The name 'isdelegation()' was confusing. This function is not checking
whether this message is a delegation, but whether the denial of
existence proofs in this message is a proof of a referral to an
unsigned zone.
The name 'is_unsecure_referral()' is more appropriate.
(cherry picked from commit e0f09bb374)
The isdelegation() was changed to return an isc_result_t because the
idea was to have a separate return value DNS_R_NSEC3ITERRANGE to signal
to the caller we could not verify the proof because of too many
iterations in the NSEC3 record, or perhaps ISC_R_UNEXPECTED for a more
generic cause that verification was not done.
But this would make error handling more fragile and all we care about
is whether we can reliably say the NS bit was not set.
If we can not reliably say so, we have to treat it as an insecure
referrral.
Since the answer is either yes or no, we can revert back to returning
a boolean value.
(cherry picked from commit 3ac1bb1c39)
Test that a secondary receiving an IXFR transitioning a zone from
unsigned to NSEC-signed returns the correct covering NSEC record
for empty non-terminal names.
Backport of MR !11786
Merge branch 'backport-ondrej/fix-nsec-ixfr-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11798
Test that a secondary receiving an IXFR transitioning a zone from
unsigned to NSEC-signed returns the correct covering NSEC record
for empty non-terminal names.
Add isctest.query.wait_for_serial() shared helper for waiting until
a server has a specific SOA serial.
(cherry picked from commit 8a4990d6ff)
In order to avoid the need to repeat the license header in named.conf
files and zone files, add the paths to REUSE.toml to assign the license.
Backport of MR !11766
Merge branch 'backport-nicki/reuse-cover-configs-and-zones-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11774
In order to avoid the need to repeat the license header in named.conf
files and zone files, add the paths to REUSE.toml to assign the license.
All shared snippets in bin/tests/system/_common and
bin/tests/system/**named.conf* files are covered.
Note that the existing rule **/**.db** already covers zone files. Only
remove the extraneous special-cases.
(cherry picked from commit ef57bd3a02)
Fixed a crash that could occur when running rndc reconfig to change a zone's update policy (e.g., from allow-update to update-policy) while DNS UPDATE requests were being processed for that zone.
ISC would like to thank Vitaly Simonovich for bringing this issue to our attention.
Fixes#5817
Backport of MR !11707
Merge branch 'backport-5817-fix-crash-via-SSU-table-desynchronization-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11739
Pass the SSU table through the update event struct from
send_update() to update_action() instead of reading it from the
zone twice. If rndc reconfig changed the zone's update policy
between the two reads (e.g., from allow-update to update-policy),
send_update() would skip the maxbytype allocation but
update_action() would see a non-NULL ssutable, triggering
INSIST(ssutable == NULL || maxbytype != NULL) and crashing named.
The ssutable reference is now taken once in send_update() and
transferred to update_action() via the event struct, ensuring
both functions see the same value.
(cherry picked from commit c172416559)
The "publish" job has no dependencies on other jobs, so nothing prevents
it from being accidentally started before the scheduled publication
date. Although publication still requires confirmation via an SSH
connection to a dedicated, locked-down runner, performing that action
prematurely may have drastic consequences. Therefore, it is worth
implementing additional safeguards.
Add an extra check to the "publish" job to ensure it can only be run on
the scheduled publication day. In exceptional circumstances, this check
can be overridden by setting the FORCE_PUBLICATION CI variable to any
non-empty value.
(cherry picked from commit ce977f53b9)
The "merge-tag" job currently uses the "manual_release_job_qa" YAML
anchor, which makes it depend on the "staging" job. Meanwhile, this job
requires the tag it was created for to be public for it to work. While
this is harmless, as this job will simply fail if it is run too early,
it still makes sense for it to depend on the "publish" job instead, if
only to reduce confusion in the pipeline view. Adjust the "needs" key
for the "merge-tag" job accordingly.
(cherry picked from commit 722290dce6)
The commit.txt file produced by each Cloudsmith build job is required to
run the corresponding publication job. Therefore, the artifact lifetime
for the former must be long enough to prevent the file from expiring
before the publication job is run. Set the lifetime of the artifacts
created by Cloudsmith build jobs to one month to ensure that the
publication jobs can access them.
(cherry picked from commit ce09f8d0f8)
Setting "artifacts: false" for the dependency on the "publish-private"
job prevents the url-*.txt files produced by that job from being pulled
from GitLab when the jobs that build EVN & -S Cloudsmith packages are
run, effectively breaking the latter. Fix by making these jobs depend
on the artifacts of the "publish-private" job.
(cherry picked from commit b36f17238b)
The "nsec3-delegation" test was added in a release branch, before commit
2441028e72 introduced the current system
test naming convention. Rename the test to comply with that convention.
Backport of MR !11753
Merge branch 'backport-michal/rename-nsec3-delegation-test-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11755
The "nsec3-delegation" test was added in a release branch, before commit
2441028e72 introduced the current system
test naming convention. Rename the test to comply with that convention.
(cherry picked from commit 48bf3d3e65)
Calling `rndc modzone` didn't work properly for a zone hat was configured in
the configuration file. It could crash if BIND 9 was built without LMDB or if
there was already an NZF file for the zone. In addition, `rndc modzone` failed
in subsequent attempts. These problems are now fixed.
Closes#5826
Backport of MR !11743
Merge branch 'backport-5826-fix-modzone-issues-ytatuya-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11746
If a zone is in named.conf, not originally added by rndc addzone,
rndc modzone for that zone succeeds once, but subsequent modzone
attempts fail. This is because do_modzone removes the zone config
from global or view options, but it would fail due to 'not found'
once the config is removed.
The fix is to ensure re-adding the updated zone config to the
global or view options. This also works as a more complete fix
for the issue 85453d3 atempted to solve, ensuring rndc showzone
shows the latest config: it now works for multple attemps of
modzone, and with named that is not built with LMDB.
The change in this commit relies on UNCONST in a few places.
That's not clean, but 'add/mod/delzone' generally seems to
need it (for example, delete_zoneconf uses it to modify the list
of zones). In that sense, this change follows the convention
(for a longer term, there may have to be a better API so that we
can modify config obtions that were once parsed).
(cherry picked from commit f2115e9d58)
This reverts commit 85453d393d.
This commit doesn't seem to be a complete solution of what
it appears to fix: showzone succeeds and shows the modified
config after first modzone, but subsequent attempts of modzone
fail (though not because of the commit being reverted), let
alone showing the correct new config.
Revering the change for now, and will provide a more comprehensive
fix in the next commit.
(cherry picked from commit 17416af248)
If named is built without LMDB and has a zone in named.conf,
then rndc modzone for that zone triggers an assertion failure
unless there's already an NZF file. This is because load_nzf
doesn't create 'nzf_config' when NZF is missing, while a valid
nzf_config is assumed in do_modzone when it tries to add the
modified zone config to add_parser.
The crash is fixed by skipping the call to cfg_parser_mapadd when
nzf_config is NULL. Skipping it should be okay since the config stored
in add_parser would be needed only for subsequently deleting a zone by
rndc delzone when the zone was originally added by rndc addzone, but
in this case the zone was not 'added'. Checking if nzf_config is NULL
before using it also seems to be consistent with other parts of the
implementation.
(cherry picked from commit 2ec6f856e3)
A helper macro that returns the current value of a pointer and sets
it to NULL in one expression, useful for transferring ownership in
designated initializers.
Backport of MR !11724
Merge branch 'backport-ondrej/TAKE_OWNERSHIP-macro-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11737
A helper macro that returns the current value of a pointer and sets
it to NULL in one expression, useful for transferring ownership in
designated initializers.
(cherry picked from commit 0f3be0beb8)
The usage still said the default NSEC3 iterations is 10, but this
has been 0 for a while.
Backport of MR !11727
Merge branch 'backport-matthijs-dnssec-signzone-help-nsec3iter-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11735
The backport added extra line, but forgot to remove the old one.
Merge branch 'backport-ondrej/fix-data-race-on-fctx-result-in-validated-9.18-v2' into 'bind-9.18'
See merge request isc-projects/bind9!11725
Move the write to fctx->vresult after LOCK(&fctx->lock). The field was
being set before acquiring the lock, but dns_resolver_logfetch() reads
it under the same lock from another thread.
Backport of MR !11717
Merge branch 'backport-ondrej/fix-data-race-on-fctx-result-in-validated-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11722
Move the write to fctx->vresult after LOCK(&fctx->lock). The field was
being set before acquiring the lock, but dns_resolver_logfetch() reads
it under the same lock from another thread.
(cherry picked from commit a2bd833909)
Change the convention for system test directory names to always use an
underscore rather than a hyphen. Names using underscore are valid python
package names and can be used with standard `import` facilities in
python, which allows easier code reuse.
Backport of MR !11710
Merge branch 'backport-nicki/system-test-dir-underscore-names-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11712
All system tests previously using a hyphen have been renamed to use
underscore instead. A couple of symlinks were corrected and one path in
`nsec3-answer` adjusted accordingly.
(cherry picked from commit 67aca1f8c6)
Change the convention for system test directory names to always use an
underscore rather than a hyphen. Names using underscore are valid python
package names and can be used with standard `import` facilities in
python, which allows easier code reuse.
The temporary directories for test execution and their convenience
symlinks have been switched to using hyphens rather than underscores to
keep the pytest collection, filtering and .gitignore working as
expected.
(cherry picked from commit 9f4c1d1993)
Calling `rndc modzone` on a zone that was configured in the configuration file caused a crash. This has been fixed.
ISC would like to thank Nathan Reilly for reporting this.
Closes#5800
Backport of MR !11683
Merge branch 'backport-5800-rndc-modzone-non-dynamic-zone-crash-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11699
'rndc modzone' deletes the old configuration. If we don't store the
new zone config, when we do a 'rndc showzone' it will be a failure.
This is not an issue in the 9.21 version, because of the effective
config behavior.
(cherry picked from commit acd0cb508b63b28bbcdefee6b28ff25bce9b7bf4)
If we are modifiying the zone, the zone must have been added before.
Don't overwrite this value on modifications.
Also it feels cleaner to pass added=false to configure_zone() in
do_modzone().
(cherry picked from commit 780872e07e)
(cherry picked from commit fdd5317af70982f65cc7200390c964fe25951c2d)
Some code paths try to lock an already locked view->newzone.lock.
For example, do_modzone() aqcuires the lock and then calls
delete_zoneconf(), that wants to acquire the same lock.
Add a parameter to delete_zoneconf() that informs the function if the
lock has already been acquired.
(cherry picked from commit 71587b0816)
(cherry picked from commit 784185ad1806c7b4ccde96ddcef028d35debc254)
Add test cases for 'rndc showzone' and 'rndc modzone' on a zone
that was configured in named.conf. This should not crash.
(cherry picked from commit 900127c460)
Zero errno before calling strtol.
Closes#5773
Backport of MR !11625
Merge branch 'backport-5773-clear-errno-correctly-9.18' into 'bind-9.18'
See merge request isc-projects/bind9!11704
The previous code was incorrectly clearing errno after calling
strtol but before testing the result rather than clearing it and
then calling strtol so that changes to errno can be correctly
determined.
(cherry picked from commit d3ffa1f007)
