BIND 9.20 takes much more time signing a large delegation zone with NSEC3 optout compared to version 9.18. This has been restored.
Closes#5672
Merge branch '5672-nsec3-optout-takes-too-long' into 'main'
See merge request isc-projects/bind9!11354
This is a new seek function for dbiterator that is meant to find an
NSEC3 node in a zone database. The difference with dns_dbiterator_seek
is that if the node does not exist, this seek function will point the
iterator to the next NSEC3 name.
This test signs a large delegation with mostly insecure delegations
with NSEC3 optout. Once the NSEC3PARAM record is published, run
dnssec-verify to ensure the zone is correctly signed.
This MR introduces a specialized rdataset implementation for authoritative workloads, which leads to substantial memory savings in our perflab tests.
Merge branch 'alessio/auth-compact-slabs' into 'main'
See merge request isc-projects/bind9!11269
Add a FOREACH macro modelled around the DNS_RDATASET_FOREACH one, that
uses vecheader directly. Useful when you want to manipulate a vecheader
without binding it to avoid having to take the node lock inside qpzone.c.
Add an implementation of rdataset specialized for authoritative
workloads. For now, it is a copy of rdataslab, with redundant fields
from the header removed.
The `foundname` parameter in `qp.c:dns_qp_lookup` was effectively used only in unit tests, as in every case the name is needed, it can be retrieved directly from the node pointer. It also required an inefficient implementation that extracted the name by converting it into a key and then immediately converting it back.
This MR refactors `qp.c:dns_qp_lookup` not to have a foundname parameter, resulting in a 5% speedup in the handling of NXDOMAIN responses in perflab.
Merge branch 'alessio/qp-no-foundname' into 'main'
See merge request isc-projects/bind9!11339
The removal of the foundname and name parameters from various qp.c
functions led to formatting issues. Restore the correct formatting via
clang-format.
Outside of unit tests, the name parameter in dns_qpiter_<...> and
dns_qpchain_<...> is only used in context where the name can be
extracted directly from the underlying node.
This commits modifies the signatures of dns_qpiter_<...> and
dns_qpchain_<...> not to have a name parameter. Where the name parameter
was needed, we now query the node and copy the name directly from it.
This allows us to remove maybe_set_name from qp.c. Besides simplifying
the API, this leads to a performance speedup for NXDOMAIN handling,
as we avoid calling maybe_set_name inside step, and maybe_set_name is
very inefficient.
A copy of the implementation maybe_set_name is retained for the unit
tests.
The `foundname` parameter in dns_qp_lookup is used only in the unit
tests. This commit simplifies the API by removing it, and modifying the
unit tests to extract the name from pval.
When `dns_name_totext()` is called with a dynamically allocated
target buffer which is too small for the name, it will now resize
the buffer instead of returning `ISC_R_NOSPACE`.
Merge branch 'each-name-totext-resize' into 'main'
See merge request isc-projects/bind9!11289
When dns_name_totext() is called with a dynamically allocated
target buffer which is too small for the name, it will resize
the buffer instead of returning ISC_R_NOSPACE.
This adds more information about the active fetches for debugging and diagnostic purposes.
Merge branch 'ondrej/provide-more-information-in-dns_resolver_dumpfetches' into 'main'
See merge request isc-projects/bind9!11305
It is possible to have a fetch that is active, but it has been cloned,
so it won't be used when found in the hash table. The fetch options
also prevent matching in the hash table, so add a hexadecimal dump of
the fctx->options to the output.
Replace all the `named.conf*.in` files to use jinja2 templates instead. This makes it possible to drop the `copy_setports` function, makes room for further `setup.sh` cleanup, and prepares for future de-duplication of the configs (common settings as well as shared configs within one test dir).
Merge branch 'nicki/convert-to-jinja2-templates' into 'main'
See merge request isc-projects/bind9!11332
- ns3 had fips/rsasha1 config variants. These were refactored similarly
to the way they're handled in nsec3 test.
- ns3 special character zone contains @, which is interpreted by jinja2.
To avoid, {% raw %} directive was added
- ns6 contained unused policies and named2.conf, these were removed
The ns1 named.conf files were sufficiently similar to allow for
de-duplication. No attempt to de-duplicate ns3 was made due to
significant differences among the config files.
- Use a common ns2/named.conf.j2 template for all the "#TN"
replacements. Instead of commenting out with sed, render the template
differently into ns/namedX.conf using variables.
- Keep the final ns2/named7.conf.j2 (formerly ns2/named2.conf.in) as a
separate template for readability due to significant differences.
- The ns3/named.conf.j2 uses has a "#BAD" section that is only included
after restart. Turn it into ns3/named2.conf.
- Since the original config is then restored, keep a copy of it as
ns3/named1.conf using a symlink, causing it to be rendered twice.
- Use jinja2 templates for test* files to render the port number instead
of calling copy_setports in load_db().
- Instead of strings to be replaced by sed, use proper jinja templates.
- ns3/named1.conf.j2 is basically a copy of the default config, because
it needs to be restored later in the test.
- Move ns1/named.conf.j2 to ns1/named2.conf.j2 and adjust the python
test to render this template.
- Convert remaining .in files to .j2 and handle the multiple configs.
- Rename named.conf.j2 to named3.conf.j2 and adjust the python test to
render this template.
- Handle the n2 and ns3 multiple configs as in other similar cases
(ns2/named1.conf.in was moved to ns2/named.conf.j2).
- Merge ns*/statistics-channels.conf.in config snippets into
conditionally rendered section in ns*/named.conf.j2 files.
- Turn ns2/named.conf.in into ns2/named1.conf.j2 because it is used
later in the test to restore the original config.
- Symlink the ns2/named.conf.j2 ns2/named1.conf.j2 to pick a starting
config.
- Change ns2 header into jinja2 template.
- Keep the various ns2 config files as non-templates, same for the
named.default.conf to be consistent.
- Symlink the ns2/named.default.conf as a jinja2 template to pick a
starting config. It is rendered as a template to avoid an error when
the test would overwrite a git-tracked file.
- Use jinja2 templates for the ns3 files, keep named1.conf around
because it's needed later in the test to restore the config. Symlink
it to `ns3/named.conf.j2` to select a default config.
- Merge ns1/tls.options.in into ns1/named.conf.j2 and render it
conditionally. Also conditionally include the additional
ns1/tls.conf.j2 which is always rendered.
- Use multiple templates for ns7 and replace the copy_setports.
- Use jinja2 template for verylarge.in as well.
- Merge options-tls.conf into named.conf in ns2 and ns4 and render it
conditionally. Also conditionally include the additional
named-tls.conf which is always rendered.
- Merge options-tls.conf into named.conf in ns2 and ns4 and render it
conditionally. Also conditionally include the additional
named-tls.conf which is always rendered.
- Use multiple templates for ns3 and ns9 and replace the copy_setports.
- In ns3/named2.conf, use "root2.db" directly rather than replacing it
with "sed" later.
- Replace all named*.in files with jinja2 templates.
- Rename the config files to named.*.conf convention.
- Rename named.plain.in to named.plain.conf.j2 and symlink it as te
default config.
- Rename named.plainconf.in to named.plainlog.conf.j2 (there is a slight
difference from named.plain, despite the similar name)
- Replace named-altX.conf.in with namedX.conf.j2 to stick with the same
naming convention across the entire code base. Note than due to
named1.conf being the first (default) config, the numbers for the altX
are incremented.
- Turn alt9 into named7 to stick with the same number sequence. Adjust
the related file names accordingly.
Render the bad-tsig.db file using jinja2 template to get rid of
copy_setports.
Since the zone is using @ character, use the raw directive to avoid
interpreting it as a variable start.
The following tests use multiple named configs. Previously, these have
been rendered with copy_setports in tests.sh when needed. Transform
these into jinja2 templates and render them during setup. In the tests,
the copy_setports invocations can be then replaced with a simple cp.
This allows rendering multiple named*.conf files using the jinja2
template engine at test start and then simply copying the required
config to named.conf as needed.
This MR adds add some specialized logic to handle IXFR in qpzone, avoiding the need to have one qp transaction per rdataset.
We do this in multiple steps:
- We extend dns_rdatacallbacks_t vtable to allow subtraction and resigning.
- We add a new set of api (begin|commit|abort)update to the dbmethods vtable. These API model an incremental update that can be aborted, and make diff apply use these functions instead of adding the rdatasets directly to the database.
- We add a specialization of dns_rdatacallbacks_t to qpzone that uses a single qp transaction for the entire IXFR.
With this batch API, we see performance improvements over adding one rdataset at a time.
Closes#5442
Merge branch '5442-ixfr-batch-transaction' into 'main'
See merge request isc-projects/bind9!11077
