When dns_catz_zone_add() returns ISC_R_EXISTS and there is no
'default-primaries' or 'default-masters', the ISC_R_EXISTS result
code doesn't get reset to ISC_R_SUCCESS, and the function returns
ISC_R_EXISTS instead of ISC_R_SUCCESS. Which means that the zone
is successfully added, but the caller assumes that the function has
failed.
Reset 'result' to ISC_R_SUCCESS when dns_catz_zone_add() returns
ISC_R_EXISTS (it's not an error condition).
Refactor the code go call dns_catz_zone_add() when all other error
conditions are already checked.
In gcc 15, __builtin_stdc_rotate_{left,right} was added. Use these
builtins when available otherwise rewrite the ISC_ROTATE_LEFT and
ISC_ROTATE_RIGHT using _Generic.
Merge branch 'ondrej/use-__builtin_stdc_rotate_left_right' into 'main'
See merge request isc-projects/bind9!10893
In gcc 15, __builtin_stdc_rotate_{left,right} was added. Use these
builtins when available otherwise rewrite the ISC_ROTATE_LEFT and
ISC_ROTATE_RIGHT using _Generic.
The list of keystores is owned by the single server object
(named_g_server), but dns_zone_t has a pointer into it in order to
preserve encapsulation (lib/dns won't link to bin/named for good
reasons).
However, getting the keystores from the zone uses the zone lock whereas
this is not needed (as the pointer value doesn't depends on the zone,
and is initialized only with the same named_g_server->keystores value);
also storing an extra pointer per zone is not needed; also, there was a
logic based on the zone->secure property which was not needed (as there
is only one keystore).
The keystores pointer is now accessible and lock-free at view level,
it also simplifies a bit the various zone configuration APIs (server.c,
zoneconf.c).
Merge branch 'colin/move-keystore-to-view' into 'main'
See merge request isc-projects/bind9!10895
The list of keystores is owned by the single server object
(named_g_server), but dns_zone_t has a pointer into it in order to
preserve encapsulation (lib/dns won't link to bin/named for good
reasons).
However, getting the keystores from the zone uses the zone lock whereas
this is not needed (as the pointer value doesn't depends on the zone,
and is initialized only with the same named_g_server->keystores value);
also storing an extra pointer per zone is not needed; also, there was a
logic based on the zone->secure property which was not needed (as there
is only one keystore).
The keystores pointer is now accessible and lock-free at view level,
it also simplifies a bit the various zone configuration APIs (server.c,
zoneconf.c).
Under certain circumstances, BIND 9 can return SERVFAIL when updating
existing entries in the cache with new NS, A, AAAA, or DS records with 0-TTL.
Closes#5294
Merge branch '5294-preserve-ZEROTTL-on-cache-update' into 'main'
See merge request isc-projects/bind9!10897
Under certain circumstances, cache entries with equivalent rdataset
might not get replaced. Previously such entry would get preserved
regardless of the new TTL and expire time on the existing header would
get updated when the expire time was less than the expire time on the
existing header. Change the logic to preserve the existing header only
if the new expire time is larger than the existing one and replace the
existing cache entry when the new expire time is less than the existing
one.
Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>
Previously, BIND 9 would drop the ZEROTTL attribute when updating
previously cached NS entry with ZEROTTL attribute set.
Co-authored-by: Jinmei Tatuya <jtatuya@infoblox.com>
Use C23 stdckdint.h when available and define ckd_{mul,add,sub} shims to __builtin_{mul,add,sub}_overflow(). Require all the __builtin functions to be supported to further simplify the non-C23 implementation. Rename the <stdbit.h>-shims in <isc/bit.h> to their C23 names.
Merge branch 'ondrej/use-stdckdint.h-if-available' into 'main'
See merge request isc-projects/bind9!10818
Use C23 stdckdint.h when available and define ckd_{mul,add,sub} shims to
__builtin_{mul,add,sub}_overflow(). Require the __builtin functions
unconditionally.
Currently following __builtin functions are used:
__builtin_add_overflow
__builtin_mul_overflow
__builtin_prefetch
__builtin_sub_overflow
__builtin_unreachable
These are generally available on our supported platform, and also we use
some of these unconditionally anyway in qp.c. Thus make the support for
these functions mandatory so we fail early in the 'setup' step.
Make grammar check in CI more user friendly. Previously Sphinx docs
build might have failed because outdated grammar files and this would
have prevented CI from generating grammar file patch.
The fxhash implementation was missing a constant for 32-bit platforms.
This has been fixed. Constant for 64-bit platform was update to match
the current Rust constants.
Merge branch 'ondrej/update-fxhash-constants' into 'main'
See merge request isc-projects/bind9!10894
The fxhash implementation was missing a constant for 32-bit platforms.
This has been fixed. Constant for 64-bit platform was update to match
the current Rust constants.
The previous refactoring added an assertion failure when negative RRSIG
would be added to the cache database. As result, any query for RRSIG in
any unsigned zone would trigger that assertion failure.
Allow the negative RRSIG entries to be stored in the cache database
again as not caching these would trigger new remote fetch every time
such query would be received from a client.
Closes#5489
Merge branch '5489-allow-negative-RRSIGs-in-qpcache' into 'main'
See merge request isc-projects/bind9!10876
The previous refactoring added an assertion failure when negative RRSIG
would be added to the cache database. As result, any query for RRSIG in
any unsigned zone would trigger that assertion failure.
Allow the negative RRSIG entries to be stored in the cache database
again as not caching these would trigger new remote fetch every time
such query would be received from a client.
The following check:
__builtin_types_compatible_p(size_t, uint64_t)
doesn't work with default compiler on macOS. Workaround the issue
by typing the size_t to matching unsigned int type.
Using `static inline` functions in the headers break gcov as it cannot
properly track the hits. To fix the issue, convert the expressions to
statement macros. The added static assertions will ensure integer
promotion cannot occur unlike its previous function counterpart.
Merge branch 'aydin/rotate-as-macro' into 'main'
See merge request isc-projects/bind9!10878
Using `static inline` functions in the headers break gcov as it cannot
properly track the hits. To fix the issue, convert the expressions to
statement macros. The added static assertions will ensure integer
promotion cannot occur unlike its previous function counterpart.
By default, when :iscman:`named` is started it may start answering to
queries before the response policy zones are completely loaded
and processed. This new feature gives an option to the users to
tell :iscman:`named` that incoming requests should result in SERVFAIL answer
until all the response policy zones are processed and ready. Note that if
one or more response policy zones fail to load, :iscman:`named` starts
responding to queries according to those zones that did load.
Closes#5222
Merge branch '5222-stop-sending-responses-until-rpz-is-ready' into 'main'
See merge request isc-projects/bind9!10839
Test whether 'servfail-until-ready yes' works by enabling slow
RPZ loading with a USDT probe activation, and checking that named
returns SERVFAIL during the initial RPZ zones processing stage.
The test requires SystemTap (stap, dtrace) to activate the USDT
probe.
By default, when named is started it may start answering to
queries before the response policy zones are completely loaded
and processed. This new feature gives an option to the users to
tell named that incoming requests should result in SERVFAIL anwser
until all the response policy zones are procesed and ready.
During the initial configuration of named after startup, 'first_time'
is true. This is needed for implementing the new 'servfail-until-ready'
configuration option, which should take into effect only during the
initial configuration.
Add a new option ``manual-mode`` to :any:`dnssec-policy`. The intended use is that if it is enabled, it will not automatically move to the
next state transition, but instead the transition is logged. Only after manual confirmation with ``rndc dnssec -step`` the transition is made.
Closes#4606
Merge branch '4606-dnssec-policy-dry-run' into 'main'
See merge request isc-projects/bind9!10774
If we hit an error when issuing an 'rndc dnssec -step' command, and the
keymgr runs again at a later scheduled time, we don't want to enforce
transitions.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commit.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to previous commits.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Similar to the previous commit that tests CSK algorithm rollover.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Update check_rollover_step to return the found keys. This can be used
to test that keymgr-manual-mode messages are correctly logged.
Parametrize each test case and in case of manual-mode, execute
additional checks. First a keymgr run should not change the existing
key state (with exceptions of timing events such as moving from
RUMOURED to OMNIPRESENT, and from UNRETENTIVE to HIDDEN). Appropriate
messages must be logged.
After enforcing the next step with 'rndc dnssec -step', the key state
should be the same as if the step were to be taken automatically.
Key state transitions may be blocked by manual-mode, meaning key
timing metadata may not be respected and can be inaccurate. For these
tests use the state values to determine whether the DNSKEY/CDS/CDNSKEY
RRset must be published or not.
If so we also want to tickle the apex because DNSKEY/CDNSKEY/CDS
RRsets may need to be re-signed.
Note that this may be overzealous, because if state transitions
happen just because of timing events (RUMOURED -> OMNIPRESENT,
UNRETENTIVE -> HIDDEN) this would have to cause changes in the
zone DNSSEC records.
When a key retire, key generation/introduction, or a state transition
to RUMOURED/UNRETENTIVE should happen, instead they are logged.
When those logs look good, you can run 'rndc dnssec -step' to run the
keymgr and apply those steps.
Add a new option 'manual-mode' to 'dnssec-policy'. The intended
use is that if it is enabled, it will not automatically move to the
next state transition (RUMOURED, UNRETENTIVE), only after manual
confirmation. The intended state transition should be logged.
Various test cases where legacy keys exist and are used to migrate to 'dnssec-policy'. These once existed as shell script but were removed because 'auto-dnssec' was removed. But the test cases are still useful if one wants to migrate to 'dnssec-policy' with such legacy keys, so it would be good to resurrect these tests.
Closes#3769
Merge branch '3769-migrate-zsk-ksk-plit' into 'main'
See merge request isc-projects/bind9!10787
This is a follow-up from the test cases that were added long time ago
that cover migrating to dnssec-policy.
The test covers legacy keys that do not have the SyncPublish timing
metadata set.
Various test cases where legacy keys exist and are used to migrate to
dnssec-policy. These once existed as shell script but were removed
because auto-dnssec was removed. But the test cases are still useful
if one wants to migrate to dnssec-policy with such legacy keys.
The tests were previously removed in commit
906dd57b68 as part of MR !8085.
