upstream/bind9
1
0
Fork 0
mirror of https://github.com/isc-projects/bind9.git synced 2026-05-22 18:17:05 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
Serveur DNS
44608 commits 18 branches 886 tags 464 MiB
C 72.5%
Shell 12.4%
Python 9.8%
Jinja 3.6%
Perl 0.7%
Other 1%
Find a file
Aram Sargsyan aed9cafd5c Lock the catalog zone when reconfiguring it 
A catalog zone is updated in an offloaded thread, which is not
stopped during a reconfiguration in an exclusive mode, and so
can cause a race condition with it.

Waiting for the offloaded threads to complete their work before
entering into the exclusive mode can potentially cause unwanted
delays, because offloaded threads are generally "allowed" to take
a longer amount of time before they complete.

Add a dns_catz_zone_prereconfig()/dns_catz_zone_postreconfig() pair
of functions which currently just lock the catalog zone when
reconfiguring it. The change should eliminate the race.

As a side note, there was already a similar pair of functions,
dns_catz_prereconfig() and dns_catz_postreconfig() which are called
before and after reconfiguring a 'dns_catz_zones_t' object.

Below are the stack traces of the reconfiguration thread which has
asserted, and a catalog zone update thread which was caught in the
middle of its work despite the fact that the exclusive mode is
turned on.

                Stack trace of thread 23859:
                #0  0x00007f80e7b8e52f raise (libc.so.6)
                #1  0x00007f80e7b61e65 abort (libc.so.6)
                #2  0x0000000000422558 assertion_failed (named)
                #3  0x00007f80eaa6799e isc_assertion_failed (libisc-9.18.41.so)
                #4  0x00007f80ea5bc788 dns_catz_entry_getname (libdns-9.18.41.so)
                #5  0x000000000042ce0e catz_reconfigure (named)
                #6  0x000000000042d3c5 configure_catz_zone (named)
                #7  0x000000000042d7a4 configure_catz (named)
                #8  0x0000000000430645 configure_view (named)
                #9  0x000000000043d998 load_configuration (named)
                #10 0x000000000044184f loadconfig (named)
                #11 0x0000000000442525 named_server_reconfigcommand (named)
                #12 0x000000000041b277 named_control_docommand (named)
                #13 0x000000000041c74a control_command (named)
                #14 0x00007f80eaa912ae task_run (libisc-9.18.41.so)
                #15 0x00007f80eaa914cd isc_task_run (libisc-9.18.41.so)
                #16 0x00007f80eaa46435 isc__nm_async_task (libisc-9.18.41.so)
                #17 0x00007f80eaa467aa process_netievent (libisc-9.18.41.so)
                #18 0x00007f80eaa475a6 process_queue (libisc-9.18.41.so)
                #19 0x00007f80eaa46227 process_all_queues (libisc-9.18.41.so)
                #20 0x00007f80eaa462a1 async_cb (libisc-9.18.41.so)
                #21 0x00007f80e8d01893 uv__async_io.part.3 (libuv.so.1)
                #22 0x00007f80e8d13ac4 uv__io_poll (libuv.so.1)
                #23 0x00007f80e8d023fb uv_run (libuv.so.1)
                #24 0x00007f80eaa45ced nm_thread (libisc-9.18.41.so)
                #25 0x00007f80eaa9bda3 isc__trampoline_run (libisc-9.18.41.so)
                #26 0x00007f80e7f1e1ca start_thread (libpthread.so.0)
                #27 0x00007f80e7b798d3 __clone (libc.so.6)
    ...
    ...
                Stack trace of thread 23912:
                #0  0x00007f80ea5bc2da dns_catz_options_setdefault (libdns-9.18.41.so)
                #1  0x00007f80ea5bd411 dns__catz_zones_merge (libdns-9.18.41.so)
                #2  0x00007f80ea5c3c2f dns__catz_update_cb (libdns-9.18.41.so)
                #3  0x00007f80eaa4fee9 isc__nm_work_run (libisc-9.18.41.so)
                #4  0x00007f80eaa9bda3 isc__trampoline_run (libisc-9.18.41.so)
                #5  0x00007f80eaa4ff48 isc__nm_work_cb (libisc-9.18.41.so)
                #6  0x00007f80e8cfc75e worker (libuv.so.1)
                #7  0x00007f80e7f1e1ca start_thread (libpthread.so.0)
                #8  0x00007f80e7b798d3 __clone (libc.so.6)
2025-12-17 14:54:49 +00:00
.github/workflows Update github actions to trigger on correct branches 2023-03-27 17:09:09 +02:00
.gitlab/issue_templates Clean up URL templates in the summary table 2025-12-01 14:31:39 +01:00
.reuse/templates Replace .reuse/dep5 with REUSE.toml 2025-09-06 15:58:22 +02:00
bin Lock the catalog zone when reconfiguring it 2025-12-17 14:54:49 +00:00
ci Add named-lto option to meson build to named with LTO 2025-09-24 13:19:37 +02:00
cocci Apply the dns_rdataset_cleanup patch through the codebase 2025-12-17 15:19:55 +01:00
contrib Remove contrib/scripts 2025-07-17 07:17:12 +02:00
doc Add Alpine Linux 3.23 2025-12-09 11:18:08 +01:00
fuzz switch to CHECK where it wasn't being used 2025-12-03 13:45:42 -08:00
lib Lock the catalog zone when reconfiguring it 2025-12-17 14:54:49 +00:00
LICENSES Remove scripts related to the automake test driver 2025-06-26 13:24:33 +00:00
tests Apply the dns_rdataset_cleanup patch through the codebase 2025-12-17 15:19:55 +01:00
util check-cocci fails in WARNING is found on stderr 2025-11-12 11:31:28 +01:00
.clang-format Add DNS_SLABTOP_FOREACH macros 2025-08-28 19:28:55 +02:00
.clang-format.headers Use ControlStatementsExceptControlMacros for SpaceBeforeParens 2025-08-19 07:58:33 +02:00
.dir-locals.el Remove trailing whitespace from all text files 2023-06-13 15:05:40 +02:00
.editorconfig replace the build system with meson 2025-06-11 10:30:12 +03:00
.git-blame-ignore-revs Ignore clang-format reformatting commits 2025-08-19 07:59:52 +02:00
.gitattributes Add .sh extension to shell scripts 2025-09-18 13:50:33 +02:00
.gitchangelog.rc Add BIND9 configuration for gitchangelog 2024-07-29 13:03:20 +02:00
.gitignore Add .sh extension to shell scripts 2025-09-18 13:50:33 +02:00
.gitlab-ci.yml Add a tag pipeline CI job to update the stable tag after a release 2025-12-17 10:59:38 +00:00
.mailmap Add full Alessio's name to .mailmap to fix some of the older commits 2024-09-26 11:48:02 +00:00
.pylintrc Disable too-many/too-few pylint checks 2024-10-17 11:01:44 +02:00
.readthedocs.yaml Read the Docs should always source requirements.txt from "main" 2024-10-17 12:11:08 +02:00
.tsan-suppress Suppress FreeBSD-specific TSAN false-positive lock-order-inversion 2025-04-02 11:14:43 +00:00
.uncrustify.cfg fix spelling errors reported by Fossies. 2020-02-21 15:05:08 +11:00
AUTHORS Modify AUTHORS 2022-12-20 22:13:53 +02:00
bind.keys introduce default config builtin-root-anchors 2025-10-29 13:55:47 -07:00
ChangeLog Link ChangeLog to doc/arm/changelog.rst 2025-02-28 11:02:28 +00:00
CODE_OF_CONDUCT.md Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
CONTRIBUTING.md Change the CONTRIBUTING to use Developer's Certificate of Origin 1.1 2025-10-16 18:31:37 +02:00
COPYING Complete rewrite the BIND 9 build system 2020-04-21 14:19:48 +02:00
COPYRIGHT Remove trailing whitespace from all text files 2023-06-13 15:05:40 +02:00
dangerfile.py Check meson pairwise testing switches 2025-07-02 08:50:34 +00:00
dnstap.proto replace the build system with meson 2025-06-11 10:30:12 +03:00
gcovr.cfg replace the build system with meson 2025-06-11 10:30:12 +03:00
LICENSE Update the copyright information in all files in the repository 2022-01-11 09:05:02 +01:00
meson.build proto-c is deprecated, use protoc if available over proto-c 2025-12-16 11:14:43 +11:00
meson.format replace the build system with meson 2025-06-11 10:30:12 +03:00
meson.options Add auto LTO option 2025-11-27 13:00:22 +01:00
NEWS Add new changelog file 2024-07-29 13:03:19 +02:00
OPTIONS.md Remove internal memory filling in favor of jemalloc opt.junk 2025-11-27 10:40:18 +01:00
README.md Remove mentions of the bind-workers mailing list 2025-10-13 16:01:43 +00:00
REUSE.toml Use jinja2 templates in nsupdate test 2025-12-09 14:23:14 +01:00
SECURITY.md Update URL for bug reports 2025-05-30 17:32:36 -07:00
sonar-project.properties Add SonarCloud GitHub Action 2023-02-24 08:53:41 +00:00
suppr-lsan.txt Supress the leak detection in __xmlDefaultBufferSize 2025-02-04 12:34:02 +00:00

README.md

BIND 9

Contents

  1. Introduction
  2. Reporting bugs and getting help
  3. Contributing to BIND
  4. Building BIND
  5. Automated testing
  6. Documentation
  7. Acknowledgments

Introduction

BIND (Berkeley Internet Name Domain) is a complete, highly portable implementation of the Domain Name System (DNS) protocol.

The BIND name server, named, can act as an authoritative name server, recursive resolver, DNS forwarder, or all three simultaneously. It implements views for split-horizon DNS, automatic DNSSEC zone signing and key management, catalog zones to facilitate provisioning of zone data throughout a name server constellation, response policy zones (RPZ) to protect clients from malicious data, response rate limiting (RRL) and recursive query limits to reduce distributed denial of service attacks, and many other advanced DNS features. BIND also includes a suite of administrative tools, including the dig and delv DNS lookup tools, nsupdate for dynamic DNS zone updates, rndc for remote name server administration, and more.

BIND 9 began as a complete rewrite of the BIND architecture that was used in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a 501(c)(3) US public benefit corporation dedicated to providing software and services in support of the Internet infrastructure, developed BIND 9 and is responsible for its ongoing maintenance and improvement. BIND is open source software licensed under the terms of the Mozilla Public License, version 2.0.

For a detailed list of changes made throughout the history of BIND 9, see the changelog.

For up-to-date versions and release notes, see https://www.isc.org/download/.

For information about supported platforms, see the "Supported Platforms" section in the BIND 9 Administrator Reference Manual.

Reporting bugs and getting help

To report non-security-sensitive bugs or request new features, you may open an issue in the BIND 9 project on the ISC GitLab server at https://gitlab.isc.org/isc-projects/bind9.

Please note that, unless you explicitly mark the newly created issue as "confidential," it will be publicly readable. Please do not include any information in bug reports that you consider to be confidential unless the issue has been marked as such. In particular, if submitting the contents of your configuration file in a non-confidential issue, it is advisable to obscure key secrets; this can be done automatically by using named-checkconf -px.

For information about ISC's Security Vulnerability Disclosure Policy and information about reporting potential security issues, please see SECURITY.md.

Professional support and training for BIND are available from ISC. Contact us at https://www.isc.org/contact for more information.

To join the BIND Users mailing list, or view the archives, visit https://lists.isc.org/mailman/listinfo/bind-users.

Contributing to BIND

ISC maintains a public git repository for BIND; details can be found at https://www.isc.org/sourceaccess/.

Information for BIND contributors can be found in the following files:

Patches for BIND may be submitted as merge requests on the ISC GitLab server.

By default, external contributors do not have the ability to fork BIND on the GitLab server; if you wish to contribute code to BIND, you may request permission to do so. Thereafter, you can create git branches and directly submit requests that they be reviewed and merged.

If you prefer, you may also submit code by opening a GitLab issue and including your patch as an attachment, preferably generated by git format-patch.

Building BIND 9

For information about building BIND 9, see the "Building BIND 9" section in the BIND 9 Administrator Reference Manual.

Automated testing

A system test suite can be run with pytest bin/tests/system. The system tests require you to configure a set of virtual IP addresses on your system (this allows multiple servers to run locally and communicate with each other). These IP addresses can be configured by running the command bin/tests/system/ifconfig.sh up as root.

Some tests require Perl and the Net::DNS and/or IO::Socket::IP modules, and are skipped if these are not available. Some tests require Python and the dnspython module and are skipped if these are not available. See bin/tests/system/README for further details.

Unit tests are implemented using the CMocka unit testing framework. To build them, use the option -Dcmocka=enabled. Execution of unit tests is done by the meson's test functionality; run by meson test.

Documentation

The BIND 9 Administrator Reference Manual (ARM) is included with the source distribution, and in .rst format, in the doc/arm directory. The HTML version is automatically generated and can be viewed at https://bind9.readthedocs.io/en/latest/index.html.

The PDF version can be built by running:

meson setup build
ninja -C build arm-pdf

The above requires TeX Live in order to work. The PDF will be written to build/arm-pdf/latex/Bv9ARM.pdf.

Man pages for some of the programs in the BIND 9 distribution are also included in the BIND ARM.

Frequently (and not-so-frequently) asked questions and their answers can be found in the ISC Knowledgebase at https://kb.isc.org.

Additional information on various subjects can be found in other README files throughout the source tree.

Bug report identifiers

Most notes in the ARM Changelog appendix include a reference to a bug report or issue number. Prior to 2018, these were usually of the form [RT #NNN] and referred to entries in the "bind9-bugs" RT database, which was not open to the public. More recent entries use the form [GL #NNN] or, less often, [GL !NNN], which, respectively, refer to issues or merge requests in the GitLab database. Most of these are publicly readable, unless they include information which is confidential or security-sensitive.

To look up a GitLab issue by its number, use the URL https://gitlab.isc.org/isc-projects/bind9/issues/NNN. To look up a merge request, use https://gitlab.isc.org/isc-projects/bind9/merge_requests/NNN.

In rare cases, an issue or merge request number may be followed with the letter "P". This indicates that the information is in the private ISC GitLab instance, which is not visible to the public.

Acknowledgments