

Set forward:yaml_variables: false on both trigger jobs; the generated
configs already declare every variable they need.

Assisted-by: Claude:claude-opus-4-7

Merge branch 'mnowak/fix-stress-test-script-timeout' into 'main'

See merge request isc-projects/bind9!12012
2026-05-13 18:41:42 +02:00
Michal Nowak
73915b73d1 Selectively inherit yaml vars in stress trigger jobs
The parent's global RUNNER_SCRIPT_TIMEOUT: 55m was reaching the stress
and tsan:stress child pipelines via inherited yaml variables, where
inherited values outrank the child's job-level variables. That caused
stress jobs with BIND_STRESS_TESTS_RUN_TIME >= 60 to be killed at 55
minutes, regardless of the per-job RUNNER_SCRIPT_TIMEOUT set in the
generated child config.

Use inherit:variables with a positive list on both trigger jobs:
inherit only CI_REGISTRY_IMAGE so the parent's registry override
(needed for image pulls in the child) flows through, while keeping
RUNNER_SCRIPT_TIMEOUT (and other globals) out of the child pipeline's
variable scope. The per-job RUNNER_SCRIPT_TIMEOUT values set by the
generated child config now take effect.

Assisted-by: Claude:claude-opus-4-7
2026-05-13 17:38:55 +02:00
Michal Nowak
d9e1308363 chg: ci: Set RUNNER_SCRIPT_TIMEOUTs
Some checks are pending
CodeQL / Analyze (push) Waiting to run
SonarCloud / Build and analyze (push) Waiting to run
Merge branch 'mnowak/set-script-timeouts' into 'main'

See merge request isc-projects/bind9!11750
2026-05-12 18:04:29 +02:00
Michal Nowak
7928127d8b Get some useful data out of respdiff even in case of a failure
Assisted-by: Claude:claude-opus-4-7
2026-05-12 17:24:15 +02:00
Michal Nowak
4f410ee1e6 Pass -r option to respdiff.sh
Tell respdiff.sh where to find the respdiff Python tools (msgdiff.py,
diffsum.py, ...) so the in-tree copy from bind9-qa is used.

Assisted-by: Claude:claude-opus-4-7
2026-05-12 17:24:15 +02:00
Michal Nowak
e3d2f5ad94 Set RUNNER_SCRIPT_TIMEOUTs
Sometimes jobs can get stuck and be terminated by GitLab, leaving us
without artefacts that could contain useful information about why the
job got stuck.

Assisted-by: Claude:claude-opus-4-7
2026-05-12 17:24:15 +02:00
Colin Vidal
ed90d578b3 fix: test: Fix cyclic_glue system test
The cyclic_glue system test was waiting for `running` log after
an `rndc reload` command, but wasn't waiting for the log saying a
specific zone which changed has been reloaded `zone <zone>/IN: loaded`.

As a result, the test could randomly fails. This is now fixed.

Closes #5953

Merge branch '5953-fix-cyclic-glue-test' into 'main'

See merge request isc-projects/bind9!12003
2026-05-12 16:42:43 +02:00
Colin Vidal
591317efd7 Fix cyclic_glue system test
The cyclic_glue system test was waiting for `running` log after
an `rndc reload` command, but wasn't waiting for the log saying a
specific zone which changed has been reloaded `zone <zone>/IN: loaded`.

As a result, the test could randomly fails. This is now fixed.
2026-05-12 16:42:31 +02:00
Ondřej Surý
8c4e7d533e chg: usr: Cap glue records cached from a referral
named cached every glue record from a referral, retaining far more
than resolution will ever use.  The number of nameservers and
addresses kept per referral is now bounded in the delegation database.

Closes #5701

Merge branch '5701-limit-the-number-of-GLUE-records' into 'main'

See merge request isc-projects/bind9!11970
2026-05-12 16:17:59 +02:00
Ondřej Surý
ea00ea92fb
Cap glue records cached from a referral
The resolver populated the delegation database with every NS RR and
every glue address from a referral, with no aggregate bound.  Resolution
only ever uses the first max-delegation-servers NS owners and a handful
of addresses per NS, so anything beyond that is dead memory.

Stop the NS loop in cache_delegns() at view->max_delegation_servers and
cap each glue rdataset at DELEG_MAX_GLUES_PER_NS (20) addresses, so each
NS owner contributes at most 20 A and 20 AAAA glues.
2026-05-12 16:17:24 +02:00
Michal Nowak
729a145789 new: ci: Add Ubuntu 26.04 Resolute Raccoon
Some checks are pending
CodeQL / Analyze (push) Waiting to run
SonarCloud / Build and analyze (push) Waiting to run
Merge branch 'mnowak/ubuntu-26.04-resolute-raccoon' into 'main'

See merge request isc-projects/bind9!11812
2026-05-11 18:36:17 +02:00
Michal Nowak
9978393c36
Do not run Noble Numbat unit test job in MRs 2026-05-11 17:56:34 +02:00
Michal Nowak
14457ec326
Add Ubuntu 26.04 Resolute Raccoon 2026-05-11 17:56:34 +02:00
Michał Kępień
b986bab60a chg: ci: Add commit link and diff to RPM build job logs
The output of update_rpms.py is terse, making it difficult to verify its
actions.  Add a commit link and "git show" output to the log of every CI
job running the update_rpms.py script in "build" mode to facilitate
double-checking its actions.

Merge branch 'michal/add-commit-link-and-diff-to-rpm-build-job-logs' into 'main'

See merge request isc-projects/bind9!11828
2026-05-11 17:43:55 +02:00
Michał Kępień
6d51073f22
Add commit link and diff to RPM build job logs
The output of update_rpms.py is terse, making it difficult to verify its
actions.  Add a commit link and "git show" output to the log of every CI
job running the update_rpms.py script in "build" mode to facilitate
double-checking its actions.
2026-05-11 17:41:50 +02:00
Michał Kępień
e5bbed78b1 fix: ci: Increase GIT_DEPTH for the "assign-milestones" job
Cloning tags with the default GIT_DEPTH of 1 prevents the milestone
assignment script from identifying any merge requests that are included
in a given release.  Fix by increasing GIT_DEPTH to an arbitrary value
that is high enough for practical purposes.

The GIT_DEPTH CI variable defaults to 1 for all jobs through the
top-level "variables" key.  Explicitly setting it to 1 in job
definitions is unnecessary and may cause confusion.  Remove these
redundant assignments.

Merge branch 'michal/fix-assign-milestones-job' into 'main'

See merge request isc-projects/bind9!11996
2026-05-11 16:23:16 +02:00
Michał Kępień
703ad9a6de
Remove redundant "GIT_DEPTH: 1" assignments
The GIT_DEPTH CI variable defaults to 1 for all jobs through the
top-level "variables" key.  Explicitly setting it to 1 in job
definitions is unnecessary and may cause confusion.  Remove these
redundant assignments.
2026-05-11 16:07:47 +02:00
Michał Kępień
bac4a57759
Increase GIT_DEPTH for the "assign-milestones" job
Cloning tags with the default GIT_DEPTH of 1 prevents the milestone
assignment script from identifying any merge requests that are included
in a given release.  Fix by increasing GIT_DEPTH to an arbitrary value
that is high enough for practical purposes.
2026-05-11 16:07:47 +02:00
Michal Nowak
15854d4a85 new: test: Add isctest.transfer.transfer_message() helper and convert tests
Add a new helper function, `isctest.transfer.transfer_message()`, to
`bin/tests/system/isctest/transfer.py` that generates the log message
produced by `xfrin_log()` in `lib/dns/xfrin.c` for an incoming zone
transfer:

    transfer of '<zone>/IN' from <source_ns>#<port>: <msg>

The explicit use of `port` matches current shell system usage.

Interface
---------
    transfer_message(zone, source_ns, msg, port=None)

-  zone      - zone name without class (e.g. "example.com")
-  source_ns - IP string, or None to wildcard the source address
-  msg       - the transfer-level message
              (e.g. "Transfer status: success")
-  port      - integer source port, or None to wildcard the port number

When both source_ns and port are concrete values a plain str is returned
and `wait_for_line()` treats it as a literal substring match.  Whenever
either is `None` a compiled `re.Pattern` is returned, with the unknown part
replaced by a constrained wildcard:

-  source_ns=None, port=None      -> from .*#[0-9]+:
-  source_ns=None, port=53        -> from .*#53:
-  source_ns="1.2.3.4", port=None -> from 1.2.3.4#[0-9]+:
-  source_ns="1.2.3.4", port=N   -> "from 1.2.3.4#N:"  (plain str)

The port wildcard is [0-9]+ (not .*) because a port is always numeric.

Convert all hard-coded transfer log patterns in the Python system tests
to use transfer_message().

Notable cases:
- `mirror_root_zone`: source_ns=None (live internet, any root server),
  port=53.
- `cipher_suites`: source_ns="10.53.0.1", port=None (each zone transfers
  over a different TLS port).
- `test_under_signed_transfer`: parametrize gains a boolean xfrin_msg
  flag to distinguish messages that go through xfrin_log() from
  lower-level TSIG errors that do not.

Testing
-------
All system tests pass under `pytest -n auto`. The `mirror_root_zone`
live-internet test was also verified separately with
`CI_ENABLE_LIVE_INTERNET_TESTS=1`.

LLM usage
---------
This commit was produced in an interactive session with Claude Code
(Claude Sonnet 4.6), guided step by step by a human reviewer.

Closes #5735

Merge branch '5735-make-transfer-message-formatter' into 'main'

See merge request isc-projects/bind9!11796
2026-05-11 15:34:30 +02:00
Michal Nowak
27ee27d4e3
Add isctest.transfer.transfer_message() helper and convert tests
Add a new helper function, isctest.transfer.transfer_message(), to
bin/tests/system/isctest/transfer.py that generates the log message
produced by xfrin_log() in lib/dns/xfrin.c for an incoming zone
transfer:

    transfer of '<zone>/IN' from <source_ns>#<port>: <msg>

The helper always returns a compiled re.Pattern.  source_ns and port
each accept None to match any source address / port.  msg accepts
either a plain str (regex-escaped automatically) or a compiled
re.Pattern (spliced into the regex as-is), so callers that need regex
syntax in the message part can pass Re(r"...") without having to
wrap the whole result.

source_ns is passed through re.escape() when provided, so dots in
IPv4 addresses (e.g. "10.53.0.1") match a literal dot rather than
any character.

Convert the existing call sites across the system tests to use the
new helper.

Co-Authored-By: Nicki Křížek <nicki@isc.org>
Assisted-by: Claude:claude-sonnet-4-6
Assisted-by: Claude:claude-opus-4-7
2026-05-11 15:31:41 +02:00
Alessio Podda
f65c5b0ab6 chg: dev: Make dns_glue_t private to qpzone
The dns_glue struct currently contains four dns_rdataset structs to hold
the glue. These structs are over 100 bytes each because they need to be
able to hold data for multiple types of databases.

Since the dns_glue_t type is only used by qpzone, we can instead hold pointers
to the vecheaders directly, and only bind the vecheaders to the
rdatasets when adding the glue to the message.

This leads to a 33% memory reduction in some authoritative benchmarks.

Merge branch 'alessio/glue-ozempic' into 'main'

See merge request isc-projects/bind9!11801
2026-05-11 12:52:17 +00:00
Alessio Podda
ffbab8ce23 Clean up comments
A comment was still referencing the rdataset attribute, now it has been
fixed.
2026-05-11 10:28:20 +02:00
Alessio Podda
8d753ab0b8 Add leak test
Add a test to ensure that the rdataset queried when adding glue is not
leaked.
2026-05-11 10:28:20 +02:00
Alessio Podda
52edb98e3c Delay binding glue to rdataset
The dns_glue struct currently contains four dns_rdataset structs to hold
the glue. These structs are over 100 bytes each because they need to be
able to hold data for multiple types of databases.

Since the dns_glue_t type is only used by qpzone, we can instead hold
pointers to the vecheaders directly, and only bind the vecheaders to
the rdatasets when adding the glue to the message.
2026-05-11 10:28:20 +02:00
Alessio Podda
d7a5a2e86b Make dns_glue_t private to qpzone
The dns_glue_t, dns_gluelist_t and dns_glue_additionaldata_ctx types are
only used in qpzone.c. This commits moves them to the private header
qpzone_p.h.

This is done in preparation of a followup commit that will refactor them
to use types that are private to qpzone.
2026-05-11 10:22:25 +02:00
Michał Kępień
acc64014a8 fix: ci: Fix triggering rules for the "publish-cleanup" job
The "publish-cleanup" tag pipeline job is currently created for all
security releases, including BIND -S releases, but it depends on the
"publish" job, which is only created for open source releases.  This
breaks CI configuration for BIND -S tags, preventing pipelines from
getting created for such tags altogether.  Fix by only creating the
"publish-cleanup" job in tag pipelines for open source security
releases.

Merge branch 'michal/fix-triggering-rules-for-the-publish-cleanup-job' into 'main'

See merge request isc-projects/bind9!11992
2026-05-11 10:09:09 +02:00
Michał Kępień
bb40c34638
Fix triggering rules for the "publish-cleanup" job
The "publish-cleanup" tag pipeline job is currently created for all
security releases, including BIND -S releases, but it depends on the
"publish" job, which is only created for open source releases.  This
breaks CI configuration for BIND -S tags, preventing pipelines from
getting created for such tags altogether.  Fix by only creating the
"publish-cleanup" job in tag pipelines for open source security
releases.
2026-05-11 10:07:38 +02:00
Michał Kępień
9798712a5e chg: ci: Mark merged security fixes as "Not released yet"
Adjust the triggering rules for the "merged-metadata" CI job so that
merge requests merged into security-* branches are automatically
assigned to the "Not released yet" milestone, just like merge requests
targeting public branches.  This enables merge requests containing
security fixes to be correctly processed by release automation scripts.

Merge branch 'pspacek/extend-not-released-yet-milestone' into 'main'

See merge request isc-projects/bind9!11984
2026-05-07 18:05:37 +02:00
Petr Špaček
afdf7bed60
Mark merged security fixes as "Not released yet"
Adjust the triggering rules for the "merged-metadata" CI job so that
merge requests merged into security-* branches are automatically
assigned to the "Not released yet" milestone, just like merge requests
targeting public branches.  This enables merge requests containing
security fixes to be correctly processed by release automation scripts.
2026-05-07 17:58:33 +02:00
Michał Kępień
4fa9cde800 chg: ci: Enable automatic backports for security fixes
Ensure the "backports" CI job is created when new changes are merged
into security-* branches.  This enables using backport automation for
security fixes.

Merge branch 'michal/extend-automatic-backports' into 'main'

See merge request isc-projects/bind9!11938
2026-05-07 17:51:36 +02:00
Michał Kępień
88b94a2019
Enable automatic backports for security fixes
Ensure the "backports" CI job is created when new changes are merged
into security-* branches.  This enables using backport automation for
security fixes.
2026-05-07 17:45:35 +02:00
Andoni Duarte
de9da7e2a0 chg: doc: Set up version for BIND 9.21.23
Merge branch 'andoni/set-up-version-for-bind-9.21.23' into 'main'

See merge request isc-projects/bind9!11980
2026-05-07 08:30:20 +00:00
Andoni Duarte Pintado
3331366e1f Update BIND version to 9.21.23-dev 2026-05-07 10:27:23 +02:00
Evan Hunt
a6b44a6007 fix: dev: Check validator name when adding EDE text
When a validator is being shut down, the associated name
`val->name` is set to NULL.  This could cause a crash if a worker
thread subsequently added an EDE code with `val->name` in the
extra text.

`validator_addede()` now checks whether the name is NULL before
trying to add it to the extra text.

Closes #5613

Merge branch 'each-validator-log-after-shutdown' into 'main'

See merge request isc-projects/bind9!11945
2026-05-06 20:48:11 +00:00
Evan Hunt
2c60870527 check for val->name == NULL when adding EDE text
When a validator is being shut down, the associated name
`val->name` is set to NULL.  This could cause a crash if a worker
thread subsequently added an EDE code to the response containing
val->name in the extra text.

`validator_addede()` now checks whether the name is NULL before
trying to add it to the extra text.
2026-05-06 20:47:43 +00:00
Arаm Sаrgsyаn
774e08dee3 fix: usr: Fix a bug in allow-query/allow-transfer catalog zone custom properties
The :iscman:`named` process could terminate unexpectedly when
processing a catalog zone with an invalid ``allow-query`` or
``allow-transfer`` custom property (i.e. having a non-APL type)
coexisting with the valid property. This has been fixed.

Closes #5941

Merge branch '5941-catz-catz_process_apl-bug-fix' into 'main'

See merge request isc-projects/bind9!11954
2026-05-06 19:36:35 +00:00
Aram Sargsyan
67e0090371 Fix a bug in catz_process_apl()
The allow-transfer/allow-query catalog zone custom properties support
only APL RRtypes. All other types are correctly rejected by the
catz_process_apl() function. However, when an APL RRtype is processed
by that function, and another (non-APL) RRtype is then attempted to be
processed, there is an assertion failure happening in the prologue
of the function because `*aclbp != NULL` (i.e. an APL has been already
processed). Move the code to do type checking before the affected
REQUIRE assertion.
2026-05-06 19:35:23 +00:00
Aram Sargsyan
a4f05a26ad Add a catz test with invalid allow-transfer property
Check that invalid/unexpected RRtypes coexisting with a valid APL
RRtype does not cause an assertion failure.
2026-05-06 19:35:23 +00:00
Arаm Sаrgsyаn
deb3694a63 fix: usr: Fix a memory leak issue in the catalog zones
The :iscman:`named` process could leak small amounts of memory
when processing a catalog zone entry which had defined custom
primary servers with TSIG keys using both the regular ``primaries``
custom property syntax and the legacy alternative syntax (``masters``)
at the same time. This has been fixed.

Closes #5943

Merge branch '5943-catz-primaries-tsig-key-name-leak-fix' into 'main'

See merge request isc-projects/bind9!11951
2026-05-06 18:18:58 +00:00
Aram Sargsyan
4576a67a93 Fix a memory leak issue in catz_process_primaries()
Free the old version of the keyname (if it exists) before setting
the new one.
2026-05-06 17:30:51 +00:00
Aram Sargsyan
4f5f4b77c7 Add a catz test with a duplicate primaries entry (alternative syntax)
This new check ads a catalog member zone with both variants of
the labeled primaries/masters property. This should not cause
any issues.
2026-05-06 17:30:51 +00:00
Ondřej Surý
3c60322fa3 fix: usr: Prevent a crash when using both dns64 and filter-aaaa
An assertion failure could be triggered if both `dns64` and the `filter-aaaa` plugin were in use simultaneously. This happened if the plugin triggered a second recursion process, which then attempted to store DNS64 state information in a pointer that had already been set by the original recursion process. This has been fixed.

Closes #5854

Merge branch '5854-dns64-aaaaok' into 'main'

See merge request isc-projects/bind9!11949
2026-05-06 06:46:42 +02:00
Evan Hunt
7213b038f0 Clear dns64_aaaaok immediately after use
The DNS64 state information stored in client->query.dns64_aaaaok
could cause an assertion failure in query_respond() if the server
was configured in such a way as to trigger a new recursion before
the query had been reset - for example, by using the filter-aaaa
plugin, which may need to recurse to find out whether an A record
exists.

This has been addressed by clearing DNS64 state information
immediately after the call to query_filter64().
2026-05-06 06:46:32 +02:00
Evan Hunt
82f67fc633 fix: dev: Fix a stack use-after-free in qpzone
In previous_closest_nsec(), a new qpreader was opened to search the NSEC
tree. It was possible for that to be used to update a QP iterator object
owned by the caller, and then be destroyed when the function returned.

This qpreader object isn't necessary anymore; since namespaces were
added to the QP trie in commit 15653c54a0, we can now just reuse the
existing reader for the main tree.

Closes #5942

Merge branch '5942-qpiter-fix' into 'main'

See merge request isc-projects/bind9!11955
2026-05-05 23:19:59 +00:00