With max-recursion-queries set to 50 the resolver system test was
unstable in the "checking query resolution for a domain with a valid
glueless delegation chain" check as ns1 replied with SERVFAIL.
Closes#4897
Backport of MR !9435
Merge branch 'backport-4897-resolver-ns1-max-recursion-queries-100-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9440
With max-recursion-queries set to 50 the resolver system test was
unstable in the "checking query resolution for a domain with a valid
glueless delegation chain" check as ns1 replied with SERVFAIL.
(cherry picked from commit 8e0244d300)
Move lock earlier in the call sequence to address access without lock report.
```
1559 /*
1560 * Caller must be holding the fctx lock.
1561 */
CID 468796: (#1 of 1): Data race condition (MISSING_LOCK)
1. missing_lock: Accessing fctx->state without holding lock fetchctx.lock. Elsewhere, fetchctx.state is written to with fetchctx.lock held 2 out of 2 times.
1562 REQUIRE(fctx->state == fetchstate_done);
1563
1564 FCTXTRACE("sendevents");
1565
1566 LOCK(&fctx->lock);
1567
```
Closes#4902
Backport of MR !9427
Merge branch 'backport-4902-accessing-fctx-state-without-holding-lock-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9437
fctx->state should be read with the lock held.
1559 /*
1560 * Caller must be holding the fctx lock.
1561 */
CID 468796: (#1 of 1): Data race condition (MISSING_LOCK)
1. missing_lock: Accessing fctx->state without holding lock fetchctx.lock.
Elsewhere, fetchctx.state is written to with fetchctx.lock held 2 out of 2 times.
1562 REQUIRE(fctx->state == fetchstate_done);
1563
1564 FCTXTRACE("sendevents");
1565
1566 LOCK(&fctx->lock);
1567
(cherry picked from commit 43f0b0e8eb)
Backport of MR !9424
Merge branch 'backport-mnowak/avoid-some-artifacts-in-stress-tests-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9428
The `malloc_usable_size()` can return size larger than originally allocated and when these sizes disagree the fortifier enabled by `_FORTIFY_SOURCE=3` detects overflow and stops the `named` execution abruptly. Stop using these convenience functions as they are primary used for introspection-only.
Closes#4880
Backport of MR !9400
Merge branch 'backport-4880-dont-use-malloc_usable_size-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9418
Although the nanual page of malloc_usable_size says:
Although the excess bytes can be over‐written by the application
without ill effects, this is not good programming practice: the
number of excess bytes in an allocation depends on the underlying
implementation.
it looks like the premise is broken with _FORTIFY_SOURCE=3 on newer
systems and it might return a value that causes program to stop with
"buffer overflow" detected from the _FORTIFY_SOURCE. As we do have own
implementation that tracks the allocation size that we can use to track
the allocation size, we can stop relying on this introspection function.
Also the newer manual page for malloc_usable_size changed the NOTES to:
The value returned by malloc_usable_size() may be greater than the
requested size of the allocation because of various internal
implementation details, none of which the programmer should rely on.
This function is intended to only be used for diagnostics and
statistics; writing to the excess memory without first calling
realloc(3) to resize the allocation is not supported. The returned
value is only valid at the time of the call.
Remove usage of both malloc_usable_size() and malloc_size() to be on the
safe size and only use the internal size tracking mechanism when
jemalloc is not available.
(cherry picked from commit d61712d14e)
Fetches generated automatically as a result of 'prefetch' are now
exempt from the 'fetches-per-zone' and 'fetches-per-server' quotas.
This should help in maintaining the cache from which query responses
can be given.
Closes#4219
Backport of MR !9095
Merge branch 'backport-4219-exempt-good-queries-from-fetch-limits-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9420
Add notes to the 'fetches-per-zone' and 'fetches-per-server' clauses
documentation to document that prefetches are exempted.
(cherry picked from commit ad329ddcaa)
Give prefetches a free pass through the quota so that the cache
entries for popular zones could be updated successfully even if the
quota for is already reached.
(cherry picked from commit c7e8b7cf63)
Give prefetches a free pass through the quota so that the cache entry
for a popular zone could be updated successfully even if the quota for
it is already reached.
(cherry picked from commit cada2de31f)
The cross-version-config-tests job fails when a system test is removed
from the upcoming release. To avoid this, remove the system test also
from the $BIND_BASELINE_VERSION.
See the failure mode at https://gitlab.isc.org/isc-projects/bind9/-/jobs/4668947.
Backport of MR !9413
Merge branch 'backport-mnowak/remove-dialup-from-cross-version-config-tests-job-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9415
The cross-version-config-tests job fails when a system test is removed
from the upcoming release. To avoid this, remove the system test also
from the $BIND_BASELINE_VERSION.
(cherry picked from commit 60f5f2a9d9)
This supports bit-for-bit reproducibility of built documentation.
Closes#4886
Backport of MR !9399
Merge branch 'backport-issue-4886/order-preserving-documentation-tags-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9408
The 'set' datatype in Python does not provide iteration-order
guarantees related to insertion-order. That means that its
usage in the 'split_csv' helper function during documentation
build can produce nondeterministic results.
That is non-desirable for two reasons: it means that the
documentation output may appear to vary unnecessarily between
builds, and secondly there could be loss-of-information in cases
where tag order in the source documentation is significant.
This patch implements order-preserving de-duplication of tags,
allowing authors to specify tags using intentional priority
ordering, while also removing tags that appear more than once.
(cherry picked from commit 5a79b36f56)
Milestone is automatically set by 'merged-metadata' CI job to 'Not
released yet' so it does not matter what the original value was.
(cherry picked from commit 73b950dc29)
1. Set milestone to 'Not released yet' after merge
We will set milestone to actual version number when we actually tag a
particular version. This will get rid of mass MR reassignment when we
do last minute changes to a release plan etc.
2. Adjust No CHANGES and Release Notes MR labels to match gitchangelog
workflow.
(cherry picked from commit d1c64d588b)
Previously CI job for the autobackport bot inherited "interruptible:
true" global configuration. This caused premature termination of the job
when another merge was finished before the autobackport job ran to
completion.
(cherry picked from commit 3165261ecd)
It is useful when multiple signers are being used
to sign a zone to able to specify a restricted
range of range of key tags that will be used by an
operator to sign the zone. This adds controls to
named (dnssec-policy), dnssec-signzone, dnssec-keyfromlabel and
dnssec-ksr (dnssec-policy) to specify such ranges.
Closes#4830
Backport of MR !9258
Merge branch 'backport-4830-support-restricted-key-tag-range-when-generating-new-keys-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9396
A new argument has been added to dnssec-keygen and dnssec-keyfromlabel
to restrict the tag value of key generated / imported to a particular
range. This is intended to be used by multi-signers.
Co-authored-by: Suzanne Goldlust <sgoldlust@isc.org>
(cherry picked from commit 0c347fb321)
If there is an algorithm rollover and two keys of different algorithm share the same keytags, then there is a possibility that if we check that a key matches a specific state, we are checking against the wrong key. This has been fixed by not only checking for matching key tag but also key algorithm.
Closes#4878
Backport of MR !9381
Merge branch 'backport-4878-fix-algorithm-rollover-keytag-conflict-bug-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9393
If there is an algorithm rollover and two keys of different algorithm
share the same keytags, then there is a possibility that if we check
that a key matches a specific state, we are checking against the wrong
key.
Fix this by not only checking for matching key id but also key
algorithm.
(cherry picked from commit f37eb33f29)
If there is a keytag conflict between keys with different algorithms,
we need to supply what key algorithm is used so we can get the right
public key.
For clarity, print the algorithm on the found keys after 'check_keys'.
(cherry picked from commit 7bb6d82505)
With the release of BIND 9.19.25 this workaround is not needed anymore.
This reverts commit c58dd6e78f.
Backport of MR !9065
Merge branch 'backport-mnowak/revert-workaround-temporary-cross-version-config-tests-limitation-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9395
Add a new configuration option `offline-ksk` to enable Offline KSK key management. Signed Key Response (SKR) files created with `dnssec-ksr` (or other program) can now be imported into `named` with the new `rndc skr -import` command. Rather than creating new DNSKEY, CDS and CDNSKEY records and generating signatures covering these types, these records are loaded from the currently active bundle from the imported SKR.
The implementation is loosely based on: https://www.iana.org/dnssec/archive/files/draft-icann-dnssec-keymgmt-01.txtCloses#1128
Backport of MR !9119
Merge branch 'backport-1128-offline-ksk-rndc-import-skr-9.20' into 'bind-9.20'
See merge request isc-projects/bind9!9389
Some things we no longer want to do when we are in offline-ksk mode.
1. Don't check for inactive and private keys if the key is a KSK.
2. Don't update the TTL of DNSKEY, CDS and CDNSKEY RRset, these come
from the SKR.
(cherry picked from commit 2e3068ed60)
When it is time to generate a new signature (dns_dnssec_sign), rather
than create a new one, retrieve it from the SKR.
(cherry picked from commit 61cf599fbf)
When we are appending contents of a DNSKEY rdataset to a keylist,
don't attempt to read the private key file of a KSK when we are in
offline-ksk mode.
(cherry picked from commit 30d20b110e)
With offline-ksk enabled, we don't run the keymgr because the key
timings are determined by the SKR. We do update the key states but
we derive them from the timing metadata.
Then, we can skip a other tasks in offline-ksk mode, like DS checking
at the parent and CDS synchronization, because the CDS and CDNSKEY
RRsets also come from the SKR.
(cherry picked from commit 2190aa904f)
When a zone has a skr structure, lookup the currently active bundle
that contains the right key and signature material.
(cherry picked from commit 63e058c29e)