The "tkey-domain" statement has effectively been a no-op since commit
bd4576b3ce, which removed the only bit of
code using it: the logic implementing TKEY Mode 2 (Diffie-Hellman).
A subsequent cleanup commit, 885c132f4a,
also missed the opportunity to remove the "tkey-domain" statement
altogether.
Mark the "tkey-domain" statement as obsolete and remove all code and
documentation related to it.
This is a follow-up of !10895 where the keystore pointer was removed
from the zone (as not specific to the zone) and moved to the view. But
in order to avoid adding extra lifecycle dependencies from the zone to
the view, the keystore pointer is now moved to the zonemgr, which also
makes more sense as this is a global settings, and zonemgr wraps a bunch
of other global settings to be accessibles from the zones.
Because the zonemgr lifecycle is the same of the keystores (which are
both depending on named_g_server) this should be a safe change.
Clang 20 is complaining about passing NULL to an argument with 'nonnull'
attribute. Mark these two functions with the same attribute to assure
that these two function also don't accept NULL as an argument.
Testing all combinations seems unnecessary but is cheap.
I was too lazy to run this against all tools we have. nsupdate was
chosen because it is one of few tools which actually use stdin and the
original issue was reproducible even without any network communication,
which was not the case for simple dig invocation.
Sorry for new shell test but doing this in Python seemed very
complicated and fragile.
When dns_catz_zone_add() returns ISC_R_EXISTS and there is no
'default-primaries' or 'default-masters', the ISC_R_EXISTS result
code doesn't get reset to ISC_R_SUCCESS, and the function returns
ISC_R_EXISTS instead of ISC_R_SUCCESS. Which means that the zone
is successfully added, but the caller assumes that the function has
failed.
Reset 'result' to ISC_R_SUCCESS when dns_catz_zone_add() returns
ISC_R_EXISTS (it's not an error condition).
Refactor the code go call dns_catz_zone_add() when all other error
conditions are already checked.
The list of keystores is owned by the single server object
(named_g_server), but dns_zone_t has a pointer into it in order to
preserve encapsulation (lib/dns won't link to bin/named for good
reasons).
However, getting the keystores from the zone uses the zone lock whereas
this is not needed (as the pointer value doesn't depends on the zone,
and is initialized only with the same named_g_server->keystores value);
also storing an extra pointer per zone is not needed; also, there was a
logic based on the zone->secure property which was not needed (as there
is only one keystore).
The keystores pointer is now accessible and lock-free at view level,
it also simplifies a bit the various zone configuration APIs (server.c,
zoneconf.c).
Test whether 'servfail-until-ready yes' works by enabling slow
RPZ loading with a USDT probe activation, and checking that named
returns SERVFAIL during the initial RPZ zones processing stage.
The test requires SystemTap (stap, dtrace) to activate the USDT
probe.
By default, when named is started it may start answering to
queries before the response policy zones are completely loaded
and processed. This new feature gives an option to the users to
tell named that incoming requests should result in SERVFAIL anwser
until all the response policy zones are procesed and ready.
During the initial configuration of named after startup, 'first_time'
is true. This is needed for implementing the new 'servfail-until-ready'
configuration option, which should take into effect only during the
initial configuration.
If we hit an error when issuing an 'rndc dnssec -step' command, and the
keymgr runs again at a later scheduled time, we don't want to enforce
transitions.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commits.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to the previous commit that tests CSK algorithm rollover.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Update check_rollover_step to return the found keys. This can be used
to test that keymgr-manual-mode messages are correctly logged.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Key state transitions may be blocked by manual-mode, meaning key
timing metadata may not be respected and can be inaccurate. For these
tests use the state values to determine whether the DNSKEY/CDS/CDNSKEY
RRset must be published or not.
When a key retire, key generation/introduction, or a state transition
to RUMOURED/UNRETENTIVE should happen, instead they are logged.
When those logs look good, you can run 'rndc dnssec -step' to run the
keymgr and apply those steps.
Add a new option 'manual-mode' to 'dnssec-policy'. The intended
use is that if it is enabled, it will not automatically move to the
next state transition (RUMOURED, UNRETENTIVE), only after manual
confirmation. The intended state transition should be logged.
This is a follow-up from the test cases that were added long time ago
that cover migrating to dnssec-policy.
The test covers legacy keys that do not have the SyncPublish timing
metadata set.
Various test cases where legacy keys exist and are used to migrate to
dnssec-policy. These once existed as shell script but were removed
because auto-dnssec was removed. But the test cases are still useful
if one wants to migrate to dnssec-policy with such legacy keys.
The tests were previously removed in commit
906dd57b68 as part of MR !8085.
When migrating to dnssec-policy, keys that do not match will not have
a lifetime set. Adjust the test code to allow for that. Setting '-'
in a key properties string signals lifetime is expected not to be set.
If we are migrating keys, we should take the existing key timing
metadata to initialise the state values. These tests will only setup
keys with Publish/Activate/SyncPublish times, because the Retire and
Remove timings will still need to be adjusted to the DNSSEC policy.
> Put a space before opening parentheses only after control statement
> keywords (for/if/while...) except this option doesn’t apply to ForEach
> and If macros. This is useful in projects where ForEach/If macros are
> treated as function calls instead of control statements.
Use dns_rdatatype_none instead of plain '0' for dns_rdatatype_t and
dns_typepair_t manipulation. While plain '0' is technically ok, it
doesn't carry the required semantic meaning, and using the named
dns_rdatatype_none constant makes the code more readable.
There was an apparent typo where rdatalist->covers would be assigned the
same value as rdatalist->type. As nsupdate can't update signatures, the
covers must be dns_rdatatype_none.
All databases in the codebase follow the same structure: a database is
an associative container from DNS names to nodes, and each node is an
associative container from RR types to RR data.
Each database implementation (qpzone, qpcache, sdlz, builtin, dyndb) has
its own corresponding node type (qpznode, qpcnode, etc). However, some
code needs to work with nodes generically regardless of their specific
type - for example, to acquire locks, manage references, or
register/unregister slabs from the heap.
Currently, these generic node operations are implemented as methods in
the database vtable, which creates problematic coupling between database
and node lifetimes. If a node outlives its parent database, the node
destructor will destroy all RR data, and each RR data destructor will
try to unregister from heaps by calling a virtual function from the
database vtable. Since the database was already freed, this causes a
crash.
This commit breaks the coupling by standardizing the layout of all
database nodes, adding a dedicated vtable for node operations, and
moving node-specific methods from the database vtable to the node
vtable.
Previously, symlinks and relative directory imports were used in test
modules. This caused a name clash when a shared code module "common.py"
was introduced for a different test. To avoid the issue, use full paths
in imports.
Move tests which use different configuration to dedicated modules to
avoid possible interference with other tests.
Parametrize the test cases to have a dedicated test for each server
configuration.
Turn the check_filter() comments into log messages to help with
debugging.
cut down the number of identical lines in the filter-aaaa test:
- replace identical test cases with small check functions
(check_aaaa_only, check_any, check_nodata, etc).
- group those together into large check functions (check_filter,
check_filter_other_family) that have options for recursive and
break_dnssec, then run those for each combination of options
on servers connfigured with filter-aaaa-on-v4 and filter-aaaa-on-v6.
Previously the location of the .hypothesis directory would depend on the
current working directory when running pytest.
Set the HYPOTHESIS_STORAGE_DIRECTORY explicitly.
When the zone is configured with a CNAME override policy, the EDE code
is not added as expected. Add a test case based on the issue in GitLab
(#5342).
When the zone contains a wildcard CNAME, the EDE code is not added as
expected. Also add a test case for this.
This required couple of internal changes to the isc_mem_debugging.
The isc_mem_debugging is now internal to isc_mem unit and there are
three new functions:
1. isc_mem_setdebugging() can change the debugging setting for an
individual memory context. This is need for the memory contexts used
for OpenSSL, libxml and libuv accounting as recording and tracing
memory is broken there.
2. isc_mem_debugon() / isc_mem_debugoff() can be used to change default
memory debugging flags as well as debugging flags for isc_g_mctx.
Additionally, the memory debugging is inconsistent across the code-base.
For now, we are keeping the existing flags, but three new environment
variables have been added 'ISC_MEM_DEBUGRECORD', 'ISC_MEM_DEBUGTRACE'
and 'ISC_MEM_DEBUGUSAGE' to set the global debugging flags at any
program using the memory contexts.
