Ubuntu
bind9 package

Merge ~lvoytek/ubuntu/+source/bind9:MRE-lunar-9.18.18 into ubuntu/+source/bind9:ubuntu/lunar-devel

  1. Git
  2. lp:~lvoytek/ubuntu/+source/bind9
  3. MRE-lunar-9.18.18
  4. Merge into ubuntu/lunar-devel
Proposed by Lena Voytek
Status: Merged
Approved by: git-ubuntu bot
Approved revision: not available
Merged at revision: e394e1303d42519ca36879abe5301394d7e8bc4a
Proposed branch: ~lvoytek/ubuntu/+source/bind9:MRE-lunar-9.18.18
Merge into: ubuntu/+source/bind9:ubuntu/lunar-devel
Diff against target: 49388 lines (+14938/-6786)
811 files modified
CHANGES (+264/-0)
CONTRIBUTING.md (+4/-4)
COPYRIGHT (+30/-30)
ChangeLog (+264/-0)
NEWS (+264/-0)
bin/check/named-checkconf.c (+2/-1)
bin/check/named-compilezone.rst (+1/-1)
bin/dig/dig.c (+2/-1)
bin/dig/dighost.c (+24/-17)
bin/dig/dighost.h (+3/-0)
bin/dnssec/dnssec-cds.c (+96/-56)
bin/dnssec/dnssec-settime.rst (+1/-1)
bin/named/builtin.c (+5/-9)
bin/named/config.c (+1/-0)
bin/named/include/named/os.h (+0/-3)
bin/named/include/named/server.h (+1/-1)
bin/named/main.c (+28/-0)
bin/named/os.c (+0/-8)
bin/named/server.c (+96/-50)
bin/named/statschannel.c (+2/-0)
bin/named/zoneconf.c (+98/-78)
bin/nsupdate/nsupdate.c (+28/-17)
bin/nsupdate/nsupdate.rst (+5/-1)
bin/plugins/filter-a.c (+1/-1)
bin/plugins/filter-aaaa.c (+1/-1)
bin/rndc/rndc.c (+7/-3)
bin/rndc/rndc.rst (+6/-2)
bin/tests/system/Makefile.am (+10/-2)
bin/tests/system/Makefile.in (+35/-13)
bin/tests/system/README (+155/-29)
bin/tests/system/acl/ns2/named1.conf.in (+1/-0)
bin/tests/system/acl/ns2/named2.conf.in (+1/-0)
bin/tests/system/acl/ns2/named3.conf.in (+1/-0)
bin/tests/system/acl/ns2/named4.conf.in (+1/-0)
bin/tests/system/acl/ns2/named5.conf.in (+1/-0)
bin/tests/system/acl/ns3/named.conf.in (+1/-0)
bin/tests/system/acl/ns4/named.conf.in (+1/-0)
bin/tests/system/acl/tests.sh (+33/-31)
bin/tests/system/acl/tests_sh_acl.py (+2/-9)
bin/tests/system/additional/ns2/named.conf.in (+1/-0)
bin/tests/system/additional/tests.sh (+28/-26)
bin/tests/system/additional/tests_sh_additional.py (+2/-24)
bin/tests/system/addzone/ns1/named.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named2.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named3.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named2.conf.in (+1/-0)
bin/tests/system/addzone/tests.sh (+134/-132)
bin/tests/system/addzone/tests_sh_addzone.py (+14/-0)
bin/tests/system/allow-query/ns1/named.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named01.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named02.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named03.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named04.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named05.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named06.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named07.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named08.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named09.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named10.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named11.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named12.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named21.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named22.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named23.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named24.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named25.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named26.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named27.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named28.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named29.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named30.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named31.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named32.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named33.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named34.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named40.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named53.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named54.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named55.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named56.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named57.conf.in (+1/-0)
bin/tests/system/allow-query/tests.sh (+100/-98)
bin/tests/system/allow-query/tests_sh_allowquery.py (+14/-0)
bin/tests/system/ans.pl (+5/-5)
bin/tests/system/auth/ns1/named.conf.in (+1/-0)
bin/tests/system/auth/ns2/named.conf.in (+1/-0)
bin/tests/system/auth/tests.sh (+31/-29)
bin/tests/system/auth/tests_sh_auth.py (+14/-0)
bin/tests/system/autosign/clean.sh (+1/-2)
bin/tests/system/autosign/ns2/keygen.sh (+8/-0)
bin/tests/system/autosign/ns2/named.conf.in (+9/-0)
bin/tests/system/autosign/ns2/optout-with-ent.db.in (+22/-0)
bin/tests/system/autosign/tests.sh (+58/-10)
bin/tests/system/autosign/tests_sh_autosign.py (+14/-0)
bin/tests/system/builtin/ns1/named.conf.in (+1/-0)
bin/tests/system/builtin/ns2/named.conf.in (+1/-0)
bin/tests/system/builtin/ns3/named.conf.in (+1/-0)
bin/tests/system/builtin/tests.sh (+33/-31)
bin/tests/system/builtin/tests_sh_builtin.py (+14/-0)
bin/tests/system/cacheclean/tests.sh (+39/-37)
bin/tests/system/cacheclean/tests_sh_cacheclean.py (+14/-0)
bin/tests/system/case/ns1/named.conf.in (+1/-0)
bin/tests/system/case/ns2/named.conf.in (+1/-0)
bin/tests/system/case/tests.sh (+23/-21)
bin/tests/system/case/tests_sh_case.py (+14/-0)
bin/tests/system/catz/clean.sh (+1/-0)
bin/tests/system/catz/ns1/named.conf.in (+1/-0)
bin/tests/system/catz/ns2/named1.conf.in (+11/-1)
bin/tests/system/catz/ns2/named2.conf.in (+1/-0)
bin/tests/system/catz/ns3/named.conf.in (+1/-0)
bin/tests/system/catz/ns4/catalog.example.db.in (+14/-0)
bin/tests/system/catz/ns4/named.conf.in (+11/-0)
bin/tests/system/catz/setup.sh (+1/-0)
bin/tests/system/catz/tests.sh (+49/-0)
bin/tests/system/catz/tests_sh_catz.py (+14/-0)
bin/tests/system/cds/setup.sh (+3/-1)
bin/tests/system/cds/tests.sh (+3/-2)
bin/tests/system/cds/tests_sh_cds.py (+14/-0)
bin/tests/system/chain/ans4/ans.py (+1/-1)
bin/tests/system/chain/tests.sh (+73/-71)
bin/tests/system/chain/tests_sh_chain.py (+14/-0)
bin/tests/system/checkconf/clean.sh (+1/-0)
bin/tests/system/checkconf/deprecated.conf (+17/-0)
bin/tests/system/checkconf/dnssec.2 (+1/-1)
bin/tests/system/checkconf/dnssec.3 (+1/-1)
bin/tests/system/checkconf/kasp-bad-keylen.conf (+1/-1)
bin/tests/system/checkconf/tests.sh (+168/-163)
bin/tests/system/checkconf/tests_sh_checkconf.py (+14/-0)
bin/tests/system/checkds/ns2/named.conf.in (+1/-0)
bin/tests/system/checkds/ns4/named.conf.in (+1/-0)
bin/tests/system/checkds/ns5/named.conf.in (+1/-0)
bin/tests/system/checkds/ns6/named.conf.in (+1/-0)
bin/tests/system/checkds/ns7/named.conf.in (+1/-0)
bin/tests/system/checkds/ns9/named.conf.in (+1/-0)
bin/tests/system/checknames/tests.sh (+24/-22)
bin/tests/system/checknames/tests_sh_checknames.py (+14/-0)
bin/tests/system/checkzone/tests.sh (+2/-0)
bin/tests/system/checkzone/tests_sh_checkzone.py (+14/-0)
bin/tests/system/ckdnsrps.sh (+2/-2)
bin/tests/system/conf.sh.common (+18/-16)
bin/tests/system/conf.sh.in (+7/-2)
bin/tests/system/conftest.py (+592/-7)
bin/tests/system/cookie/ans9/ans.py (+2/-0)
bin/tests/system/cookie/ns7/named.conf.in (+1/-0)
bin/tests/system/cookie/tests.sh (+83/-81)
bin/tests/system/cookie/tests_sh_cookie.py (+14/-0)
bin/tests/system/database/tests.sh (+7/-5)
bin/tests/system/database/tests_sh_database.py (+14/-0)
bin/tests/system/dialup/tests.sh (+6/-4)
bin/tests/system/dialup/tests_sh_dialup.py (+14/-0)
bin/tests/system/digdelv/tests.sh (+14/-15)
bin/tests/system/digdelv/tests_sh_digdelv.py (+14/-0)
bin/tests/system/dispatch/ns1/named.conf.in (+1/-0)
bin/tests/system/dispatch/ns2/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/ns1/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/tests.sh (+40/-38)
bin/tests/system/dlzexternal/tests_sh_dlzexternal.py (+14/-0)
bin/tests/system/dns64/tests.sh (+313/-311)
bin/tests/system/dns64/tests_sh_dns64.py (+14/-0)
bin/tests/system/dnssec/ans10/ans.py (+1/-0)
bin/tests/system/dnssec/ns4/named5.conf.in (+1/-0)
bin/tests/system/dnssec/ns5/named2.conf.in (+1/-0)
bin/tests/system/dnssec/tests.sh (+32/-35)
bin/tests/system/dnssec/tests_sh_dnssec.py (+14/-0)
bin/tests/system/dnstap/tests.sh (+177/-150)
bin/tests/system/dnstap/tests_dnstap.py (+2/-2)
bin/tests/system/dnstap/tests_sh_dnstap.py (+14/-0)
bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem (+1/-1)
bin/tests/system/doth/example.axfr.good (+1/-1)
bin/tests/system/doth/example8.axfr.good (+1/-1)
bin/tests/system/doth/tests.sh (+29/-34)
bin/tests/system/doth/tests_sh_doth.py (+14/-0)
bin/tests/system/dsdigest/tests.sh (+5/-3)
bin/tests/system/dsdigest/tests_sh_dsdigest.py (+14/-0)
bin/tests/system/dupsigs/ns1/named.conf.in (+1/-0)
bin/tests/system/dupsigs/ns1/reset_keys.sh (+23/-23)
bin/tests/system/dupsigs/tests.sh (+27/-12)
bin/tests/system/dupsigs/tests_sh_dupsigs.py (+14/-0)
bin/tests/system/dyndb/driver/driver.c (+0/-11)
bin/tests/system/dyndb/ns1/named.conf.in (+1/-0)
bin/tests/system/dyndb/tests.sh (+25/-23)
bin/tests/system/dyndb/tests_sh_dyndb.py (+14/-0)
bin/tests/system/ecdsa/setup.sh (+1/-1)
bin/tests/system/ecdsa/tests_sh_ecdsa.py (+14/-0)
bin/tests/system/eddsa/tests_sh_eddsa.py (+14/-0)
bin/tests/system/ednscompliance/ns1/named.conf.in (+1/-0)
bin/tests/system/ednscompliance/tests.sh (+21/-19)
bin/tests/system/ednscompliance/tests_sh_ednscompliance.py (+14/-0)
bin/tests/system/emptyzones/ns1/named1.conf.in (+1/-0)
bin/tests/system/emptyzones/ns1/named2.conf.in (+1/-0)
bin/tests/system/emptyzones/tests.sh (+6/-4)
bin/tests/system/emptyzones/tests_sh_emptyzones.py (+14/-0)
bin/tests/system/enginepkcs11/tests.sh (+2/-0)
bin/tests/system/enginepkcs11/tests_sh_enginepkcs11.py (+14/-0)
bin/tests/system/feature-test.c (+16/-0)
bin/tests/system/fetchlimit/ans4/ans.pl (+4/-0)
bin/tests/system/fetchlimit/clean.sh (+5/-3)
bin/tests/system/fetchlimit/ns5/named1.conf.in (+46/-0)
bin/tests/system/fetchlimit/ns5/named2.conf.in (+49/-0)
bin/tests/system/fetchlimit/ns5/root.hint (+14/-0)
bin/tests/system/fetchlimit/setup.sh (+1/-0)
bin/tests/system/fetchlimit/tests.sh (+185/-59)
bin/tests/system/fetchlimit/tests_sh_fetchlimit.py (+14/-0)
bin/tests/system/filter-aaaa/ns1/sign.sh (+1/-1)
bin/tests/system/filter-aaaa/tests.sh (+280/-278)
bin/tests/system/filter-aaaa/tests_sh_filter_aaaa.py (+14/-0)
bin/tests/system/formerr/clean.sh (+3/-3)
bin/tests/system/formerr/formerr.pl (+1/-1)
bin/tests/system/formerr/ns1/named.conf.in (+1/-0)
bin/tests/system/formerr/tests.sh (+8/-6)
bin/tests/system/formerr/tests_sh_formerr.py (+14/-0)
bin/tests/system/forward/ans11/ans.py (+1/-0)
bin/tests/system/forward/ns10/named.conf.in (+1/-0)
bin/tests/system/forward/tests.sh (+4/-2)
bin/tests/system/forward/tests_sh_forward.py (+14/-0)
bin/tests/system/genzone.sh (+7/-7)
bin/tests/system/geoip2/tests.sh (+75/-73)
bin/tests/system/geoip2/tests_sh_geoip2.py (+14/-0)
bin/tests/system/get_algorithms.py (+3/-4)
bin/tests/system/get_core_dumps.sh (+12/-8)
bin/tests/system/glue/ns1/named.conf.in (+1/-0)
bin/tests/system/glue/tests.sh (+2/-0)
bin/tests/system/glue/tests_sh_glue.py (+14/-0)
bin/tests/system/hooks/tests_async_plugin.py (+27/-0)
bin/tests/system/host/ns1/named.conf.in (+1/-0)
bin/tests/system/host/tests_sh_host.py (+14/-0)
bin/tests/system/idna/tests.sh (+8/-7)
bin/tests/system/idna/tests_sh_idna.py (+14/-0)
bin/tests/system/ifconfig.sh.in (+0/-8)
bin/tests/system/include-multiplecfg/ns2/named.conf.in (+1/-0)
bin/tests/system/include-multiplecfg/tests.sh (+9/-8)
bin/tests/system/include-multiplecfg/tests_sh_include_multiplecfg.py (+14/-0)
bin/tests/system/inline/ns2/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/sign.sh (+2/-2)
bin/tests/system/inline/ns4/named.conf.in (+1/-0)
bin/tests/system/inline/ns6/named.conf.in (+1/-0)
bin/tests/system/inline/ns8/named.conf.in (+1/-0)
bin/tests/system/inline/tests.sh (+155/-141)
bin/tests/system/inline/tests_sh_inline.py (+14/-0)
bin/tests/system/inline/tests_signed_zone_files.py (+0/-1)
bin/tests/system/integrity/ns1/named.conf.in (+1/-0)
bin/tests/system/integrity/tests.sh (+26/-24)
bin/tests/system/integrity/tests_sh_integrity.py (+14/-0)
bin/tests/system/ixfr/ns1/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns3/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns4/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns5/named.conf.in (+1/-0)
bin/tests/system/ixfr/tests.sh (+6/-4)
bin/tests/system/ixfr/tests_sh_ixfr.py (+14/-0)
bin/tests/system/journal/tests.sh (+45/-43)
bin/tests/system/journal/tests_sh_journal.py (+14/-0)
bin/tests/system/kasp.sh (+11/-4)
bin/tests/system/kasp/ns2/named.conf.in (+1/-0)
bin/tests/system/kasp/ns3/named-fips.conf.in (+12/-0)
bin/tests/system/kasp/ns3/setup.sh (+41/-0)
bin/tests/system/kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/kasp/ns5/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named2.conf.in (+1/-0)
bin/tests/system/kasp/tests.sh (+78/-5)
bin/tests/system/kasp/tests_sh_kasp.py (+14/-0)
bin/tests/system/keepalive/ns1/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns2/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns3/named.conf.in (+1/-0)
bin/tests/system/keepalive/tests.sh (+22/-20)
bin/tests/system/keepalive/tests_sh_keepalive.py (+14/-0)
bin/tests/system/keyfromlabel/tests.sh (+2/-0)
bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py (+14/-0)
bin/tests/system/keymgr2kasp/ns3/kasp.conf.in (+20/-0)
bin/tests/system/keymgr2kasp/ns3/named.conf.in (+8/-0)
bin/tests/system/keymgr2kasp/ns3/named2.conf.in (+8/-0)
bin/tests/system/keymgr2kasp/ns3/setup.sh (+17/-0)
bin/tests/system/keymgr2kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/ns4/named2.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/tests.sh (+139/-0)
bin/tests/system/keymgr2kasp/tests_sh_keymgr2kasp.py (+14/-0)
bin/tests/system/legacy.run.sh.in (+2/-2)
bin/tests/system/legacy/ns6/sign.sh (+2/-2)
bin/tests/system/legacy/ns7/sign.sh (+2/-2)
bin/tests/system/legacy/tests.sh (+45/-43)
bin/tests/system/legacy/tests_sh_legacy.py (+14/-0)
bin/tests/system/limits/ns1/named.conf.in (+1/-0)
bin/tests/system/limits/tests.sh (+2/-0)
bin/tests/system/limits/tests_sh_limits.py (+14/-0)
bin/tests/system/logfileconfig/clean.sh (+2/-0)
bin/tests/system/logfileconfig/ns1/named.abspathconf.in (+52/-0)
bin/tests/system/logfileconfig/ns1/named.incconf.in (+52/-0)
bin/tests/system/logfileconfig/tests.sh (+58/-0)
bin/tests/system/logfileconfig/tests_sh_logfileconfig.py (+14/-0)
bin/tests/system/masterfile/ns1/named.conf.in (+1/-0)
bin/tests/system/masterfile/tests.sh (+10/-8)
bin/tests/system/masterfile/tests_sh_masterfile.py (+14/-0)
bin/tests/system/masterformat/ns1/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns2/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns3/named.conf.in (+1/-0)
bin/tests/system/masterformat/tests.sh (+3/-2)
bin/tests/system/masterformat/tests_sh_masterformat.py (+14/-0)
bin/tests/system/metadata/clean.sh (+1/-1)
bin/tests/system/metadata/tests.sh (+12/-15)
bin/tests/system/metadata/tests_sh_metadata.py (+14/-0)
bin/tests/system/mirror/ns1/named.conf.in (+1/-0)
bin/tests/system/mirror/ns2/named.conf.in (+1/-0)
bin/tests/system/mirror/ns3/named.conf.in (+1/-0)
bin/tests/system/mirror/tests.sh (+2/-0)
bin/tests/system/mirror/tests_sh_mirror.py (+14/-0)
bin/tests/system/mkeys/clean.sh (+7/-2)
bin/tests/system/mkeys/ns1/named1.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/named2.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/named3.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/root.db (+3/-0)
bin/tests/system/mkeys/ns1/sign.sh (+18/-0)
bin/tests/system/mkeys/ns1/sub.tld.db (+21/-0)
bin/tests/system/mkeys/ns1/tld.db (+23/-0)
bin/tests/system/mkeys/ns4/named.conf.in (+5/-0)
bin/tests/system/mkeys/ns4/sign.sh (+24/-0)
bin/tests/system/mkeys/ns4/sub.foo.db (+21/-0)
bin/tests/system/mkeys/ns5/foo.db (+23/-0)
bin/tests/system/mkeys/ns5/named.conf.in (+8/-0)
bin/tests/system/mkeys/setup.sh (+1/-0)
bin/tests/system/mkeys/tests.sh (+60/-14)
bin/tests/system/mkeys/tests_sh_mkeys.py (+14/-0)
bin/tests/system/names/ns1/named.conf.in (+1/-0)
bin/tests/system/names/tests.sh (+8/-7)
bin/tests/system/names/tests_sh_names.py (+14/-0)
bin/tests/system/notify/ns1/named.conf.in (+1/-0)
bin/tests/system/notify/ns2/named.conf.in (+6/-4)
bin/tests/system/notify/ns3/named.conf.in (+7/-0)
bin/tests/system/notify/ns3/notify-source-port-test.db (+22/-0)
bin/tests/system/notify/ns4/named.conf.in (+1/-0)
bin/tests/system/notify/ns5/named.conf.in (+1/-0)
bin/tests/system/notify/tests.sh (+6/-1)
bin/tests/system/notify/tests_sh_notify.py (+14/-0)
bin/tests/system/nsec3/ns2/named.conf.in (+1/-0)
bin/tests/system/nsec3/tests.sh (+3/-7)
bin/tests/system/nsec3/tests_sh_nsec3.py (+14/-0)
bin/tests/system/nslookup/ns1/named.conf.in (+1/-0)
bin/tests/system/nslookup/tests.sh (+18/-0)
bin/tests/system/nslookup/tests_sh_nslookup.py (+14/-0)
bin/tests/system/nsupdate/ans4/ans.pl (+5/-0)
bin/tests/system/nsupdate/clean.sh (+2/-0)
bin/tests/system/nsupdate/krb/setup.sh (+4/-4)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private (+7/-0)
bin/tests/system/nsupdate/ns1/named.conf.in (+13/-0)
bin/tests/system/nsupdate/ns10/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns2/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns5/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns6/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns7/named1.conf.in (+52/-0)
bin/tests/system/nsupdate/ns7/named2.conf.in (+1/-0)
bin/tests/system/nsupdate/ns8/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns9/named.conf.in (+1/-0)
bin/tests/system/nsupdate/setup.sh (+17/-2)
bin/tests/system/nsupdate/tests.sh (+239/-99)
bin/tests/system/nsupdate/tests_sh_nsupdate.py (+14/-0)
bin/tests/system/nzd2nzf/ns1/named.conf.in (+1/-0)
bin/tests/system/nzd2nzf/tests.sh (+2/-0)
bin/tests/system/nzd2nzf/tests_sh_nzd2nzf.py (+14/-0)
bin/tests/system/padding/ns1/named.conf.in (+1/-0)
bin/tests/system/padding/ns2/named.conf.in (+1/-0)
bin/tests/system/padding/ns3/named.conf.in (+1/-0)
bin/tests/system/padding/ns4/named.conf.in (+1/-0)
bin/tests/system/padding/tests.sh (+27/-25)
bin/tests/system/padding/tests_sh_padding.py (+14/-0)
bin/tests/system/parallel.sh (+1/-1)
bin/tests/system/pending/ns1/named.conf.in (+1/-0)
bin/tests/system/pending/ns1/sign.sh (+1/-1)
bin/tests/system/pending/ns4/named.conf.in (+1/-0)
bin/tests/system/pending/tests.sh (+36/-34)
bin/tests/system/pending/tests_sh_pending.py (+14/-0)
bin/tests/system/pipelined/tests.sh (+8/-6)
bin/tests/system/pipelined/tests_sh_pipelined.py (+14/-0)
bin/tests/system/pytest.ini (+20/-0)
bin/tests/system/qmin/tests.sh (+14/-15)
bin/tests/system/qmin/tests_sh_qmin.py (+14/-0)
bin/tests/system/reclimit/tests.sh (+29/-27)
bin/tests/system/reclimit/tests_sh_reclimit.py (+14/-0)
bin/tests/system/redirect/ns5/named.conf.in (+1/-0)
bin/tests/system/redirect/ns6/named.conf.in (+1/-0)
bin/tests/system/redirect/tests.sh (+122/-120)
bin/tests/system/redirect/tests_sh_redirect.py (+14/-0)
bin/tests/system/resolver/ans10/ans.py (+152/-0)
bin/tests/system/resolver/ns4/root.db (+2/-0)
bin/tests/system/resolver/tests.sh (+29/-15)
bin/tests/system/resolver/tests_sh_resolver.py (+14/-0)
bin/tests/system/rndc/ns2/named.conf.in (+1/-0)
bin/tests/system/rndc/ns3/named.conf.in (+1/-0)
bin/tests/system/rndc/ns5/named.conf.in (+1/-0)
bin/tests/system/rndc/ns6/named.args (+1/-1)
bin/tests/system/rndc/ns6/named.conf.in (+1/-0)
bin/tests/system/rndc/ns7/named.conf.in (+1/-0)
bin/tests/system/rndc/setup.sh (+1/-1)
bin/tests/system/rndc/tests.sh (+26/-20)
bin/tests/system/rndc/tests_sh_rndc.py (+14/-0)
bin/tests/system/rootkeysentinel/ns2/sign.sh (+4/-7)
bin/tests/system/rootkeysentinel/tests.sh (+46/-46)
bin/tests/system/rootkeysentinel/tests_sh_rootkeysentinel.py (+14/-0)
bin/tests/system/rpz/clean.sh (+1/-1)
bin/tests/system/rpz/ns1/named.conf.in (+1/-0)
bin/tests/system/rpz/ns3/named.conf.in (+10/-0)
bin/tests/system/rpz/qperf.sh (+2/-2)
bin/tests/system/rpz/tests.sh (+77/-61)
bin/tests/system/rpz/tests_sh_rpz.py (+14/-0)
bin/tests/system/rpzextra/clean.sh (+1/-0)
bin/tests/system/rpzextra/ns2/gooddomain.db (+27/-0)
bin/tests/system/rpzextra/ns2/named.conf.in (+11/-0)
bin/tests/system/rpzextra/ns2/rpz-external.local.db (+26/-0)
bin/tests/system/rpzextra/ns3/external-rpz.local.db (+29/-0)
bin/tests/system/rpzextra/ns3/fourth-rpz-extra.local.db (+32/-0)
bin/tests/system/rpzextra/ns3/named.conf.in (+147/-0)
bin/tests/system/rpzextra/ns3/root.db (+3/-0)
bin/tests/system/rpzextra/ns3/third-rpz-extra.local.db (+26/-0)
bin/tests/system/rpzextra/setup.sh (+1/-1)
bin/tests/system/rpzextra/tests_rpzextra.py (+143/-0)
bin/tests/system/rpzrecurse/setup.sh (+6/-6)
bin/tests/system/rpzrecurse/tests.sh (+56/-52)
bin/tests/system/rpzrecurse/tests_sh_rpzrecurse.py (+14/-0)
bin/tests/system/rrchecker/tests.sh (+12/-10)
bin/tests/system/rrchecker/tests_sh_rrchecker.py (+14/-0)
bin/tests/system/rrl/broken.conf.in (+1/-0)
bin/tests/system/rrl/tests.sh (+24/-22)
bin/tests/system/rrl/tests_sh_rrl.py (+14/-0)
bin/tests/system/rrsetorder/tests.sh (+7/-5)
bin/tests/system/rrsetorder/tests_sh_rrsetorder.py (+14/-0)
bin/tests/system/rsabigexponent/ns1/root.db.in (+1/-1)
bin/tests/system/rsabigexponent/ns1/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/ns2/named.conf.in (+1/-0)
bin/tests/system/rsabigexponent/ns2/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/tests.sh (+6/-4)
bin/tests/system/rsabigexponent/tests_sh_rsabigexponent.py (+14/-0)
bin/tests/system/run.sh (+27/-0)
bin/tests/system/runall.sh (+1/-1)
bin/tests/system/runsequential.sh (+1/-1)
bin/tests/system/runtime/ns2/named-alt4.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt5.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt6.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt7.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt9.conf.in (+1/-0)
bin/tests/system/runtime/setup.sh (+1/-1)
bin/tests/system/runtime/tests.sh (+9/-9)
bin/tests/system/runtime/tests_sh_runtime.py (+14/-0)
bin/tests/system/serve-stale/ans2/ans.pl (+54/-0)
bin/tests/system/serve-stale/ns1/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named2.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named3.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/root.db (+2/-0)
bin/tests/system/serve-stale/ns3/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named2.conf.in (+4/-3)
bin/tests/system/serve-stale/ns3/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named8.conf.in (+1/-0)
bin/tests/system/serve-stale/ns4/named.conf.in (+1/-0)
bin/tests/system/serve-stale/ns5/named.conf.in (+1/-0)
bin/tests/system/serve-stale/tests.sh (+142/-31)
bin/tests/system/serve-stale/tests_sh_serve_stale.py (+14/-0)
bin/tests/system/sfcache/tests.sh (+2/-2)
bin/tests/system/sfcache/tests_sh_sfcache.py (+14/-0)
bin/tests/system/shutdown/tests_shutdown.py (+49/-47)
bin/tests/system/smartsign/tests.sh (+2/-0)
bin/tests/system/smartsign/tests_sh_smartsign.py (+14/-0)
bin/tests/system/sortlist/ns1/named.conf.in (+1/-0)
bin/tests/system/sortlist/tests.sh (+2/-0)
bin/tests/system/sortlist/tests_sh_sortlist.py (+14/-0)
bin/tests/system/spf/ns1/named.conf.in (+1/-0)
bin/tests/system/spf/tests.sh (+4/-2)
bin/tests/system/spf/tests_sh_spf.py (+14/-0)
bin/tests/system/start.pl (+2/-2)
bin/tests/system/staticstub/ns3/sign.sh (+1/-1)
bin/tests/system/staticstub/tests.sh (+36/-34)
bin/tests/system/staticstub/tests_sh_staticstub.py (+14/-0)
bin/tests/system/statistics/ns2/named2.conf.in (+1/-0)
bin/tests/system/statistics/tests.sh (+47/-43)
bin/tests/system/statistics/tests_sh_statistics.py (+14/-0)
bin/tests/system/statschannel/fetch.pl (+1/-1)
bin/tests/system/statschannel/generic.py (+0/-4)
bin/tests/system/statschannel/generic_dnspython.py (+0/-3)
bin/tests/system/statschannel/ns1/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named2.conf.in (+1/-0)
bin/tests/system/statschannel/ns3/named.conf.in (+1/-0)
bin/tests/system/statschannel/tests.sh (+90/-28)
bin/tests/system/statschannel/tests_json.py (+2/-3)
bin/tests/system/statschannel/tests_sh_statschannel.py (+14/-0)
bin/tests/system/statschannel/tests_xml.py (+2/-2)
bin/tests/system/stop.pl (+2/-8)
bin/tests/system/stress/setup.pl (+2/-2)
bin/tests/system/stress/tests.sh (+3/-1)
bin/tests/system/stress/tests_sh_stress.py (+14/-0)
bin/tests/system/stub/ns1/named.conf.in (+1/-0)
bin/tests/system/stub/ns2/named.conf.in (+1/-0)
bin/tests/system/stub/ns3/named.conf.in (+1/-0)
bin/tests/system/stub/tests.sh (+2/-0)
bin/tests/system/stub/tests_sh_stub.py (+14/-0)
bin/tests/system/synthfromdnssec/tests.sh (+2/-0)
bin/tests/system/synthfromdnssec/tests_sh_synthfromdnssec.py (+14/-0)
bin/tests/system/tcp/ns1/named.conf.in (+1/-0)
bin/tests/system/tcp/ns2/named.conf.in (+1/-0)
bin/tests/system/tcp/ns3/named.conf.in (+1/-0)
bin/tests/system/tcp/ns4/named.conf.in (+1/-0)
bin/tests/system/tcp/ns7/named.conf.in (+1/-0)
bin/tests/system/tcp/tests_sh_tcp.py (+14/-0)
bin/tests/system/tcp/tests_tcp.py (+0/-4)
bin/tests/system/timeouts/ns1/named.conf.in (+1/-0)
bin/tests/system/tkey/ns1/named.conf.in (+1/-0)
bin/tests/system/tkey/tests_sh_tkey.py (+14/-0)
bin/tests/system/tools/tests.sh (+32/-29)
bin/tests/system/tools/tests_sh_tools.py (+14/-0)
bin/tests/system/transport-acl/tests.sh (+2/-0)
bin/tests/system/transport-acl/tests_sh_transport_acl.py (+14/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private (+7/-0)
bin/tests/system/tsig/ns1/named.conf.in (+28/-7)
bin/tests/system/tsig/setup.sh (+21/-0)
bin/tests/system/tsig/tests.sh (+102/-26)
bin/tests/system/tsig/tests_sh_tsig.py (+14/-0)
bin/tests/system/tsiggss/ns1/example.nil.db.in (+1/-1)
bin/tests/system/tsiggss/ns1/named.conf.in (+1/-0)
bin/tests/system/tsiggss/setup.sh (+1/-1)
bin/tests/system/tsiggss/tests.sh (+9/-7)
bin/tests/system/tsiggss/tests_isc_spnego_flaws.py (+219/-0)
bin/tests/system/tsiggss/tests_sh_tsiggss.py (+14/-0)
bin/tests/system/ttl/clean.sh (+1/-5)
bin/tests/system/ttl/ns1/named.conf.in (+1/-0)
bin/tests/system/ttl/setup.sh (+0/-1)
bin/tests/system/ttl/tests_cache_ttl.py (+32/-0)
bin/tests/system/unknown/ns1/named.conf.in (+1/-0)
bin/tests/system/unknown/ns2/named.conf.in (+1/-0)
bin/tests/system/unknown/ns3/named.conf.in (+1/-0)
bin/tests/system/unknown/tests.sh (+40/-33)
bin/tests/system/unknown/tests_sh_unknown.py (+14/-0)
bin/tests/system/upforwd/ans4/ans.pl (+5/-5)
bin/tests/system/upforwd/ns1/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns2/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named1.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named2.conf.in (+1/-0)
bin/tests/system/upforwd/tests.sh (+74/-72)
bin/tests/system/upforwd/tests_sh_upforwd.py (+14/-0)
bin/tests/system/verify/tests.sh (+8/-6)
bin/tests/system/verify/tests_sh_verify.py (+14/-0)
bin/tests/system/views/ns1/named.conf.in (+1/-0)
bin/tests/system/views/ns2/named1.conf.in (+1/-0)
bin/tests/system/views/ns2/named2.conf.in (+1/-0)
bin/tests/system/views/ns2/named3.conf.in (+1/-0)
bin/tests/system/views/ns3/named1.conf.in (+1/-0)
bin/tests/system/views/ns3/named2.conf.in (+1/-0)
bin/tests/system/views/ns5/named.conf.in (+1/-0)
bin/tests/system/views/tests_sh_views.py (+14/-0)
bin/tests/system/wildcard/tests.sh (+54/-52)
bin/tests/system/wildcard/tests_sh_wildcard.py (+14/-0)
bin/tests/system/xfer/clean.sh (+1/-0)
bin/tests/system/xfer/ns1/axfr-max-idle-time.db (+15/-0)
bin/tests/system/xfer/ns1/axfr-max-transfer-time.db (+15/-0)
bin/tests/system/xfer/ns1/named1.conf.in (+11/-0)
bin/tests/system/xfer/ns1/named2.conf.in (+10/-43)
bin/tests/system/xfer/ns1/named3.conf.in (+41/-0)
bin/tests/system/xfer/ns2/named.conf.in (+1/-0)
bin/tests/system/xfer/ns3/named.conf.in (+2/-0)
bin/tests/system/xfer/ns6/named.args (+1/-0)
bin/tests/system/xfer/ns6/named.conf.in (+16/-0)
bin/tests/system/xfer/ns7/named.conf.in (+1/-0)
bin/tests/system/xfer/ns8/named.conf.in (+1/-0)
bin/tests/system/xfer/setup.sh (+1/-1)
bin/tests/system/xfer/tests.sh (+54/-4)
bin/tests/system/xfer/tests_sh_xfer.py (+14/-0)
bin/tests/system/xferquota/ns1/named.conf.in (+1/-0)
bin/tests/system/xferquota/ns2/named.conf.in (+1/-0)
bin/tests/system/xferquota/tests.sh (+6/-4)
bin/tests/system/xferquota/tests_sh_xferquota.py (+14/-0)
bin/tests/system/zero/tests.sh (+3/-1)
bin/tests/system/zero/tests_sh_zero.py (+14/-0)
bin/tests/system/zonechecks/tests.sh (+30/-28)
bin/tests/system/zonechecks/tests_sh_zonechecks.py (+14/-0)
bin/tools/named-rrchecker.c (+13/-3)
config.h.in (+0/-12)
configure (+187/-120)
configure.ac (+16/-47)
contrib/README (+1/-1)
contrib/dlz/modules/bdbhpt/testing/bdbhpt-populate.pl (+3/-3)
contrib/dlz/modules/ldap/testing/slapd.conf (+2/-2)
contrib/dlz/modules/mysqldyn/README (+1/-1)
contrib/scripts/zone-edit.sh.in (+4/-4)
debian/changelog (+47/-0)
debian/patches/CVE-2023-3341.patch (+11/-14)
debian/patches/series (+0/-2)
debian/tests/control (+9/-0)
debian/tests/dyndb-ldap (+280/-0)
dev/null (+0/-171)
doc/Makefile.am (+2/-0)
doc/Makefile.in (+6/-5)
doc/arm/Makefile.in (+1/-1)
doc/arm/build.inc.rst (+6/-4)
doc/arm/dns-ops.inc.rst (+1/-1)
doc/arm/index.rst (+3/-0)
doc/arm/intro-dns-bind.inc.rst (+53/-53)
doc/arm/intro-security.inc.rst (+31/-31)
doc/arm/introduction.inc.rst (+6/-6)
doc/arm/logging-categories.inc.rst (+10/-10)
doc/arm/notes.rst (+6/-0)
doc/arm/platforms.inc.rst (+5/-5)
doc/arm/reference.rst (+111/-33)
doc/arm/requirements.txt (+3/-3)
doc/arm/security.inc.rst (+1/-1)
doc/arm/troubleshooting.inc.rst (+1/-1)
doc/arm/zones.inc.rst (+1/-0)
doc/dnssec-guide/introduction.rst (+2/-2)
doc/dnssec-guide/preface.rst (+1/-1)
doc/dnssec-guide/recipes.rst (+3/-3)
doc/dnssec-guide/signing.rst (+2/-2)
doc/dnssec-guide/troubleshooting.rst (+3/-3)
doc/dnssec-guide/validation.rst (+0/-2)
doc/man/Makefile.am (+6/-5)
doc/man/Makefile.in (+31/-34)
doc/man/ddns-confgen.8in (+4/-4)
doc/man/delv.1in (+13/-13)
doc/man/dig.1in (+6/-6)
doc/man/dnssec-dsfromkey.1in (+1/-1)
doc/man/dnssec-importkey.1in (+1/-1)
doc/man/dnssec-keygen.1in (+1/-1)
doc/man/dnssec-signzone.1in (+5/-5)
doc/man/filter-a.8in (+2/-2)
doc/man/filter-aaaa.8in (+2/-2)
doc/man/host.1in (+3/-3)
doc/man/mdig.1in (+10/-10)
doc/man/named-checkconf.1in (+1/-1)
doc/man/named-checkzone.1in (+2/-2)
doc/man/named-compilezone.1in (+3/-3)
doc/man/named.conf.5in (+12/-12)
doc/man/nsec3hash.1in (+1/-1)
doc/man/nsupdate.1in (+5/-1)
doc/man/rndc.8in (+15/-11)
doc/man/rndc.conf.5in (+7/-7)
doc/man/tsig-keygen.8in (+1/-1)
doc/misc/forward.zoneopt (+1/-1)
doc/misc/hint.zoneopt (+1/-1)
doc/misc/options (+6/-6)
doc/misc/primary.zoneopt (+1/-1)
doc/misc/secondary.zoneopt (+1/-1)
doc/misc/stub.zoneopt (+2/-2)
doc/notes/notes-9.18.13.rst (+75/-0)
doc/notes/notes-9.18.14.rst (+46/-0)
doc/notes/notes-9.18.15.rst (+57/-0)
doc/notes/notes-9.18.16.rst (+72/-0)
doc/notes/notes-9.18.17.rst (+42/-0)
doc/notes/notes-9.18.18.rst (+47/-0)
doc/notes/notes-known-issues.rst (+11/-0)
lib/bind9/check.c (+15/-7)
lib/bind9/include/bind9/check.h (+3/-1)
lib/dns/adb.c (+43/-25)
lib/dns/catz.c (+710/-487)
lib/dns/clientinfo.c (+6/-2)
lib/dns/dispatch.c (+48/-33)
lib/dns/dnssec.c (+11/-5)
lib/dns/dst_api.c (+126/-66)
lib/dns/dst_internal.h (+10/-0)
lib/dns/dst_parse.c (+20/-18)
lib/dns/dyndb.c (+5/-5)
lib/dns/hmac_link.c (+13/-1)
lib/dns/include/dns/catz.h (+86/-95)
lib/dns/include/dns/clientinfo.h (+12/-2)
lib/dns/include/dns/dnssec.h (+2/-1)
lib/dns/include/dns/dyndb.h (+1/-1)
lib/dns/include/dns/kasp.h (+4/-2)
lib/dns/include/dns/message.h (+1/-0)
lib/dns/include/dns/rdataset.h (+8/-0)
lib/dns/include/dns/resolver.h (+32/-45)
lib/dns/include/dns/rpz.h (+59/-51)
lib/dns/include/dns/stats.h (+4/-3)
lib/dns/include/dns/tsig.h (+3/-1)
lib/dns/include/dns/view.h (+14/-1)
lib/dns/include/dns/xfrin.h (+1/-0)
lib/dns/include/dns/zone.h (+6/-0)
lib/dns/include/dst/dst.h (+16/-6)
lib/dns/kasp.c (+7/-1)
lib/dns/keymgr.c (+39/-20)
lib/dns/keytable.c (+7/-4)
lib/dns/master.c (+1/-1)
lib/dns/nsec3.c (+3/-2)
lib/dns/rbtdb.c (+65/-41)
lib/dns/rdataset.c (+0/-2)
lib/dns/request.c (+13/-8)
lib/dns/resolver.c (+165/-116)
lib/dns/result.c (+64/-33)
lib/dns/rpz.c (+595/-755)
lib/dns/tkey.c (+1/-1)
lib/dns/tsig.c (+18/-8)
lib/dns/validator.c (+35/-11)
lib/dns/view.c (+97/-10)
lib/dns/xfrin.c (+122/-18)
lib/dns/zone.c (+90/-47)
lib/irs/resconf.c (+4/-4)
lib/isc/Makefile.am (+0/-6)
lib/isc/Makefile.in (+40/-80)
lib/isc/errno2result.c (+1/-0)
lib/isc/hmac.c (+1/-0)
lib/isc/httpd.c (+34/-17)
lib/isc/include/isc/os.h (+9/-2)
lib/isc/include/isc/result.h (+7/-5)
lib/isc/include/isc/types.h (+0/-2)
lib/isc/include/isc/util.h (+10/-0)
lib/isc/lib.c (+0/-1)
lib/isc/log.c (+91/-68)
lib/isc/mem.c (+0/-1)
lib/isc/netmgr/netmgr-int.h (+4/-3)
lib/isc/netmgr/netmgr.c (+23/-9)
lib/isc/netmgr/tlsstream.c (+6/-2)
lib/isc/netmgr/uverr2result.c (+7/-5)
lib/isc/os.c (+14/-0)
lib/isc/radix.c (+3/-3)
lib/isc/result.c (+3/-0)
lib/isccfg/namedconf.c (+8/-5)
lib/ns/client.c (+17/-11)
lib/ns/include/ns/client.h (+1/-0)
lib/ns/include/ns/server.h (+19/-16)
lib/ns/query.c (+84/-49)
lib/ns/server.c (+0/-1)
lib/ns/update.c (+2/-2)
lib/ns/xfrout.c (+33/-0)
srcid (+1/-1)
tests/dns/acl_test.c (+1/-0)
tests/dns/db_test.c (+1/-0)
tests/dns/dbdiff_test.c (+1/-0)
tests/dns/dbiterator_test.c (+1/-0)
tests/dns/dbversion_test.c (+1/-0)
tests/dns/dh_test.c (+8/-0)
tests/dns/dns64_test.c (+1/-0)
tests/dns/dst_test.c (+8/-0)
tests/dns/geoip_test.c (+1/-0)
tests/dns/master_test.c (+1/-0)
tests/dns/nsec3_test.c (+1/-0)
tests/dns/nsec3param_test.c (+1/-0)
tests/dns/rbtdb_test.c (+170/-0)
tests/dns/rdata_test.c (+1/-0)
tests/dns/rdataset_test.c (+1/-0)
tests/dns/resolver_test.c (+1/-0)
tests/dns/rsa_test.c (+8/-0)
tests/dns/sigs_test.c (+1/-0)
tests/dns/tsig_test.c (+1/-0)
tests/dns/zonemgr_test.c (+1/-0)
tests/dns/zt_test.c (+1/-0)
tests/irs/resconf_test.c (+1/-0)
tests/isc/aes_test.c (+1/-0)
tests/isc/buffer_test.c (+1/-0)
tests/isc/counter_test.c (+1/-0)
tests/isc/crc64_test.c (+1/-0)
tests/isc/doh_test.c (+31/-25)
tests/isc/errno_test.c (+1/-0)
tests/isc/file_test.c (+1/-0)
tests/isc/heap_test.c (+1/-0)
tests/isc/hmac_test.c (+8/-0)
tests/isc/ht_test.c (+2/-2)
tests/isc/lex_test.c (+1/-0)
tests/isc/md_test.c (+1/-0)
tests/isc/netaddr_test.c (+1/-0)
tests/isc/netmgr_test.c (+8/-0)
tests/isc/pool_test.c (+1/-0)
tests/isc/quota_test.c (+1/-0)
tests/isc/radix_test.c (+51/-0)
tests/isc/regex_test.c (+1/-0)
tests/isc/result_test.c (+1/-0)
tests/isc/safe_test.c (+1/-0)
tests/isc/siphash_test.c (+1/-0)
tests/isc/sockaddr_test.c (+1/-0)
tests/isc/stats_test.c (+1/-0)
tests/isc/symtab_test.c (+1/-0)
tests/isc/taskpool_test.c (+1/-0)
tests/isc/time_test.c (+1/-0)
tests/isccfg/duration_test.c (+1/-1)
tests/isccfg/parser_test.c (+1/-0)
tests/ns/listenlist_test.c (+2/-2)
tests/ns/notify_test.c (+2/-2)
tests/ns/plugin_test.c (+1/-0)
tests/ns/query_test.c (+1/-2)
tests/unit-test-driver.sh.in (+2/-2)
Reviewer Review Type Date Requested Status
Andreas Hasenack Approve
git-ubuntu bot Approve
Canonical Server Reporter Pending
Review via email: mp+451681@code.launchpad.net

Description of the change

MRE update for lunar to 9.18.18

PPA: https://launchpad.net/~lvoytek/+archive/ubuntu/bind9-mre

local autopkgtest results:

autopkgtest [13:03:19]: @@@@@@@@@@@@@@@@@@@@ summary
simpletest PASS
validation FLAKY non-zero exit status 1
zonetest PASS
qemu-system-x86_64: terminating on signal 15 from pid 91464 (/usr/bin/python3)

validation is still broken as expected.

This will also require a bind-dyndb-ldap update with a patch once this gets to proposed.

To post a comment you must log in.
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Grabbing this

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

> bind9 (1:9.18.18-0ubuntu0.23.04.1) lunar; urgency=medium
>
> * New upstream release 9.18.18 (LP: #2028413)
> - Updates:

In d/changelog, indentation of the "New upstream release" line is starting on column 1.

Even though #2015176 is being fixed as part of the MRE, and does not *necessarily* require the SRU template, I think it's worth it filling it out here because of the test case. Mostly you can refer to the MRE bug, but the test plan should be easy to write and follow.

+1 with the changelog update

review: Approve
Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Uhoh https://ubuntu.com/security/notices/USN-6390-1

Revision history for this message
git-ubuntu bot (git-ubuntu-bot) wrote :

Approvers: ahasenack, lvoytek
Uploaders: ahasenack
MP auto-approved

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

Alright, updated and rebased both the lunar and jammy mps and wrote out the SRU template for the HMAC-MD5 key bug. Changes are publishing in my PPA now

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1, a final DEP8 check can be done in the ppa once everything is rebuilt.

Security published bind-dyndb-ldap to the security pocket already.

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

local autopkgtest run complete:

autopkgtest [11:26:25]: @@@@@@@@@@@@@@@@@@@@ summary
simpletest PASS
validation FLAKY non-zero exit status 1
zonetest PASS
dyndb-ldap PASS
qemu-system-x86_64: terminating on signal 15 from pid 30674 (/usr/bin/python3)

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

+1

review: Approve
Revision history for this message
Lena Voytek (lvoytek) wrote :

Thanks for all the help! Would you be willing to sponsor these uploads for me?

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Of course, I'm just checking lunar now

Revision history for this message
Andreas Hasenack (ahasenack) wrote :

Uploaded with rich history:

Uploading bind9_9.18.18-0ubuntu0.23.04.1.dsc
Uploading bind9_9.18.18.orig.tar.xz
Uploading bind9_9.18.18.orig.tar.xz.asc
Uploading bind9_9.18.18-0ubuntu0.23.04.1.debian.tar.xz
Uploading bind9_9.18.18-0ubuntu0.23.04.1_source.buildinfo
Uploading bind9_9.18.18-0ubuntu0.23.04.1_source.changes

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/CHANGES b/CHANGES
2index e46a324..3f4e364 100644
3--- a/CHANGES
4+++ b/CHANGES
5@@ -1,3 +1,261 @@
6+ --- 9.18.18 released ---
7+
8+6220. [func] Deprecate the 'dialup' and 'heartbeat-interval'
9+ options. [GL #3700]
10+
11+6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
12+ [GL #4032]
13+
14+6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API
15+ support is not configured. [GL #4225]
16+
17+6213. [bug] Mark a primary server as temporarily unreachable if the
18+ TCP connection attempt times out. [GL #4215]
19+
20+6212. [bug] Don't process detach and close netmgr events when
21+ the netmgr has been paused. [GL #4200]
22+
23+ --- 9.18.17 released ---
24+
25+6206. [bug] Add shutdown checks in dns_catz_dbupdate_callback() to
26+ avoid a race with dns_catz_shutdown_catzs(). [GL #4171]
27+
28+6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs.
29+ [GL #4154]
30+
31+6204. [bug] Use NS records for relaxed QNAME-minimization mode.
32+ This reduces the number of queries named makes when
33+ resolving, as it allows the non-existence of NS RRsets
34+ at non-referral nodes to be cached in addition to the
35+ referrals that are normally cached. [GL #3325]
36+
37+6200. [bug] Fix nslookup erroneously reporting a timeout when the
38+ input is delayed. [GL #4044]
39+
40+6199. [bug] Improve HTTP Connection: header protocol conformance
41+ in the statistics channel. [GL #4126]
42+
43+6198. [func] Remove the holes in the isc_result_t enum to compact
44+ the isc_result tables. [GL #4149]
45+
46+6197. [bug] Fix a data race between the dns_zone and dns_catz
47+ modules when registering/unregistering a database
48+ update notification callback for a catalog zone.
49+ [GL #4132]
50+
51+6196. [cleanup] Report "permission denied" instead of "unexpected error"
52+ when trying to update a zone file on a read-only file
53+ system. Thanks to Midnight Veil. [GL #4134]
54+
55+6193. [bug] Fix a catz db update notification callback registration
56+ logic error, which could crash named when receiving an
57+ AXFR update for a catalog zone while the previous update
58+ process of the catalog zone was already running.
59+ [GL #4136]
60+
61+6166. [func] Retry without DNS COOKIE on FORMERR if it appears that
62+ the FORMERR was due to the presence of a DNS COOKIE
63+ option. [GL #4049]
64+
65+ --- 9.18.16 released ---
66+
67+6192. [security] A query that prioritizes stale data over lookup
68+ triggers a fetch to refresh the stale data in cache.
69+ If the fetch is aborted for exceeding the recursion
70+ quota, it was possible for 'named' to enter an infinite
71+ callback loop and crash due to stack overflow. This has
72+ been fixed. (CVE-2023-2911) [GL #4089]
73+
74+6190. [security] Improve the overmem cleaning process to prevent the
75+ cache going over the configured limit. (CVE-2023-2828)
76+ [GL #4055]
77+
78+6188. [performance] Reduce memory consumption by allocating properly
79+ sized send buffers for stream-based transports.
80+ [GL #4038]
81+
82+6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
83+ 'stale-answer-enable' options was enabled and the
84+ 'stale-answer-client-timeout' option was enabled and
85+ larger than 0, named was taking two places from the
86+ 'clients-per-query' limit for each client and was
87+ failing to gradually auto-tune its value, as configured.
88+ [GL #4074]
89+
90+6185. [func] Add "ClientQuota" statistics channel counter, which
91+ indicates the number of the resolver's spilled queries
92+ due to reaching the clients per query quota. [GL !7978]
93+
94+6183. [bug] Fix a serve-stale bug where a delegation from cache
95+ could be returned to the client. [GL #3950]
96+
97+6182. [cleanup] Remove configure checks for epoll, kqueue and
98+ /dev/poll. [GL #4098]
99+
100+6181. [func] The "tkey-dhkey" option has been deprecated; a
101+ warning will be logged when it is used. In a future
102+ release, Diffie-Hellman TKEY mode will be removed.
103+ [GL #3905]
104+
105+6180. [bug] The session key object could be incorrectly added
106+ to multiple different views' keyrings. [GL #4079]
107+
108+6179. [bug] Fix an interfacemgr use-after-free error in
109+ zoneconf.c:isself(). [GL #3765]
110+
111+6176. [test] Add support for using pytest & pytest-xdist to
112+ execute the system test suite. [GL #3978]
113+
114+6174. [bug] BIND could get stuck on reconfiguration when a
115+ 'listen' statement for HTTP is removed from the
116+ configuration. That has been fixed. [GL #4071]
117+
118+6173. [bug] Properly process extra "nameserver" lines in
119+ resolv.conf otherwise the next line is not properly
120+ processed. [GL #4066]
121+
122+6169. [bug] named could crash when deleting inline-signing zones
123+ with "rndc delzone". [GL #4054]
124+
125+6165. [bug] Fix a logic error in dighost.c which could call the
126+ dighost_shutdown() callback twice and cause problems
127+ if the callback function was not idempotent. [GL #4039]
128+
129+ --- 9.18.15 released ---
130+
131+6164. [bug] Set the rndc idle read timeout back to 60 seconds,
132+ from the netmgr default of 30 seconds, in order to
133+ match the behavior of 9.16 and earlier. [GL #4046]
134+
135+6161. [bug] Fix log file rotation when using absolute path as
136+ file. [GL #3991]
137+
138+6157. [bug] When removing delegations in an OPTOUT range
139+ empty-non-terminal NSEC3 records generated by
140+ those delegations were not removed. [GL #4027]
141+
142+6156. [bug] Reimplement the maximum and idle timeouts for incoming
143+ zone tranfers. [GL #4004]
144+
145+6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error
146+ in the dispatch code to avoid retrying with the
147+ same server. [GL #4005]
148+
149+6152. [bug] In dispatch, honour the configured source-port
150+ selection when UDP connection fails with address
151+ in use error.
152+
153+ Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
154+ [GL #3986]
155+
156+6149. [test] As a workaround, include an OpenSSL header file before
157+ including cmocka.h in the unit tests, because OpenSSL
158+ 3.1.0 uses __attribute__(malloc), conflicting with a
159+ redefined malloc in cmocka.h. [GL #4000]
160+
161+ --- 9.18.14 released ---
162+
163+6145. [bug] Fix a possible use-after-free bug in the
164+ dns__catz_done_cb() function. [GL #3997]
165+
166+6143. [bug] A reference counting problem on the error path in
167+ the xfrin_connect_done() might cause an assertion
168+ failure on shutdown. [GL #3989]
169+
170+6142. [bug] Reduce the number of dns_dnssec_verify calls made
171+ determining if revoked keys needs to be removed from
172+ the trust anchors. [GL #3981]
173+
174+6141. [bug] Fix several issues in nsupdate timeout handling and
175+ update the -t option's documentation. [GL #3674]
176+
177+6138. [doc] Fix the DF-flag documentation on the outgoing
178+ UDP packets. [GL #3710]
179+
180+6136. [cleanup] Remove the isc_fsaccess API in favor of creating
181+ temporary file first and atomically replace the key
182+ with non-truncated content. [GL #3982]
183+
184+6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
185+
186+6129. [cleanup] Value stored to 'source' during its initialization is
187+ never read. [GL #3965]
188+
189+6128. [bug] Fix an omission in an earlier commit to avoid a race
190+ between the 'dns__catz_update_cb()' and
191+ 'dns_catz_dbupdate_callback()' functions. [GL #3968]
192+
193+6126. [cleanup] Deprecate zone type "delegation-only" and the
194+ "delegation-only" and "root-delegation-only"
195+ options. [GL #3953]
196+
197+6125. [bug] Hold a catz reference while the update process is
198+ running, so that the catalog zone is not destroyed
199+ during shutdown until the update process is finished or
200+ properly canceled by the activated 'shuttingdown' flag.
201+ [GL #3955]
202+
203+6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
204+ an NSEC3 incapable DNSSEC algorithm using KASP the zone
205+ could sometimes be incompletely signed. [GL #3937]
206+
207+6121. [bug] Fix BIND and dig zone transfer hanging when
208+ downloading large zones over TLS from a primary server,
209+ especially over unstable connections. [GL #3867]
210+
211+ --- 9.18.13 released ---
212+
213+6120. [bug] Use two pairs of dns_db_t and dns_dbversion_t in a
214+ catalog zone structure to avoid a race between the
215+ dns__catz_update_cb() and dns_catz_dbupdate_callback()
216+ functions. [GL #3907]
217+
218+6119. [bug] Make sure to revert the reconfigured zones to the
219+ previous version of the view, when the new view
220+ reconfiguration fails during the configuration of
221+ one of the configured zones. [GL #3911]
222+
223+6116. [bug] Fix error path cleanup issues in dns_catz_new_zones()
224+ and dns_catz_new_zone() functions. [GL #3900]
225+
226+6115. [bug] Unregister db update notify callback before detaching
227+ from the previous db inside the catz update notify
228+ callback. [GL #3777]
229+
230+6114. [func] Run the catalog zone update process on the offload
231+ threads. [GL #3881]
232+
233+6113. [func] Add shutdown signaling for catalog zones. [GL !7571]
234+
235+6112. [func] Add reference count tracing for dns_catz_zone_t and
236+ dns_catz_zones_t. [GL !7570]
237+
238+6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in
239+ configure_rpz() and configure_catz(), respectively,
240+ just after attaching it to the new view. [GL #3880]
241+
242+6098. [test] Don't test HMAC-MD5 when not supported by libcrypto.
243+ [GL #3871]
244+
245+6096. [bug] Fix RPZ reference counting error on shutdown in
246+ dns__rpz_timer_cb(). [GL #3866]
247+
248+6095. [test] Test various 'islands of trust' configurations when
249+ using managed keys. [GL #3662]
250+
251+6094. [bug] Building against (or running with) libuv versions
252+ 1.35.0 and 1.36.0 is now a fatal error. The rules for
253+ mixing and matching compile-time and run-time libuv
254+ versions have been tightened for libuv versions between
255+ 1.35.0 and 1.40.0. [GL #3840]
256+
257+6092. [bug] dnssec-cds failed to cleanup properly. [GL #3831]
258+
259+6089. [bug] Source ports configured for query-source,
260+ transfer-source, etc, were being ignored. (This
261+ feature is deprecated, but it is not yet removed,
262+ so the bug still needed fixing.) [GL #3790]
263+
264 --- 9.18.12 released ---
265
266 6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently
267@@ -45,6 +303,12 @@
268 not negotiate "dot" ALPN token could crash BIND
269 on shutdown. That has been fixed. [GL #3767]
270
271+6057. [bug] Fix shutdown and error path bugs in the rpz unit.
272+ [GL #3735]
273+
274+5850. [func] Run the RPZ update process on the offload threads.
275+ [GL #3190]
276+
277 --- 9.18.11 released ---
278
279 6067. [security] Fix serve-stale crash when recursive clients soft quota
280diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
281index 0b7661b..4b3db89 100644
282--- a/CONTRIBUTING.md
283+++ b/CONTRIBUTING.md
284@@ -71,14 +71,14 @@ To clone the repository, use:
285
286 > $ git clone https://gitlab.isc.org/isc-projects/bind9.git
287
288-Release branch names are of the form `v9_X`, where X represents the second
289-number in the BIND 9 version number. So, to check out the BIND 9.12
290+Release branch names are of the form `bind-9.X`, where X represents the second
291+number in the BIND 9 version number. So, to check out the BIND 9.18
292 branch, use:
293
294-> $ git checkout v9_12
295+> $ git checkout bind-9.18
296
297 Whenever a branch is ready for publication, a tag is placed of the
298-form `v9_X_Y`. The 9.12.0 release, for instance, is tagged as `v9_12_0`.
299+form `v9.X.Y`. The 9.18.0 release, for instance, is tagged as `v9.18.0`.
300
301 The branch in which the next major release is being developed is called
302 `main`.
303diff --git a/COPYRIGHT b/COPYRIGHT
304index f9413d0..12f7917 100644
305--- a/COPYRIGHT
306+++ b/COPYRIGHT
307@@ -133,7 +133,7 @@ modification, are permitted provided that the following conditions are met:
308 3. Neither the name of the University nor the names of its contributors may
309 be used to endorse or promote products derived from this software
310 without specific prior written permission.
311-
312+
313 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
314 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
315 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
316@@ -149,35 +149,35 @@ POSSIBILITY OF SUCH DAMAGE.
317 -----------------------------------------------------------------------------
318
319 Copyright (c) 1997 - 2003 Kungliga Tekniska H�gskolan
320-(Royal Institute of Technology, Stockholm, Sweden).
321-All rights reserved.
322-
323-Redistribution and use in source and binary forms, with or without
324-modification, are permitted provided that the following conditions
325-are met:
326-
327-1. Redistributions of source code must retain the above copyright
328- notice, this list of conditions and the following disclaimer.
329-
330-2. Redistributions in binary form must reproduce the above copyright
331- notice, this list of conditions and the following disclaimer in the
332- documentation and/or other materials provided with the distribution.
333-
334-3. Neither the name of the Institute nor the names of its contributors
335- may be used to endorse or promote products derived from this software
336- without specific prior written permission.
337-
338-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
339-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
340-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
341-ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
342-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
343-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
344-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
345-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
346-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
347-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
348-SUCH DAMAGE.
349+(Royal Institute of Technology, Stockholm, Sweden).
350+All rights reserved.
351+
352+Redistribution and use in source and binary forms, with or without
353+modification, are permitted provided that the following conditions
354+are met:
355+
356+1. Redistributions of source code must retain the above copyright
357+ notice, this list of conditions and the following disclaimer.
358+
359+2. Redistributions in binary form must reproduce the above copyright
360+ notice, this list of conditions and the following disclaimer in the
361+ documentation and/or other materials provided with the distribution.
362+
363+3. Neither the name of the Institute nor the names of its contributors
364+ may be used to endorse or promote products derived from this software
365+ without specific prior written permission.
366+
367+THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND
368+ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
369+IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
370+ARE DISCLAIMED. IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE
371+FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
372+DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
373+OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
374+HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
375+LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
376+OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
377+SUCH DAMAGE.
378
379 -----------------------------------------------------------------------------
380
381diff --git a/ChangeLog b/ChangeLog
382index e46a324..3f4e364 100644
383--- a/ChangeLog
384+++ b/ChangeLog
385@@ -1,3 +1,261 @@
386+ --- 9.18.18 released ---
387+
388+6220. [func] Deprecate the 'dialup' and 'heartbeat-interval'
389+ options. [GL #3700]
390+
391+6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
392+ [GL #4032]
393+
394+6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API
395+ support is not configured. [GL #4225]
396+
397+6213. [bug] Mark a primary server as temporarily unreachable if the
398+ TCP connection attempt times out. [GL #4215]
399+
400+6212. [bug] Don't process detach and close netmgr events when
401+ the netmgr has been paused. [GL #4200]
402+
403+ --- 9.18.17 released ---
404+
405+6206. [bug] Add shutdown checks in dns_catz_dbupdate_callback() to
406+ avoid a race with dns_catz_shutdown_catzs(). [GL #4171]
407+
408+6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs.
409+ [GL #4154]
410+
411+6204. [bug] Use NS records for relaxed QNAME-minimization mode.
412+ This reduces the number of queries named makes when
413+ resolving, as it allows the non-existence of NS RRsets
414+ at non-referral nodes to be cached in addition to the
415+ referrals that are normally cached. [GL #3325]
416+
417+6200. [bug] Fix nslookup erroneously reporting a timeout when the
418+ input is delayed. [GL #4044]
419+
420+6199. [bug] Improve HTTP Connection: header protocol conformance
421+ in the statistics channel. [GL #4126]
422+
423+6198. [func] Remove the holes in the isc_result_t enum to compact
424+ the isc_result tables. [GL #4149]
425+
426+6197. [bug] Fix a data race between the dns_zone and dns_catz
427+ modules when registering/unregistering a database
428+ update notification callback for a catalog zone.
429+ [GL #4132]
430+
431+6196. [cleanup] Report "permission denied" instead of "unexpected error"
432+ when trying to update a zone file on a read-only file
433+ system. Thanks to Midnight Veil. [GL #4134]
434+
435+6193. [bug] Fix a catz db update notification callback registration
436+ logic error, which could crash named when receiving an
437+ AXFR update for a catalog zone while the previous update
438+ process of the catalog zone was already running.
439+ [GL #4136]
440+
441+6166. [func] Retry without DNS COOKIE on FORMERR if it appears that
442+ the FORMERR was due to the presence of a DNS COOKIE
443+ option. [GL #4049]
444+
445+ --- 9.18.16 released ---
446+
447+6192. [security] A query that prioritizes stale data over lookup
448+ triggers a fetch to refresh the stale data in cache.
449+ If the fetch is aborted for exceeding the recursion
450+ quota, it was possible for 'named' to enter an infinite
451+ callback loop and crash due to stack overflow. This has
452+ been fixed. (CVE-2023-2911) [GL #4089]
453+
454+6190. [security] Improve the overmem cleaning process to prevent the
455+ cache going over the configured limit. (CVE-2023-2828)
456+ [GL #4055]
457+
458+6188. [performance] Reduce memory consumption by allocating properly
459+ sized send buffers for stream-based transports.
460+ [GL #4038]
461+
462+6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
463+ 'stale-answer-enable' options was enabled and the
464+ 'stale-answer-client-timeout' option was enabled and
465+ larger than 0, named was taking two places from the
466+ 'clients-per-query' limit for each client and was
467+ failing to gradually auto-tune its value, as configured.
468+ [GL #4074]
469+
470+6185. [func] Add "ClientQuota" statistics channel counter, which
471+ indicates the number of the resolver's spilled queries
472+ due to reaching the clients per query quota. [GL !7978]
473+
474+6183. [bug] Fix a serve-stale bug where a delegation from cache
475+ could be returned to the client. [GL #3950]
476+
477+6182. [cleanup] Remove configure checks for epoll, kqueue and
478+ /dev/poll. [GL #4098]
479+
480+6181. [func] The "tkey-dhkey" option has been deprecated; a
481+ warning will be logged when it is used. In a future
482+ release, Diffie-Hellman TKEY mode will be removed.
483+ [GL #3905]
484+
485+6180. [bug] The session key object could be incorrectly added
486+ to multiple different views' keyrings. [GL #4079]
487+
488+6179. [bug] Fix an interfacemgr use-after-free error in
489+ zoneconf.c:isself(). [GL #3765]
490+
491+6176. [test] Add support for using pytest & pytest-xdist to
492+ execute the system test suite. [GL #3978]
493+
494+6174. [bug] BIND could get stuck on reconfiguration when a
495+ 'listen' statement for HTTP is removed from the
496+ configuration. That has been fixed. [GL #4071]
497+
498+6173. [bug] Properly process extra "nameserver" lines in
499+ resolv.conf otherwise the next line is not properly
500+ processed. [GL #4066]
501+
502+6169. [bug] named could crash when deleting inline-signing zones
503+ with "rndc delzone". [GL #4054]
504+
505+6165. [bug] Fix a logic error in dighost.c which could call the
506+ dighost_shutdown() callback twice and cause problems
507+ if the callback function was not idempotent. [GL #4039]
508+
509+ --- 9.18.15 released ---
510+
511+6164. [bug] Set the rndc idle read timeout back to 60 seconds,
512+ from the netmgr default of 30 seconds, in order to
513+ match the behavior of 9.16 and earlier. [GL #4046]
514+
515+6161. [bug] Fix log file rotation when using absolute path as
516+ file. [GL #3991]
517+
518+6157. [bug] When removing delegations in an OPTOUT range
519+ empty-non-terminal NSEC3 records generated by
520+ those delegations were not removed. [GL #4027]
521+
522+6156. [bug] Reimplement the maximum and idle timeouts for incoming
523+ zone tranfers. [GL #4004]
524+
525+6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error
526+ in the dispatch code to avoid retrying with the
527+ same server. [GL #4005]
528+
529+6152. [bug] In dispatch, honour the configured source-port
530+ selection when UDP connection fails with address
531+ in use error.
532+
533+ Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
534+ [GL #3986]
535+
536+6149. [test] As a workaround, include an OpenSSL header file before
537+ including cmocka.h in the unit tests, because OpenSSL
538+ 3.1.0 uses __attribute__(malloc), conflicting with a
539+ redefined malloc in cmocka.h. [GL #4000]
540+
541+ --- 9.18.14 released ---
542+
543+6145. [bug] Fix a possible use-after-free bug in the
544+ dns__catz_done_cb() function. [GL #3997]
545+
546+6143. [bug] A reference counting problem on the error path in
547+ the xfrin_connect_done() might cause an assertion
548+ failure on shutdown. [GL #3989]
549+
550+6142. [bug] Reduce the number of dns_dnssec_verify calls made
551+ determining if revoked keys needs to be removed from
552+ the trust anchors. [GL #3981]
553+
554+6141. [bug] Fix several issues in nsupdate timeout handling and
555+ update the -t option's documentation. [GL #3674]
556+
557+6138. [doc] Fix the DF-flag documentation on the outgoing
558+ UDP packets. [GL #3710]
559+
560+6136. [cleanup] Remove the isc_fsaccess API in favor of creating
561+ temporary file first and atomically replace the key
562+ with non-truncated content. [GL #3982]
563+
564+6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
565+
566+6129. [cleanup] Value stored to 'source' during its initialization is
567+ never read. [GL #3965]
568+
569+6128. [bug] Fix an omission in an earlier commit to avoid a race
570+ between the 'dns__catz_update_cb()' and
571+ 'dns_catz_dbupdate_callback()' functions. [GL #3968]
572+
573+6126. [cleanup] Deprecate zone type "delegation-only" and the
574+ "delegation-only" and "root-delegation-only"
575+ options. [GL #3953]
576+
577+6125. [bug] Hold a catz reference while the update process is
578+ running, so that the catalog zone is not destroyed
579+ during shutdown until the update process is finished or
580+ properly canceled by the activated 'shuttingdown' flag.
581+ [GL #3955]
582+
583+6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
584+ an NSEC3 incapable DNSSEC algorithm using KASP the zone
585+ could sometimes be incompletely signed. [GL #3937]
586+
587+6121. [bug] Fix BIND and dig zone transfer hanging when
588+ downloading large zones over TLS from a primary server,
589+ especially over unstable connections. [GL #3867]
590+
591+ --- 9.18.13 released ---
592+
593+6120. [bug] Use two pairs of dns_db_t and dns_dbversion_t in a
594+ catalog zone structure to avoid a race between the
595+ dns__catz_update_cb() and dns_catz_dbupdate_callback()
596+ functions. [GL #3907]
597+
598+6119. [bug] Make sure to revert the reconfigured zones to the
599+ previous version of the view, when the new view
600+ reconfiguration fails during the configuration of
601+ one of the configured zones. [GL #3911]
602+
603+6116. [bug] Fix error path cleanup issues in dns_catz_new_zones()
604+ and dns_catz_new_zone() functions. [GL #3900]
605+
606+6115. [bug] Unregister db update notify callback before detaching
607+ from the previous db inside the catz update notify
608+ callback. [GL #3777]
609+
610+6114. [func] Run the catalog zone update process on the offload
611+ threads. [GL #3881]
612+
613+6113. [func] Add shutdown signaling for catalog zones. [GL !7571]
614+
615+6112. [func] Add reference count tracing for dns_catz_zone_t and
616+ dns_catz_zones_t. [GL !7570]
617+
618+6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in
619+ configure_rpz() and configure_catz(), respectively,
620+ just after attaching it to the new view. [GL #3880]
621+
622+6098. [test] Don't test HMAC-MD5 when not supported by libcrypto.
623+ [GL #3871]
624+
625+6096. [bug] Fix RPZ reference counting error on shutdown in
626+ dns__rpz_timer_cb(). [GL #3866]
627+
628+6095. [test] Test various 'islands of trust' configurations when
629+ using managed keys. [GL #3662]
630+
631+6094. [bug] Building against (or running with) libuv versions
632+ 1.35.0 and 1.36.0 is now a fatal error. The rules for
633+ mixing and matching compile-time and run-time libuv
634+ versions have been tightened for libuv versions between
635+ 1.35.0 and 1.40.0. [GL #3840]
636+
637+6092. [bug] dnssec-cds failed to cleanup properly. [GL #3831]
638+
639+6089. [bug] Source ports configured for query-source,
640+ transfer-source, etc, were being ignored. (This
641+ feature is deprecated, but it is not yet removed,
642+ so the bug still needed fixing.) [GL #3790]
643+
644 --- 9.18.12 released ---
645
646 6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently
647@@ -45,6 +303,12 @@
648 not negotiate "dot" ALPN token could crash BIND
649 on shutdown. That has been fixed. [GL #3767]
650
651+6057. [bug] Fix shutdown and error path bugs in the rpz unit.
652+ [GL #3735]
653+
654+5850. [func] Run the RPZ update process on the offload threads.
655+ [GL #3190]
656+
657 --- 9.18.11 released ---
658
659 6067. [security] Fix serve-stale crash when recursive clients soft quota
660diff --git a/NEWS b/NEWS
661index e46a324..3f4e364 100644
662--- a/NEWS
663+++ b/NEWS
664@@ -1,3 +1,261 @@
665+ --- 9.18.18 released ---
666+
667+6220. [func] Deprecate the 'dialup' and 'heartbeat-interval'
668+ options. [GL #3700]
669+
670+6219. [bug] Ignore 'max-zone-ttl' on 'dnssec-policy insecure'.
671+ [GL #4032]
672+
673+6215. [protocol] Return REFUSED to GSS-API TKEY requests if GSS-API
674+ support is not configured. [GL #4225]
675+
676+6213. [bug] Mark a primary server as temporarily unreachable if the
677+ TCP connection attempt times out. [GL #4215]
678+
679+6212. [bug] Don't process detach and close netmgr events when
680+ the netmgr has been paused. [GL #4200]
681+
682+ --- 9.18.17 released ---
683+
684+6206. [bug] Add shutdown checks in dns_catz_dbupdate_callback() to
685+ avoid a race with dns_catz_shutdown_catzs(). [GL #4171]
686+
687+6205. [bug] Restore support to read legacy HMAC-MD5 K file pairs.
688+ [GL #4154]
689+
690+6204. [bug] Use NS records for relaxed QNAME-minimization mode.
691+ This reduces the number of queries named makes when
692+ resolving, as it allows the non-existence of NS RRsets
693+ at non-referral nodes to be cached in addition to the
694+ referrals that are normally cached. [GL #3325]
695+
696+6200. [bug] Fix nslookup erroneously reporting a timeout when the
697+ input is delayed. [GL #4044]
698+
699+6199. [bug] Improve HTTP Connection: header protocol conformance
700+ in the statistics channel. [GL #4126]
701+
702+6198. [func] Remove the holes in the isc_result_t enum to compact
703+ the isc_result tables. [GL #4149]
704+
705+6197. [bug] Fix a data race between the dns_zone and dns_catz
706+ modules when registering/unregistering a database
707+ update notification callback for a catalog zone.
708+ [GL #4132]
709+
710+6196. [cleanup] Report "permission denied" instead of "unexpected error"
711+ when trying to update a zone file on a read-only file
712+ system. Thanks to Midnight Veil. [GL #4134]
713+
714+6193. [bug] Fix a catz db update notification callback registration
715+ logic error, which could crash named when receiving an
716+ AXFR update for a catalog zone while the previous update
717+ process of the catalog zone was already running.
718+ [GL #4136]
719+
720+6166. [func] Retry without DNS COOKIE on FORMERR if it appears that
721+ the FORMERR was due to the presence of a DNS COOKIE
722+ option. [GL #4049]
723+
724+ --- 9.18.16 released ---
725+
726+6192. [security] A query that prioritizes stale data over lookup
727+ triggers a fetch to refresh the stale data in cache.
728+ If the fetch is aborted for exceeding the recursion
729+ quota, it was possible for 'named' to enter an infinite
730+ callback loop and crash due to stack overflow. This has
731+ been fixed. (CVE-2023-2911) [GL #4089]
732+
733+6190. [security] Improve the overmem cleaning process to prevent the
734+ cache going over the configured limit. (CVE-2023-2828)
735+ [GL #4055]
736+
737+6188. [performance] Reduce memory consumption by allocating properly
738+ sized send buffers for stream-based transports.
739+ [GL #4038]
740+
741+6186. [bug] Fix a 'clients-per-query' miscalculation bug. When the
742+ 'stale-answer-enable' options was enabled and the
743+ 'stale-answer-client-timeout' option was enabled and
744+ larger than 0, named was taking two places from the
745+ 'clients-per-query' limit for each client and was
746+ failing to gradually auto-tune its value, as configured.
747+ [GL #4074]
748+
749+6185. [func] Add "ClientQuota" statistics channel counter, which
750+ indicates the number of the resolver's spilled queries
751+ due to reaching the clients per query quota. [GL !7978]
752+
753+6183. [bug] Fix a serve-stale bug where a delegation from cache
754+ could be returned to the client. [GL #3950]
755+
756+6182. [cleanup] Remove configure checks for epoll, kqueue and
757+ /dev/poll. [GL #4098]
758+
759+6181. [func] The "tkey-dhkey" option has been deprecated; a
760+ warning will be logged when it is used. In a future
761+ release, Diffie-Hellman TKEY mode will be removed.
762+ [GL #3905]
763+
764+6180. [bug] The session key object could be incorrectly added
765+ to multiple different views' keyrings. [GL #4079]
766+
767+6179. [bug] Fix an interfacemgr use-after-free error in
768+ zoneconf.c:isself(). [GL #3765]
769+
770+6176. [test] Add support for using pytest & pytest-xdist to
771+ execute the system test suite. [GL #3978]
772+
773+6174. [bug] BIND could get stuck on reconfiguration when a
774+ 'listen' statement for HTTP is removed from the
775+ configuration. That has been fixed. [GL #4071]
776+
777+6173. [bug] Properly process extra "nameserver" lines in
778+ resolv.conf otherwise the next line is not properly
779+ processed. [GL #4066]
780+
781+6169. [bug] named could crash when deleting inline-signing zones
782+ with "rndc delzone". [GL #4054]
783+
784+6165. [bug] Fix a logic error in dighost.c which could call the
785+ dighost_shutdown() callback twice and cause problems
786+ if the callback function was not idempotent. [GL #4039]
787+
788+ --- 9.18.15 released ---
789+
790+6164. [bug] Set the rndc idle read timeout back to 60 seconds,
791+ from the netmgr default of 30 seconds, in order to
792+ match the behavior of 9.16 and earlier. [GL #4046]
793+
794+6161. [bug] Fix log file rotation when using absolute path as
795+ file. [GL #3991]
796+
797+6157. [bug] When removing delegations in an OPTOUT range
798+ empty-non-terminal NSEC3 records generated by
799+ those delegations were not removed. [GL #4027]
800+
801+6156. [bug] Reimplement the maximum and idle timeouts for incoming
802+ zone tranfers. [GL #4004]
803+
804+6155. [bug] Treat ISC_R_INVALIDPROTO as a networking error
805+ in the dispatch code to avoid retrying with the
806+ same server. [GL #4005]
807+
808+6152. [bug] In dispatch, honour the configured source-port
809+ selection when UDP connection fails with address
810+ in use error.
811+
812+ Also treat ISC_R_NOPERM same as ISC_R_ADDRINUSE.
813+ [GL #3986]
814+
815+6149. [test] As a workaround, include an OpenSSL header file before
816+ including cmocka.h in the unit tests, because OpenSSL
817+ 3.1.0 uses __attribute__(malloc), conflicting with a
818+ redefined malloc in cmocka.h. [GL #4000]
819+
820+ --- 9.18.14 released ---
821+
822+6145. [bug] Fix a possible use-after-free bug in the
823+ dns__catz_done_cb() function. [GL #3997]
824+
825+6143. [bug] A reference counting problem on the error path in
826+ the xfrin_connect_done() might cause an assertion
827+ failure on shutdown. [GL #3989]
828+
829+6142. [bug] Reduce the number of dns_dnssec_verify calls made
830+ determining if revoked keys needs to be removed from
831+ the trust anchors. [GL #3981]
832+
833+6141. [bug] Fix several issues in nsupdate timeout handling and
834+ update the -t option's documentation. [GL #3674]
835+
836+6138. [doc] Fix the DF-flag documentation on the outgoing
837+ UDP packets. [GL #3710]
838+
839+6136. [cleanup] Remove the isc_fsaccess API in favor of creating
840+ temporary file first and atomically replace the key
841+ with non-truncated content. [GL #3982]
842+
843+6132. [doc] Remove a dead link in the DNSSEC guide. [GL #3967]
844+
845+6129. [cleanup] Value stored to 'source' during its initialization is
846+ never read. [GL #3965]
847+
848+6128. [bug] Fix an omission in an earlier commit to avoid a race
849+ between the 'dns__catz_update_cb()' and
850+ 'dns_catz_dbupdate_callback()' functions. [GL #3968]
851+
852+6126. [cleanup] Deprecate zone type "delegation-only" and the
853+ "delegation-only" and "root-delegation-only"
854+ options. [GL #3953]
855+
856+6125. [bug] Hold a catz reference while the update process is
857+ running, so that the catalog zone is not destroyed
858+ during shutdown until the update process is finished or
859+ properly canceled by the activated 'shuttingdown' flag.
860+ [GL #3955]
861+
862+6124. [bug] When changing from a NSEC3 capable DNSSEC algorithm to
863+ an NSEC3 incapable DNSSEC algorithm using KASP the zone
864+ could sometimes be incompletely signed. [GL #3937]
865+
866+6121. [bug] Fix BIND and dig zone transfer hanging when
867+ downloading large zones over TLS from a primary server,
868+ especially over unstable connections. [GL #3867]
869+
870+ --- 9.18.13 released ---
871+
872+6120. [bug] Use two pairs of dns_db_t and dns_dbversion_t in a
873+ catalog zone structure to avoid a race between the
874+ dns__catz_update_cb() and dns_catz_dbupdate_callback()
875+ functions. [GL #3907]
876+
877+6119. [bug] Make sure to revert the reconfigured zones to the
878+ previous version of the view, when the new view
879+ reconfiguration fails during the configuration of
880+ one of the configured zones. [GL #3911]
881+
882+6116. [bug] Fix error path cleanup issues in dns_catz_new_zones()
883+ and dns_catz_new_zone() functions. [GL #3900]
884+
885+6115. [bug] Unregister db update notify callback before detaching
886+ from the previous db inside the catz update notify
887+ callback. [GL #3777]
888+
889+6114. [func] Run the catalog zone update process on the offload
890+ threads. [GL #3881]
891+
892+6113. [func] Add shutdown signaling for catalog zones. [GL !7571]
893+
894+6112. [func] Add reference count tracing for dns_catz_zone_t and
895+ dns_catz_zones_t. [GL !7570]
896+
897+6105. [bug] Detach 'rpzs' and 'catzs' from the previous view in
898+ configure_rpz() and configure_catz(), respectively,
899+ just after attaching it to the new view. [GL #3880]
900+
901+6098. [test] Don't test HMAC-MD5 when not supported by libcrypto.
902+ [GL #3871]
903+
904+6096. [bug] Fix RPZ reference counting error on shutdown in
905+ dns__rpz_timer_cb(). [GL #3866]
906+
907+6095. [test] Test various 'islands of trust' configurations when
908+ using managed keys. [GL #3662]
909+
910+6094. [bug] Building against (or running with) libuv versions
911+ 1.35.0 and 1.36.0 is now a fatal error. The rules for
912+ mixing and matching compile-time and run-time libuv
913+ versions have been tightened for libuv versions between
914+ 1.35.0 and 1.40.0. [GL #3840]
915+
916+6092. [bug] dnssec-cds failed to cleanup properly. [GL #3831]
917+
918+6089. [bug] Source ports configured for query-source,
919+ transfer-source, etc, were being ignored. (This
920+ feature is deprecated, but it is not yet removed,
921+ so the bug still needed fixing.) [GL #3790]
922+
923 --- 9.18.12 released ---
924
925 6083. [bug] Fix DNSRPS-enabled builds as they were inadvertently
926@@ -45,6 +303,12 @@
927 not negotiate "dot" ALPN token could crash BIND
928 on shutdown. That has been fixed. [GL #3767]
929
930+6057. [bug] Fix shutdown and error path bugs in the rpz unit.
931+ [GL #3735]
932+
933+5850. [func] Run the RPZ update process on the offload threads.
934+ [GL #3190]
935+
936 --- 9.18.11 released ---
937
938 6067. [security] Fix serve-stale crash when recursive clients soft quota
939diff --git a/bin/check/named-checkconf.c b/bin/check/named-checkconf.c
940index 6b3616c..fd7cfa5 100644
941--- a/bin/check/named-checkconf.c
942+++ b/bin/check/named-checkconf.c
943@@ -726,7 +726,8 @@ main(int argc, char **argv) {
944 exit(1);
945 }
946
947- result = bind9_check_namedconf(config, loadplugins, logc, mctx);
948+ result = bind9_check_namedconf(config, loadplugins, nodeprecate, logc,
949+ mctx);
950 if (result != ISC_R_SUCCESS) {
951 exit_status = 1;
952 }
953diff --git a/bin/check/named-compilezone.rst b/bin/check/named-compilezone.rst
954index fa47f15..41ecff7 100644
955--- a/bin/check/named-compilezone.rst
956+++ b/bin/check/named-compilezone.rst
957@@ -220,5 +220,5 @@ and 0 otherwise.
958 See Also
959 ~~~~~~~~
960
961-:iscman:`named(8) <named>`, :iscman:`named-checkconf(8) <named-checkconf>`, :iscman:`named-checkzone(8) <named-checkzone>`, `:rfc:`1035`,
962+:iscman:`named(8) <named>`, :iscman:`named-checkconf(8) <named-checkconf>`, :iscman:`named-checkzone(8) <named-checkzone>`, :rfc:`1035`,
963 BIND 9 Administrator Reference Manual.
964diff --git a/bin/dig/dig.c b/bin/dig/dig.c
965index 9ff8b42..87552be 100644
966--- a/bin/dig/dig.c
967+++ b/bin/dig/dig.c
968@@ -233,7 +233,7 @@ help(void) {
969 " +[no]http-plain[=###] (DNS over plain HTTP "
970 "mode) "
971 "[/]\n"
972- " +[no]https-plain-get (Use GET instead of "
973+ " +[no]http-plain-get (Use GET instead of "
974 "default POST method while using plain HTTP)\n"
975 " +[no]identify (ID responders in short "
976 "answers)\n"
977@@ -2207,6 +2207,7 @@ plus_option(char *option, bool is_batchfile, bool *need_clone,
978
979 #if !TARGET_OS_IPHONE
980 exit_or_usage:
981+ cleanup_openssl_refs();
982 digexit();
983 #endif /* if !TARGET_OS_IPHONE */
984 }
985diff --git a/bin/dig/dighost.c b/bin/dig/dighost.c
986index 84cdda9..55f7bf2 100644
987--- a/bin/dig/dighost.c
988+++ b/bin/dig/dighost.c
989@@ -2361,6 +2361,7 @@ setup_lookup(dig_lookup_t *lookup) {
990 clear_current_lookup();
991 return (false);
992 #else /* if TARGET_OS_IPHONE */
993+ cleanup_openssl_refs();
994 digexit();
995 #endif /* if TARGET_OS_IPHONE */
996 }
997@@ -3246,11 +3247,11 @@ udp_ready(isc_nmhandle_t *handle, isc_result_t eresult, void *arg) {
998
999 if (next != NULL) {
1000 start_udp(next);
1001+ check_if_done();
1002 } else {
1003 clear_current_lookup();
1004 }
1005
1006- check_if_done();
1007 UNLOCK_LOOKUP;
1008 return;
1009 }
1010@@ -3651,11 +3652,11 @@ tcp_connected(isc_nmhandle_t *handle, isc_result_t eresult, void *arg) {
1011
1012 if (next != NULL) {
1013 start_tcp(next);
1014+ check_if_done();
1015 } else {
1016 clear_current_lookup();
1017 }
1018
1019- check_if_done();
1020 UNLOCK_LOOKUP;
1021 return;
1022 }
1023@@ -4708,6 +4709,25 @@ cancel_all(void) {
1024 UNLOCK_LOOKUP;
1025 }
1026
1027+void
1028+cleanup_openssl_refs(void) {
1029+ if (tsigkey != NULL) {
1030+ debug("freeing TSIG key %p", tsigkey);
1031+ dns_tsigkey_detach(&tsigkey);
1032+ }
1033+
1034+ if (sig0key != NULL) {
1035+ debug("freeing SIG(0) key %p", sig0key);
1036+ dst_key_free(&sig0key);
1037+ }
1038+
1039+ if (is_dst_up) {
1040+ debug("destroy DST lib");
1041+ dst_lib_destroy();
1042+ is_dst_up = false;
1043+ }
1044+}
1045+
1046 /*%
1047 * Destroy all of the libs we are using, and get everything ready for a
1048 * clean shutdown.
1049@@ -4739,29 +4759,16 @@ destroy_libs(void) {
1050
1051 clear_searchlist();
1052
1053- if (tsigkey != NULL) {
1054- debug("freeing TSIG key %p", tsigkey);
1055- dns_tsigkey_detach(&tsigkey);
1056- }
1057-
1058- if (sig0key != NULL) {
1059- debug("freeing SIG(0) key %p", sig0key);
1060- dst_key_free(&sig0key);
1061- }
1062+ cleanup_openssl_refs();
1063
1064 if (namebuf != NULL) {
1065 debug("freeing key %p", tsigkey);
1066 isc_buffer_free(&namebuf);
1067 }
1068
1069- if (is_dst_up) {
1070- debug("destroy DST lib");
1071- dst_lib_destroy();
1072- is_dst_up = false;
1073- }
1074-
1075 UNLOCK_LOOKUP;
1076 isc_mutex_destroy(&lookup_lock);
1077+
1078 debug("Removing log context");
1079 isc_log_destroy(&lctx);
1080
1081diff --git a/bin/dig/dighost.h b/bin/dig/dighost.h
1082index 593468a..227c315 100644
1083--- a/bin/dig/dighost.h
1084+++ b/bin/dig/dighost.h
1085@@ -296,6 +296,9 @@ noreturn void
1086 digexit(void);
1087
1088 void
1089+cleanup_openssl_refs(void);
1090+
1091+void
1092 debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
1093
1094 void
1095diff --git a/bin/dnssec/dnssec-cds.c b/bin/dnssec/dnssec-cds.c
1096index 9f6ea44..06b1f8c 100644
1097--- a/bin/dnssec/dnssec-cds.c
1098+++ b/bin/dnssec/dnssec-cds.c
1099@@ -125,15 +125,29 @@ typedef isc_result_t
1100 ds_maker_func_t(isc_buffer_t *buf, dns_rdata_t *ds, dns_dsdigest_t dt,
1101 dns_rdata_t *crdata);
1102
1103-static dns_rdataset_t cdnskey_set, cdnskey_sig;
1104-static dns_rdataset_t cds_set, cds_sig;
1105-static dns_rdataset_t dnskey_set, dnskey_sig;
1106-static dns_rdataset_t old_ds_set, new_ds_set;
1107+static dns_rdataset_t cdnskey_set = DNS_RDATASET_INIT;
1108+static dns_rdataset_t cdnskey_sig = DNS_RDATASET_INIT;
1109+static dns_rdataset_t cds_set = DNS_RDATASET_INIT;
1110+static dns_rdataset_t cds_sig = DNS_RDATASET_INIT;
1111+static dns_rdataset_t dnskey_set = DNS_RDATASET_INIT;
1112+static dns_rdataset_t dnskey_sig = DNS_RDATASET_INIT;
1113+static dns_rdataset_t old_ds_set = DNS_RDATASET_INIT;
1114+static dns_rdataset_t new_ds_set = DNS_RDATASET_INIT;
1115
1116-static keyinfo_t *old_key_tbl, *new_key_tbl;
1117+static keyinfo_t *old_key_tbl = NULL, *new_key_tbl = NULL;
1118
1119 isc_buffer_t *new_ds_buf = NULL; /* backing store for new_ds_set */
1120
1121+static dns_db_t *child_db = NULL;
1122+static dns_dbnode_t *child_node = NULL;
1123+static dns_db_t *parent_db = NULL;
1124+static dns_dbnode_t *parent_node = NULL;
1125+static dns_db_t *update_db = NULL;
1126+static dns_dbnode_t *update_node = NULL;
1127+static dns_dbversion_t *update_version = NULL;
1128+static bool cleanup_dst = false;
1129+static bool print_mem_stats = false;
1130+
1131 static void
1132 verbose_time(int level, const char *msg, isc_stdtime_t time) {
1133 isc_result_t result;
1134@@ -251,21 +265,27 @@ load_db(const char *filename, dns_db_t **dbp, dns_dbnode_t **nodep) {
1135 }
1136
1137 static void
1138-free_db(dns_db_t **dbp, dns_dbnode_t **nodep) {
1139- dns_db_detachnode(*dbp, nodep);
1140- dns_db_detach(dbp);
1141+free_db(dns_db_t **dbp, dns_dbnode_t **nodep, dns_dbversion_t **versionp) {
1142+ if (*dbp != NULL) {
1143+ if (*nodep != NULL) {
1144+ dns_db_detachnode(*dbp, nodep);
1145+ }
1146+ if (versionp != NULL && *versionp != NULL) {
1147+ dns_db_closeversion(*dbp, versionp, false);
1148+ }
1149+ dns_db_detach(dbp);
1150+ }
1151 }
1152
1153 static void
1154 load_child_sets(const char *file) {
1155- dns_db_t *db = NULL;
1156- dns_dbnode_t *node = NULL;
1157-
1158- load_db(file, &db, &node);
1159- findset(db, node, dns_rdatatype_dnskey, &dnskey_set, &dnskey_sig);
1160- findset(db, node, dns_rdatatype_cdnskey, &cdnskey_set, &cdnskey_sig);
1161- findset(db, node, dns_rdatatype_cds, &cds_set, &cds_sig);
1162- free_db(&db, &node);
1163+ load_db(file, &child_db, &child_node);
1164+ findset(child_db, child_node, dns_rdatatype_dnskey, &dnskey_set,
1165+ &dnskey_sig);
1166+ findset(child_db, child_node, dns_rdatatype_cdnskey, &cdnskey_set,
1167+ &cdnskey_sig);
1168+ findset(child_db, child_node, dns_rdatatype_cds, &cds_set, &cds_sig);
1169+ free_db(&child_db, &child_node, NULL);
1170 }
1171
1172 static void
1173@@ -314,8 +334,6 @@ get_dsset_name(char *filename, size_t size, const char *path,
1174 static void
1175 load_parent_set(const char *path) {
1176 isc_result_t result;
1177- dns_db_t *db = NULL;
1178- dns_dbnode_t *node = NULL;
1179 isc_time_t modtime;
1180 char filename[PATH_MAX + 1];
1181
1182@@ -334,15 +352,15 @@ load_parent_set(const char *path) {
1183 }
1184 verbose_time(1, "child records must not be signed before", notbefore);
1185
1186- load_db(filename, &db, &node);
1187- findset(db, node, dns_rdatatype_ds, &old_ds_set, NULL);
1188+ load_db(filename, &parent_db, &parent_node);
1189+ findset(parent_db, parent_node, dns_rdatatype_ds, &old_ds_set, NULL);
1190
1191 if (!dns_rdataset_isassociated(&old_ds_set)) {
1192 fatal("could not find DS records for %s in %s", namestr,
1193 filename);
1194 }
1195
1196- free_db(&db, &node);
1197+ free_db(&parent_db, &parent_node, NULL);
1198 }
1199
1200 #define MAX_CDS_RDATA_TEXT_SIZE DNS_RDATA_MAXLENGTH * 2
1201@@ -367,17 +385,18 @@ formatset(dns_rdataset_t *rdataset) {
1202
1203 isc_buffer_allocate(mctx, &buf, MAX_CDS_RDATA_TEXT_SIZE);
1204 result = dns_master_rdatasettotext(name, rdataset, style, NULL, buf);
1205+ dns_master_styledestroy(&style, mctx);
1206
1207 if ((result == ISC_R_SUCCESS) && isc_buffer_availablelength(buf) < 1) {
1208 result = ISC_R_NOSPACE;
1209 }
1210
1211- check_result(result, "dns_rdataset_totext()");
1212+ if (result != ISC_R_SUCCESS) {
1213+ isc_buffer_free(&buf);
1214+ check_result(result, "dns_rdataset_totext()");
1215+ }
1216
1217 isc_buffer_putuint8(buf, 0);
1218-
1219- dns_master_styledestroy(&style, mctx);
1220-
1221 return (buf);
1222 }
1223
1224@@ -420,6 +439,7 @@ write_parent_set(const char *path, const char *inplace, bool nsupdate,
1225
1226 result = isc_file_openunique(tmpname, &fp);
1227 if (result != ISC_R_SUCCESS) {
1228+ isc_buffer_free(&buf);
1229 fatal("open %s: %s", tmpname, isc_result_totext(result));
1230 }
1231 fprintf(fp, "%s", (char *)r.base);
1232@@ -514,23 +534,22 @@ static keyinfo_t *
1233 match_keyset_dsset(dns_rdataset_t *keyset, dns_rdataset_t *dsset,
1234 strictness_t strictness) {
1235 isc_result_t result;
1236- keyinfo_t *keytable;
1237+ keyinfo_t *keytable, *ki;
1238 int i;
1239
1240 nkey = dns_rdataset_count(keyset);
1241
1242 keytable = isc_mem_get(mctx, sizeof(keyinfo_t) * nkey);
1243
1244- for (result = dns_rdataset_first(keyset), i = 0;
1245- result == ISC_R_SUCCESS; result = dns_rdataset_next(keyset), i++)
1246+ for (result = dns_rdataset_first(keyset), i = 0, ki = keytable;
1247+ result == ISC_R_SUCCESS;
1248+ result = dns_rdataset_next(keyset), i++, ki++)
1249 {
1250- keyinfo_t *ki;
1251 dns_rdata_dnskey_t dnskey;
1252 dns_rdata_t *keyrdata;
1253 isc_region_t r;
1254
1255 INSIST(i < nkey);
1256- ki = &keytable[i];
1257 keyrdata = &ki->rdata;
1258
1259 dns_rdata_init(keyrdata);
1260@@ -568,8 +587,9 @@ free_keytable(keyinfo_t **keytable_p) {
1261 keyinfo_t *ki;
1262 int i;
1263
1264- for (i = 0; i < nkey; i++) {
1265- ki = &keytable[i];
1266+ REQUIRE(keytable != NULL);
1267+
1268+ for (i = 0, ki = keytable; i < nkey; i++, ki++) {
1269 if (ki->dst != NULL) {
1270 dst_key_free(&ki->dst);
1271 }
1272@@ -594,6 +614,8 @@ matching_sigs(keyinfo_t *keytbl, dns_rdataset_t *rdataset,
1273 dns_secalg_t *algo;
1274 int i;
1275
1276+ REQUIRE(keytbl != NULL);
1277+
1278 algo = isc_mem_get(mctx, nkey);
1279 memset(algo, 0, nkey);
1280
1281@@ -799,6 +821,7 @@ append_new_ds_set(ds_maker_func_t *ds_from_rdata, isc_buffer_t *buf,
1282 isc_mem_put(mctx, ds, sizeof(*ds));
1283 return (result);
1284 default:
1285+ isc_mem_put(mctx, ds, sizeof(*ds));
1286 check_result(result, "ds_from_rdata()");
1287 }
1288 }
1289@@ -956,32 +979,27 @@ static void
1290 update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
1291 dns_rdataset_t *delset) {
1292 isc_result_t result;
1293- dns_db_t *db;
1294- dns_dbnode_t *node;
1295- dns_dbversion_t *ver;
1296 dns_rdataset_t diffset;
1297 uint32_t save;
1298
1299- db = NULL;
1300 result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone, rdclass, 0,
1301- NULL, &db);
1302+ NULL, &update_db);
1303 check_result(result, "dns_db_create()");
1304
1305- ver = NULL;
1306- result = dns_db_newversion(db, &ver);
1307+ result = dns_db_newversion(update_db, &update_version);
1308 check_result(result, "dns_db_newversion()");
1309
1310- node = NULL;
1311- result = dns_db_findnode(db, name, true, &node);
1312+ result = dns_db_findnode(update_db, name, true, &update_node);
1313 check_result(result, "dns_db_findnode()");
1314
1315 dns_rdataset_init(&diffset);
1316
1317- result = dns_db_addrdataset(db, node, ver, 0, addset, DNS_DBADD_MERGE,
1318- NULL);
1319+ result = dns_db_addrdataset(update_db, update_node, update_version, 0,
1320+ addset, DNS_DBADD_MERGE, NULL);
1321 check_result(result, "dns_db_addrdataset()");
1322
1323- result = dns_db_subtractrdataset(db, node, ver, delset, 0, &diffset);
1324+ result = dns_db_subtractrdataset(update_db, update_node, update_version,
1325+ delset, 0, &diffset);
1326 if (result == DNS_R_UNCHANGED) {
1327 save = addset->ttl;
1328 addset->ttl = ttl;
1329@@ -994,9 +1012,7 @@ update_diff(const char *cmd, uint32_t ttl, dns_rdataset_t *addset,
1330 dns_rdataset_disassociate(&diffset);
1331 }
1332
1333- dns_db_detachnode(db, &node);
1334- dns_db_closeversion(db, &ver, false);
1335- dns_db_detach(&db);
1336+ free_db(&update_db, &update_node, &update_version);
1337 }
1338
1339 static void
1340@@ -1046,6 +1062,32 @@ usage(void) {
1341 exit(1);
1342 }
1343
1344+static void
1345+cleanup(void) {
1346+ free_db(&child_db, &child_node, NULL);
1347+ free_db(&parent_db, &parent_node, NULL);
1348+ free_db(&update_db, &update_node, &update_version);
1349+ if (old_key_tbl != NULL) {
1350+ free_keytable(&old_key_tbl);
1351+ }
1352+ if (new_key_tbl != NULL) {
1353+ free_keytable(&new_key_tbl);
1354+ }
1355+ free_all_sets();
1356+ if (lctx != NULL) {
1357+ cleanup_logging(&lctx);
1358+ }
1359+ if (cleanup_dst) {
1360+ dst_lib_destroy();
1361+ }
1362+ if (mctx != NULL) {
1363+ if (print_mem_stats && verbose > 10) {
1364+ isc_mem_stats(mctx, stdout);
1365+ }
1366+ isc_mem_destroy(&mctx);
1367+ }
1368+}
1369+
1370 int
1371 main(int argc, char *argv[]) {
1372 const char *child_path = NULL;
1373@@ -1058,6 +1100,8 @@ main(int argc, char *argv[]) {
1374 int ch;
1375 char *endp;
1376
1377+ setfatalcallback(cleanup);
1378+
1379 isc_mem_create(&mctx);
1380
1381 isc_commandline_errprint = false;
1382@@ -1144,6 +1188,7 @@ main(int argc, char *argv[]) {
1383 fatal("could not initialize dst: %s",
1384 isc_result_totext(result));
1385 }
1386+ cleanup_dst = true;
1387
1388 if (ds_path == NULL) {
1389 fatal("missing -d DS pathname");
1390@@ -1243,7 +1288,7 @@ main(int argc, char *argv[]) {
1391 vbprintf(1, "%s has neither CDS nor CDNSKEY records\n",
1392 namestr);
1393 write_parent_set(ds_path, inplace, nsupdate, &old_ds_set);
1394- exit(0);
1395+ goto cleanup;
1396 }
1397
1398 /*
1399@@ -1309,13 +1354,8 @@ main(int argc, char *argv[]) {
1400
1401 write_parent_set(ds_path, inplace, nsupdate, &new_ds_set);
1402
1403- free_all_sets();
1404- cleanup_logging(&lctx);
1405- dst_lib_destroy();
1406- if (verbose > 10) {
1407- isc_mem_stats(mctx, stdout);
1408- }
1409- isc_mem_destroy(&mctx);
1410-
1411+cleanup:
1412+ print_mem_stats = true;
1413+ cleanup();
1414 exit(0);
1415 }
1416diff --git a/bin/dnssec/dnssec-settime.rst b/bin/dnssec/dnssec-settime.rst
1417index 7907756..5cb4ea8 100644
1418--- a/bin/dnssec/dnssec-settime.rst
1419+++ b/bin/dnssec/dnssec-settime.rst
1420@@ -148,7 +148,7 @@ All these formats are case-insensitive.
1421 .. option:: -A date/offset
1422
1423 This option sets the date on which the key is to be activated. After that date,
1424- the key is included in the zone and used to sign it.
1425+ the key is included in the zone and used to sign it.
1426
1427 .. option:: -R date/offset
1428
1429diff --git a/bin/named/builtin.c b/bin/named/builtin.c
1430index cf18030..26348fd 100644
1431--- a/bin/named/builtin.c
1432+++ b/bin/named/builtin.c
1433@@ -380,9 +380,8 @@ do_hostname_lookup(dns_sdblookup_t *lookup) {
1434 }
1435 } else {
1436 char buf[256];
1437- isc_result_t result = named_os_gethostname(buf, sizeof(buf));
1438- if (result != ISC_R_SUCCESS) {
1439- return (result);
1440+ if (gethostname(buf, sizeof(buf)) != 0) {
1441+ return (ISC_R_FAILURE);
1442 }
1443 return (put_txt(lookup, buf));
1444 }
1445@@ -420,13 +419,10 @@ do_authors_lookup(dns_sdblookup_t *lookup) {
1446
1447 static isc_result_t
1448 do_id_lookup(dns_sdblookup_t *lookup) {
1449- if (named_g_server->sctx->gethostname != NULL) {
1450+ if (named_g_server->sctx->usehostname) {
1451 char buf[256];
1452- isc_result_t result;
1453-
1454- result = named_g_server->sctx->gethostname(buf, sizeof(buf));
1455- if (result != ISC_R_SUCCESS) {
1456- return (result);
1457+ if (gethostname(buf, sizeof(buf)) != 0) {
1458+ return (ISC_R_FAILURE);
1459 }
1460 return (put_txt(lookup, buf));
1461 } else if (named_g_server->sctx->server_id != NULL) {
1462diff --git a/bin/named/config.c b/bin/named/config.c
1463index b2b8028..7f318a2 100644
1464--- a/bin/named/config.c
1465+++ b/bin/named/config.c
1466@@ -319,6 +319,7 @@ dnssec-policy \"default\" {\n\
1467 };\n\
1468 \n\
1469 dnssec-policy \"insecure\" {\n\
1470+ max-zone-ttl 0; \n\
1471 keys { };\n\
1472 };\n\
1473 \n\
1474diff --git a/bin/named/include/named/os.h b/bin/named/include/named/os.h
1475index 4a3a5f2..0f7c1c5 100644
1476--- a/bin/named/include/named/os.h
1477+++ b/bin/named/include/named/os.h
1478@@ -62,9 +62,6 @@ named_os_issingleton(const char *filename);
1479 void
1480 named_os_shutdown(void);
1481
1482-isc_result_t
1483-named_os_gethostname(char *buf, size_t len);
1484-
1485 void
1486 named_os_shutdownmsg(char *command, isc_buffer_t *text);
1487
1488diff --git a/bin/named/include/named/server.h b/bin/named/include/named/server.h
1489index 1422e02..075e2ec 100644
1490--- a/bin/named/include/named/server.h
1491+++ b/bin/named/include/named/server.h
1492@@ -100,7 +100,7 @@ struct named_server {
1493
1494 named_statschannellist_t statschannels;
1495
1496- dns_tsigkey_t *sessionkey;
1497+ dst_key_t *sessionkey;
1498 char *session_keyfile;
1499 dns_name_t *session_keyname;
1500 unsigned int session_keyalg;
1501diff --git a/bin/named/main.c b/bin/named/main.c
1502index 8060333..154e17e 100644
1503--- a/bin/named/main.c
1504+++ b/bin/named/main.c
1505@@ -136,6 +136,9 @@ static bool nonearest = false;
1506 static bool nosoa = false;
1507 static bool notcp = false;
1508 static bool sigvalinsecs = false;
1509+static bool transferinsecs = false;
1510+static bool transferslowly = false;
1511+static bool transferstuck = false;
1512
1513 /*
1514 * -4 and -6
1515@@ -495,6 +498,9 @@ list_hmac_algorithms(isc_buffer_t *b) {
1516 for (dst_algorithm_t i = DST_ALG_HMAC_FIRST; i <= DST_ALG_HMAC_LAST;
1517 i++)
1518 {
1519+ if (i == DST_ALG_GSSAPI) {
1520+ continue;
1521+ }
1522 if (dst_algorithm_supported(i)) {
1523 isc_buffer_putstr(b, " ");
1524 isc_buffer_putstr(b, dst_hmac_algorithm_totext(i));
1525@@ -787,6 +793,12 @@ parse_T_opt(char *option) {
1526 }
1527 } else if (!strcmp(option, "sigvalinsecs")) {
1528 sigvalinsecs = true;
1529+ } else if (!strcmp(option, "transferinsecs")) {
1530+ transferinsecs = true;
1531+ } else if (!strcmp(option, "transferslowly")) {
1532+ transferslowly = true;
1533+ } else if (!strcmp(option, "transferstuck")) {
1534+ transferstuck = true;
1535 } else if (!strncmp(option, "tat=", 4)) {
1536 named_g_tat_interval = atoi(option + 4);
1537 } else {
1538@@ -1186,6 +1198,13 @@ setup(void) {
1539 "linked to OpenSSL version: %s",
1540 SSLeay_version(SSLEAY_VERSION));
1541 #endif /* OPENSSL_VERSION_NUMBER >= 0x10100000L */
1542+ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
1543+ NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
1544+ "compiled with libuv version: %d.%d.%d", UV_VERSION_MAJOR,
1545+ UV_VERSION_MINOR, UV_VERSION_PATCH);
1546+ isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
1547+ NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
1548+ "linked to libuv version: %s", uv_version_string());
1549 #ifdef HAVE_LIBXML2
1550 isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
1551 NAMED_LOGMODULE_MAIN, ISC_LOG_NOTICE,
1552@@ -1364,6 +1383,15 @@ setup(void) {
1553 if (sigvalinsecs) {
1554 ns_server_setoption(sctx, NS_SERVER_SIGVALINSECS, true);
1555 }
1556+ if (transferinsecs) {
1557+ ns_server_setoption(sctx, NS_SERVER_TRANSFERINSECS, true);
1558+ }
1559+ if (transferslowly) {
1560+ ns_server_setoption(sctx, NS_SERVER_TRANSFERSLOWLY, true);
1561+ }
1562+ if (transferstuck) {
1563+ ns_server_setoption(sctx, NS_SERVER_TRANSFERSTUCK, true);
1564+ }
1565 }
1566
1567 static void
1568diff --git a/bin/named/os.c b/bin/named/os.c
1569index e984b4b..7af4729 100644
1570--- a/bin/named/os.c
1571+++ b/bin/named/os.c
1572@@ -869,14 +869,6 @@ named_os_shutdown(void) {
1573 cleanup_lockfile();
1574 }
1575
1576-isc_result_t
1577-named_os_gethostname(char *buf, size_t len) {
1578- int n;
1579-
1580- n = gethostname(buf, len);
1581- return ((n == 0) ? ISC_R_SUCCESS : ISC_R_FAILURE);
1582-}
1583-
1584 void
1585 named_os_shutdownmsg(char *command, isc_buffer_t *text) {
1586 char *last, *ptr;
1587diff --git a/bin/named/server.c b/bin/named/server.c
1588index 1d74785..2f21fc5 100644
1589--- a/bin/named/server.c
1590+++ b/bin/named/server.c
1591@@ -2500,9 +2500,9 @@ configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t **maps,
1592 }
1593 #endif /* ifndef USE_DNSRPS */
1594
1595- result = dns_rpz_new_zones(&view->rpzs, rps_cstr, rps_cstr_size,
1596- view->mctx, named_g_taskmgr,
1597- named_g_timermgr);
1598+ result = dns_rpz_new_zones(view->mctx, named_g_taskmgr,
1599+ named_g_timermgr, rps_cstr, rps_cstr_size,
1600+ &view->rpzs);
1601 if (result != ISC_R_SUCCESS) {
1602 return (result);
1603 }
1604@@ -2638,8 +2638,10 @@ configure_rpz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t **maps,
1605 }
1606
1607 if (*old_rpz_okp) {
1608+ dns_rpz_shutdown_rpzs(view->rpzs);
1609 dns_rpz_detach_rpzs(&view->rpzs);
1610 dns_rpz_attach_rpzs(pview->rpzs, &view->rpzs);
1611+ dns_rpz_detach_rpzs(&pview->rpzs);
1612 } else if (old != NULL && pview != NULL) {
1613 ++pview->rpzs->rpz_ver;
1614 view->rpzs->rpz_ver = pview->rpzs->rpz_ver;
1615@@ -2875,7 +2877,7 @@ cleanup:
1616 cfg_obj_destroy(cfg->add_parser, &zoneconf);
1617 }
1618 dns_catz_entry_detach(ev->origin, &ev->entry);
1619- dns_catz_zone_detach(&ev->origin);
1620+ dns_catz_detach_catz(&ev->origin);
1621 dns_view_detach(&ev->view);
1622 isc_event_free(ISC_EVENT_PTR(&ev));
1623 }
1624@@ -2950,7 +2952,7 @@ cleanup:
1625 dns_zone_detach(&zone);
1626 }
1627 dns_catz_entry_detach(ev->origin, &ev->entry);
1628- dns_catz_zone_detach(&ev->origin);
1629+ dns_catz_detach_catz(&ev->origin);
1630 dns_view_detach(&ev->view);
1631 isc_event_free(ISC_EVENT_PTR(&ev));
1632 }
1633@@ -2992,7 +2994,7 @@ catz_create_chg_task(dns_catz_entry_t *entry, dns_catz_zone_t *origin,
1634 event->mod = (type == DNS_EVENT_CATZMODZONE);
1635
1636 dns_catz_entry_attach(entry, &event->entry);
1637- dns_catz_zone_attach(origin, &event->origin);
1638+ dns_catz_attach_catz(origin, &event->origin);
1639 dns_view_attach(view, &event->view);
1640
1641 isc_task_send(task, ISC_EVENT_PTR(&event));
1642@@ -3159,7 +3161,7 @@ static dns_catz_zonemodmethods_t ns_catz_zonemodmethods = {
1643 static isc_result_t
1644 configure_catz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *config,
1645 const cfg_obj_t *catz_obj) {
1646- const cfg_listelt_t *zone_element;
1647+ const cfg_listelt_t *zone_element = NULL;
1648 const dns_catz_zones_t *old = NULL;
1649 bool pview_must_detach = false;
1650 isc_result_t result;
1651@@ -3172,9 +3174,8 @@ configure_catz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *config,
1652 return (ISC_R_SUCCESS);
1653 }
1654
1655- CHECK(dns_catz_new_zones(&view->catzs, &ns_catz_zonemodmethods,
1656- view->mctx, named_g_taskmgr,
1657- named_g_timermgr));
1658+ CHECK(dns_catz_new_zones(view->mctx, named_g_taskmgr, named_g_timermgr,
1659+ &view->catzs, &ns_catz_zonemodmethods));
1660
1661 if (pview != NULL) {
1662 old = pview->catzs;
1663@@ -3188,8 +3189,10 @@ configure_catz(dns_view_t *view, dns_view_t *pview, const cfg_obj_t *config,
1664 }
1665
1666 if (old != NULL) {
1667- dns_catz_catzs_detach(&view->catzs);
1668- dns_catz_catzs_attach(pview->catzs, &view->catzs);
1669+ dns_catz_shutdown_catzs(view->catzs);
1670+ dns_catz_detach_catzs(&view->catzs);
1671+ dns_catz_attach_catzs(pview->catzs, &view->catzs);
1672+ dns_catz_detach_catzs(&pview->catzs);
1673 dns_catz_prereconfig(view->catzs);
1674 }
1675
1676@@ -3920,8 +3923,7 @@ configure_dnstap(const cfg_obj_t **maps, dns_view_t *view) {
1677 if (result == ISC_R_SUCCESS && cfg_obj_isboolean(obj)) {
1678 /* "hostname" is interpreted as boolean true */
1679 char buf[256];
1680- result = named_os_gethostname(buf, sizeof(buf));
1681- if (result == ISC_R_SUCCESS) {
1682+ if (gethostname(buf, sizeof(buf)) == 0) {
1683 dns_dt_setidentity(named_g_server->dtenv, buf);
1684 }
1685 } else if (result == ISC_R_SUCCESS && !cfg_obj_isvoid(obj)) {
1686@@ -4042,6 +4044,28 @@ minimal_cache_allowed(const cfg_obj_t *maps[4],
1687
1688 static const char *const response_synonyms[] = { "response", NULL };
1689
1690+static const dns_name_t *
1691+algorithm_name(unsigned int alg) {
1692+ switch (alg) {
1693+ case DST_ALG_HMACMD5:
1694+ return (dns_tsig_hmacmd5_name);
1695+ case DST_ALG_HMACSHA1:
1696+ return (dns_tsig_hmacsha1_name);
1697+ case DST_ALG_HMACSHA224:
1698+ return (dns_tsig_hmacsha224_name);
1699+ case DST_ALG_HMACSHA256:
1700+ return (dns_tsig_hmacsha256_name);
1701+ case DST_ALG_HMACSHA384:
1702+ return (dns_tsig_hmacsha384_name);
1703+ case DST_ALG_HMACSHA512:
1704+ return (dns_tsig_hmacsha512_name);
1705+ case DST_ALG_GSSAPI:
1706+ return (dns_tsig_gssapi_name);
1707+ default:
1708+ UNREACHABLE();
1709+ }
1710+}
1711+
1712 /*
1713 * Configure 'view' according to 'vconfig', taking defaults from
1714 * 'config' where values are missing in 'vconfig'.
1715@@ -4072,7 +4096,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
1716 const cfg_obj_t *dyndb_list, *plugin_list;
1717 const cfg_obj_t *disabled;
1718 const cfg_obj_t *obj, *obj2;
1719- const cfg_listelt_t *element;
1720+ const cfg_listelt_t *element = NULL;
1721+ const cfg_listelt_t *zone_element_latest = NULL;
1722 in_port_t port;
1723 dns_cache_t *cache = NULL;
1724 isc_result_t result;
1725@@ -4090,7 +4115,6 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
1726 dns_dispatch_t *dispatch6 = NULL;
1727 bool rpz_configured = false;
1728 bool catz_configured = false;
1729- bool zones_configured = false;
1730 bool shared_cache = false;
1731 int i = 0, j = 0, k = 0;
1732 const char *str;
1733@@ -4201,8 +4225,8 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
1734 CHECK(configure_zone(config, zconfig, vconfig, mctx, view,
1735 viewlist, kasplist, actx, false,
1736 old_rpz_ok, false));
1737+ zone_element_latest = element;
1738 }
1739- zones_configured = true;
1740
1741 /*
1742 * Check that a primary or secondary zone was found for each
1743@@ -5074,8 +5098,18 @@ configure_view(dns_view_t *view, dns_viewlist_t *viewlist, cfg_obj_t *config,
1744 */
1745 CHECK(named_tsigkeyring_fromconfig(config, vconfig, view->mctx, &ring));
1746 if (named_g_server->sessionkey != NULL) {
1747- CHECK(dns_tsigkeyring_add(ring, named_g_server->session_keyname,
1748- named_g_server->sessionkey));
1749+ dns_tsigkey_t *tsigkey = NULL;
1750+ result = dns_tsigkey_createfromkey(
1751+ named_g_server->session_keyname,
1752+ algorithm_name(named_g_server->session_keyalg),
1753+ named_g_server->sessionkey, false, NULL, 0, 0, mctx,
1754+ NULL, &tsigkey);
1755+ if (result == ISC_R_SUCCESS) {
1756+ result = dns_tsigkeyring_add(
1757+ ring, named_g_server->session_keyname, tsigkey);
1758+ dns_tsigkey_detach(&tsigkey);
1759+ }
1760+ CHECK(result);
1761 }
1762 dns_view_setkeyring(view, ring);
1763 dns_tsigkeyring_detach(&ring);
1764@@ -6046,9 +6080,6 @@ cleanup:
1765 named_config_get(maps, "catalog-zones", &obj) ==
1766 ISC_R_SUCCESS)
1767 {
1768- if (pview->catzs != NULL) {
1769- dns_catz_catzs_detach(&pview->catzs);
1770- }
1771 /*
1772 * We are swapping the places of the `view` and
1773 * `pview` in the function's parameters list
1774@@ -6076,7 +6107,7 @@ cleanup:
1775 dns_view_detach(&pview);
1776 }
1777
1778- if (zones_configured) {
1779+ if (zone_element_latest != NULL) {
1780 for (element = cfg_list_first(zonelist);
1781 element != NULL; element = cfg_list_next(element))
1782 {
1783@@ -6084,6 +6115,13 @@ cleanup:
1784 cfg_listelt_value(element);
1785 configure_zone_setviewcommit(result, zconfig,
1786 view);
1787+ if (element == zone_element_latest) {
1788+ /*
1789+ * This was the latest element that was
1790+ * successfully configured earlier.
1791+ */
1792+ break;
1793+ }
1794 }
1795 }
1796 }
1797@@ -7529,7 +7567,7 @@ cleanup_session_key(named_server_t *server, isc_mem_t *mctx) {
1798 }
1799
1800 if (server->sessionkey != NULL) {
1801- dns_tsigkey_detach(&server->sessionkey);
1802+ dst_key_free(&server->sessionkey);
1803 }
1804
1805 server->session_keyalg = DST_ALG_UNKNOWN;
1806@@ -7539,9 +7577,8 @@ cleanup_session_key(named_server_t *server, isc_mem_t *mctx) {
1807 static isc_result_t
1808 generate_session_key(const char *filename, const char *keynamestr,
1809 const dns_name_t *keyname, const char *algstr,
1810- const dns_name_t *algname, unsigned int algtype,
1811- uint16_t bits, isc_mem_t *mctx, bool first_time,
1812- dns_tsigkey_t **tsigkeyp) {
1813+ unsigned int algtype, uint16_t bits, isc_mem_t *mctx,
1814+ bool first_time, dst_key_t **keyp) {
1815 isc_result_t result = ISC_R_SUCCESS;
1816 dst_key_t *key = NULL;
1817 isc_buffer_t key_txtbuffer;
1818@@ -7549,8 +7586,6 @@ generate_session_key(const char *filename, const char *keynamestr,
1819 char key_txtsecret[256];
1820 char key_rawsecret[64];
1821 isc_region_t key_rawregion;
1822- isc_stdtime_t now;
1823- dns_tsigkey_t *tsigkey = NULL;
1824 FILE *fp = NULL;
1825
1826 isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
1827@@ -7566,8 +7601,7 @@ generate_session_key(const char *filename, const char *keynamestr,
1828 }
1829
1830 /*
1831- * Dump the key to the buffer for later use. Should be done before
1832- * we transfer the ownership of key to tsigkey.
1833+ * Dump the key to the buffer for later use.
1834 */
1835 isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
1836 CHECK(dst_key_tobuffer(key, &key_rawbuffer));
1837@@ -7576,11 +7610,6 @@ generate_session_key(const char *filename, const char *keynamestr,
1838 isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
1839 CHECK(isc_base64_totext(&key_rawregion, -1, "", &key_txtbuffer));
1840
1841- /* Store the key in tsigkey. */
1842- isc_stdtime_get(&now);
1843- CHECK(dns_tsigkey_createfromkey(dst_key_name(key), algname, key, false,
1844- NULL, now, now, mctx, NULL, &tsigkey));
1845-
1846 /* Dump the key to the key file. */
1847 fp = named_os_openfile(filename, S_IRUSR | S_IWUSR, first_time);
1848 if (fp == NULL) {
1849@@ -7605,10 +7634,7 @@ generate_session_key(const char *filename, const char *keynamestr,
1850 goto cleanup;
1851 }
1852
1853- dst_key_free(&key);
1854-
1855- *tsigkeyp = tsigkey;
1856-
1857+ *keyp = key;
1858 return (ISC_R_SUCCESS);
1859
1860 cleanup:
1861@@ -7621,9 +7647,6 @@ cleanup:
1862 (void)isc_stdio_close(fp);
1863 (void)isc_file_remove(filename);
1864 }
1865- if (tsigkey != NULL) {
1866- dns_tsigkey_detach(&tsigkey);
1867- }
1868 if (key != NULL) {
1869 dst_key_free(&key);
1870 }
1871@@ -7728,8 +7751,8 @@ configure_session_key(const cfg_obj_t **maps, named_server_t *server,
1872 server->session_keybits = bits;
1873
1874 CHECK(generate_session_key(keyfile, keynamestr, keyname, algstr,
1875- algname, algtype, bits, mctx,
1876- first_time, &server->sessionkey));
1877+ algtype, bits, mctx, first_time,
1878+ &server->sessionkey));
1879 }
1880
1881 return (result);
1882@@ -8546,7 +8569,8 @@ load_configuration(const char *filename, named_server_t *server,
1883 * checked later when the modules are actually loaded and
1884 * registered.)
1885 */
1886- CHECK(bind9_check_namedconf(config, false, named_g_lctx, named_g_mctx));
1887+ CHECK(bind9_check_namedconf(config, false, false, named_g_lctx,
1888+ named_g_mctx));
1889
1890 /* Let's recreate the TLS context cache */
1891 if (server->tlsctx_server_cache != NULL) {
1892@@ -9604,10 +9628,10 @@ load_configuration(const char *filename, named_server_t *server,
1893
1894 obj = NULL;
1895 result = named_config_get(maps, "server-id", &obj);
1896- server->sctx->gethostname = NULL;
1897+ server->sctx->usehostname = false;
1898 if (result == ISC_R_SUCCESS && cfg_obj_isboolean(obj)) {
1899 /* The parser translates "hostname" to true */
1900- server->sctx->gethostname = named_os_gethostname;
1901+ server->sctx->usehostname = true;
1902 result = ns_server_setserverid(server->sctx, NULL);
1903 } else if (result == ISC_R_SUCCESS && !cfg_obj_isvoid(obj)) {
1904 /* Found a quoted string */
1905@@ -9851,6 +9875,7 @@ view_loaded(void *arg) {
1906 if (isc_refcount_decrement(&zl->refs) == 1) {
1907 named_server_t *server = zl->server;
1908 bool reconfig = zl->reconfig;
1909+ dns_view_t *view = NULL;
1910
1911 isc_refcount_destroy(&zl->refs);
1912 isc_mem_put(server->mctx, zl, sizeof(*zl));
1913@@ -9871,6 +9896,28 @@ view_loaded(void *arg) {
1914 "all zones loaded");
1915 }
1916
1917+ for (view = ISC_LIST_HEAD(server->viewlist); view != NULL;
1918+ view = ISC_LIST_NEXT(view, link))
1919+ {
1920+ if (view->managed_keys != NULL) {
1921+ result = dns_zone_synckeyzone(
1922+ view->managed_keys);
1923+ if (result != ISC_R_SUCCESS) {
1924+ isc_log_write(
1925+ named_g_lctx,
1926+ DNS_LOGCATEGORY_DNSSEC,
1927+ DNS_LOGMODULE_DNSSEC,
1928+ ISC_LOG_ERROR,
1929+ "failed to initialize "
1930+ "managed-keys for view %s "
1931+ "(%s): DNSSEC validation is "
1932+ "at risk",
1933+ view->name,
1934+ isc_result_totext(result));
1935+ }
1936+ }
1937+ }
1938+
1939 CHECKFATAL(dns_zonemgr_forcemaint(server->zonemgr),
1940 "forcing zone maintenance");
1941
1942@@ -12307,8 +12354,7 @@ named_server_status(named_server_t *server, isc_buffer_t **text) {
1943 cb);
1944 CHECK(putstr(text, line));
1945
1946- result = named_os_gethostname(hostname, sizeof(hostname));
1947- if (result != ISC_R_SUCCESS) {
1948+ if (gethostname(hostname, sizeof(hostname)) == 0) {
1949 strlcpy(hostname, "localhost", sizeof(hostname));
1950 }
1951 snprintf(line, sizeof(line), "running on %s: %s\n", hostname,
1952diff --git a/bin/named/statschannel.c b/bin/named/statschannel.c
1953index f6ce425..2c4760c 100644
1954--- a/bin/named/statschannel.c
1955+++ b/bin/named/statschannel.c
1956@@ -441,6 +441,8 @@ init_desc(void) {
1957 SET_RESSTATDESC(zonequota, "spilled due to zone quota", "ZoneQuota");
1958 SET_RESSTATDESC(serverquota, "spilled due to server quota",
1959 "ServerQuota");
1960+ SET_RESSTATDESC(clientquota, "spilled due to clients per query quota",
1961+ "ClientQuota");
1962 SET_RESSTATDESC(nextitem, "waited for next item", "NextItem");
1963 SET_RESSTATDESC(priming, "priming queries", "Priming");
1964
1965diff --git a/bin/named/zoneconf.c b/bin/named/zoneconf.c
1966index a94c3fa..44c2242 100644
1967--- a/bin/named/zoneconf.c
1968+++ b/bin/named/zoneconf.c
1969@@ -777,23 +777,27 @@ checknames(dns_zonetype_t ztype, const cfg_obj_t **maps,
1970 static bool
1971 isself(dns_view_t *myview, dns_tsigkey_t *mykey, const isc_sockaddr_t *srcaddr,
1972 const isc_sockaddr_t *dstaddr, dns_rdataclass_t rdclass, void *arg) {
1973- ns_interfacemgr_t *interfacemgr = (ns_interfacemgr_t *)arg;
1974- dns_aclenv_t *env = ns_interfacemgr_getaclenv(interfacemgr);
1975- dns_view_t *view;
1976+ dns_aclenv_t *env = NULL;
1977+ dns_view_t *view = NULL;
1978 dns_tsigkey_t *key = NULL;
1979 isc_netaddr_t netsrc;
1980 isc_netaddr_t netdst;
1981
1982- if (interfacemgr == NULL) {
1983+ UNUSED(arg);
1984+
1985+ /* interfacemgr can be destroyed only in exclusive mode. */
1986+ if (named_g_server->interfacemgr == NULL) {
1987 return (true);
1988 }
1989
1990- if (!ns_interfacemgr_listeningon(interfacemgr, dstaddr)) {
1991+ if (!ns_interfacemgr_listeningon(named_g_server->interfacemgr, dstaddr))
1992+ {
1993 return (false);
1994 }
1995
1996 isc_netaddr_fromsockaddr(&netsrc, srcaddr);
1997 isc_netaddr_fromsockaddr(&netdst, dstaddr);
1998+ env = ns_interfacemgr_getaclenv(named_g_server->interfacemgr);
1999
2000 for (view = ISC_LIST_HEAD(named_g_server->viewlist); view != NULL;
2001 view = ISC_LIST_NEXT(view, link))
2002@@ -912,6 +916,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2003 int seconds;
2004 dns_ttl_t maxttl = 0; /* unlimited */
2005 dns_zone_t *mayberaw = (raw != NULL) ? raw : zone;
2006+ bool transferinsecs = ns_server_getoption(named_g_server->sctx,
2007+ NS_SERVER_TRANSFERINSECS);
2008
2009 i = 0;
2010 if (zconfig != NULL) {
2011@@ -935,8 +941,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2012 maps[i] = NULL;
2013
2014 if (vconfig != NULL) {
2015- RETERR(named_config_getclass(cfg_tuple_get(vconfig, "class"),
2016- dns_rdataclass_in, &vclass));
2017+ CHECK(named_config_getclass(cfg_tuple_get(vconfig, "class"),
2018+ dns_rdataclass_in, &vclass));
2019 } else {
2020 vclass = dns_rdataclass_in;
2021 }
2022@@ -947,8 +953,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2023
2024 zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
2025
2026- RETERR(named_config_getclass(cfg_tuple_get(zconfig, "class"), vclass,
2027- &zclass));
2028+ CHECK(named_config_getclass(cfg_tuple_get(zconfig, "class"), vclass,
2029+ &zclass));
2030 dns_zone_setclass(zone, zclass);
2031 if (raw != NULL) {
2032 dns_zone_setclass(raw, zclass);
2033@@ -968,7 +974,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2034 cpval = isc_mem_strdup(mctx, cfg_obj_asstring(obj));
2035 }
2036 if (cpval == NULL) {
2037- return (ISC_R_NOMEMORY);
2038+ CHECK(ISC_R_NOMEMORY);
2039 }
2040
2041 obj = NULL;
2042@@ -983,7 +989,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2043 "zone '%s': both 'database' and 'dlz' "
2044 "specified",
2045 zname);
2046- return (ISC_R_FAILURE);
2047+ CHECK(ISC_R_FAILURE);
2048 }
2049
2050 len = strlen(dlzname) + 5;
2051@@ -994,7 +1000,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2052 result = strtoargv(mctx, cpval, &dbargc, &dbargv);
2053 if (result != ISC_R_SUCCESS && cpval != default_dbtype) {
2054 isc_mem_free(mctx, cpval);
2055- return (result);
2056+ CHECK(result);
2057 }
2058
2059 /*
2060@@ -1024,7 +1030,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2061 isc_log_write(named_g_lctx, NAMED_LOGCATEGORY_GENERAL,
2062 NAMED_LOGMODULE_SERVER, ISC_LOG_ERROR,
2063 "zone '%s': 'file' not specified", zname);
2064- return (ISC_R_FAILURE);
2065+ CHECK(ISC_R_FAILURE);
2066 }
2067
2068 if (ztype == dns_zone_secondary || ztype == dns_zone_mirror) {
2069@@ -1057,7 +1063,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2070 "can only be used with "
2071 "'masterfile-format text'",
2072 zname);
2073- return (ISC_R_FAILURE);
2074+ CHECK(ISC_R_FAILURE);
2075 }
2076
2077 if (strcasecmp(masterstylestr, "full") == 0) {
2078@@ -1082,47 +1088,45 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2079 size_t signedlen = strlen(filename) + sizeof(SIGNED);
2080 char *signedname;
2081
2082- RETERR(dns_zone_setfile(raw, filename, masterformat,
2083- masterstyle));
2084+ CHECK(dns_zone_setfile(raw, filename, masterformat,
2085+ masterstyle));
2086 signedname = isc_mem_get(mctx, signedlen);
2087
2088 (void)snprintf(signedname, signedlen, "%s" SIGNED, filename);
2089 result = dns_zone_setfile(zone, signedname,
2090 dns_masterformat_raw, NULL);
2091 isc_mem_put(mctx, signedname, signedlen);
2092- if (result != ISC_R_SUCCESS) {
2093- return (result);
2094- }
2095+ CHECK(result);
2096 } else {
2097- RETERR(dns_zone_setfile(zone, filename, masterformat,
2098- masterstyle));
2099+ CHECK(dns_zone_setfile(zone, filename, masterformat,
2100+ masterstyle));
2101 }
2102
2103 obj = NULL;
2104 result = cfg_map_get(zoptions, "journal", &obj);
2105 if (result == ISC_R_SUCCESS) {
2106- RETERR(dns_zone_setjournal(mayberaw, cfg_obj_asstring(obj)));
2107+ CHECK(dns_zone_setjournal(mayberaw, cfg_obj_asstring(obj)));
2108 }
2109
2110 /*
2111 * Notify messages are processed by the raw zone if it exists.
2112 */
2113 if (ztype == dns_zone_secondary || ztype == dns_zone_mirror) {
2114- RETERR(configure_zone_acl(
2115- zconfig, vconfig, config, allow_notify, ac, mayberaw,
2116- dns_zone_setnotifyacl, dns_zone_clearnotifyacl));
2117+ CHECK(configure_zone_acl(zconfig, vconfig, config, allow_notify,
2118+ ac, mayberaw, dns_zone_setnotifyacl,
2119+ dns_zone_clearnotifyacl));
2120 }
2121
2122 /*
2123 * XXXAG This probably does not make sense for stubs.
2124 */
2125- RETERR(configure_zone_acl(zconfig, vconfig, config, allow_query, ac,
2126- zone, dns_zone_setqueryacl,
2127- dns_zone_clearqueryacl));
2128+ CHECK(configure_zone_acl(zconfig, vconfig, config, allow_query, ac,
2129+ zone, dns_zone_setqueryacl,
2130+ dns_zone_clearqueryacl));
2131
2132- RETERR(configure_zone_acl(zconfig, vconfig, config, allow_query_on, ac,
2133- zone, dns_zone_setqueryonacl,
2134- dns_zone_clearqueryonacl));
2135+ CHECK(configure_zone_acl(zconfig, vconfig, config, allow_query_on, ac,
2136+ zone, dns_zone_setqueryonacl,
2137+ dns_zone_clearqueryonacl));
2138
2139 obj = NULL;
2140 result = named_config_get(maps, "dialup", &obj);
2141@@ -1179,10 +1183,10 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2142 rcvquerystats = NULL;
2143 dnssecsignstats = NULL;
2144 if (statlevel == dns_zonestat_full) {
2145- RETERR(isc_stats_create(mctx, &zoneqrystats,
2146- ns_statscounter_max));
2147- RETERR(dns_rdatatypestats_create(mctx, &rcvquerystats));
2148- RETERR(dns_dnssecsignstats_create(mctx, &dnssecsignstats));
2149+ CHECK(isc_stats_create(mctx, &zoneqrystats,
2150+ ns_statscounter_max));
2151+ CHECK(dns_rdatatypestats_create(mctx, &rcvquerystats));
2152+ CHECK(dns_dnssecsignstats_create(mctx, &dnssecsignstats));
2153 }
2154 dns_zone_setrequeststats(zone, zoneqrystats);
2155 dns_zone_setrcvquerystats(zone, rcvquerystats);
2156@@ -1221,7 +1225,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2157 ISC_LOG_ERROR,
2158 "dnssec-policy '%s' not found ",
2159 kaspname);
2160- RETERR(result);
2161+ CHECK(result);
2162 }
2163 dns_zone_setkasp(zone, kasp);
2164 use_kasp = true;
2165@@ -1270,8 +1274,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2166 dns_ipkeylist_t ipkl;
2167 dns_ipkeylist_init(&ipkl);
2168
2169- RETERR(named_config_getipandkeylist(config, "primaries",
2170- obj, mctx, &ipkl));
2171+ CHECK(named_config_getipandkeylist(config, "primaries",
2172+ obj, mctx, &ipkl));
2173 dns_zone_setalsonotify(zone, ipkl.addrs, ipkl.keys,
2174 ipkl.tlss, ipkl.count);
2175 dns_ipkeylist_clear(mctx, &ipkl);
2176@@ -1282,28 +1286,30 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2177 obj = NULL;
2178 result = named_config_get(maps, "parental-source", &obj);
2179 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2180- RETERR(dns_zone_setparentalsrc4(zone, cfg_obj_assockaddr(obj)));
2181+
2182+ CHECK(dns_zone_setparentalsrc4(zone, cfg_obj_assockaddr(obj)));
2183 named_add_reserved_dispatch(named_g_server,
2184 cfg_obj_assockaddr(obj));
2185
2186 obj = NULL;
2187 result = named_config_get(maps, "parental-source-v6", &obj);
2188 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2189- RETERR(dns_zone_setparentalsrc6(zone, cfg_obj_assockaddr(obj)));
2190+
2191+ CHECK(dns_zone_setparentalsrc6(zone, cfg_obj_assockaddr(obj)));
2192 named_add_reserved_dispatch(named_g_server,
2193 cfg_obj_assockaddr(obj));
2194
2195 obj = NULL;
2196 result = named_config_get(maps, "notify-source", &obj);
2197 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2198- RETERR(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));
2199+ CHECK(dns_zone_setnotifysrc4(zone, cfg_obj_assockaddr(obj)));
2200 named_add_reserved_dispatch(named_g_server,
2201 cfg_obj_assockaddr(obj));
2202
2203 obj = NULL;
2204 result = named_config_get(maps, "notify-source-v6", &obj);
2205 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2206- RETERR(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
2207+ CHECK(dns_zone_setnotifysrc6(zone, cfg_obj_assockaddr(obj)));
2208 named_add_reserved_dispatch(named_g_server,
2209 cfg_obj_assockaddr(obj));
2210
2211@@ -1313,21 +1319,25 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2212 dns_zone_setoption(zone, DNS_ZONEOPT_NOTIFYTOSOA,
2213 cfg_obj_asboolean(obj));
2214
2215- dns_zone_setisself(zone, isself, named_g_server->interfacemgr);
2216+ dns_zone_setisself(zone, isself, NULL);
2217
2218- RETERR(configure_zone_acl(
2219+ CHECK(configure_zone_acl(
2220 zconfig, vconfig, config, allow_transfer, ac, zone,
2221 dns_zone_setxfracl, dns_zone_clearxfracl));
2222
2223 obj = NULL;
2224 result = named_config_get(maps, "max-transfer-time-out", &obj);
2225 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2226- dns_zone_setmaxxfrout(zone, cfg_obj_asuint32(obj) * 60);
2227+ dns_zone_setmaxxfrout(
2228+ zone, transferinsecs ? cfg_obj_asuint32(obj)
2229+ : cfg_obj_asuint32(obj) * 60);
2230
2231 obj = NULL;
2232 result = named_config_get(maps, "max-transfer-idle-out", &obj);
2233 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2234- dns_zone_setidleout(zone, cfg_obj_asuint32(obj) * 60);
2235+ dns_zone_setidleout(zone, transferinsecs
2236+ ? cfg_obj_asuint32(obj)
2237+ : cfg_obj_asuint32(obj) * 60);
2238
2239 obj = NULL;
2240 result = named_config_get(maps, "max-journal-size", &obj);
2241@@ -1353,7 +1363,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2242 "%" PRId64 "' "
2243 "is too large",
2244 value);
2245- RETERR(ISC_R_RANGE);
2246+ CHECK(ISC_R_RANGE);
2247 }
2248 journal_size = (uint32_t)value;
2249 }
2250@@ -1493,7 +1503,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2251 "%" PRId64 "' "
2252 "is too large",
2253 value);
2254- RETERR(ISC_R_RANGE);
2255+ CHECK(ISC_R_RANGE);
2256 }
2257 journal_size = (uint32_t)value;
2258 }
2259@@ -1501,7 +1511,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2260 }
2261
2262 if (use_kasp) {
2263- maxttl = dns_kasp_zonemaxttl(dns_zone_getkasp(zone));
2264+ maxttl = dns_kasp_zonemaxttl(dns_zone_getkasp(zone), false);
2265 } else {
2266 obj = NULL;
2267 result = named_config_get(maps, "max-zone-ttl", &obj);
2268@@ -1523,9 +1533,9 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2269 if (ztype == dns_zone_primary) {
2270 dns_acl_t *updateacl;
2271
2272- RETERR(configure_zone_acl(
2273- zconfig, vconfig, config, allow_update, ac, mayberaw,
2274- dns_zone_setupdateacl, dns_zone_clearupdateacl));
2275+ CHECK(configure_zone_acl(zconfig, vconfig, config, allow_update,
2276+ ac, mayberaw, dns_zone_setupdateacl,
2277+ dns_zone_clearupdateacl));
2278
2279 updateacl = dns_zone_getupdateacl(mayberaw);
2280 if (updateacl != NULL && dns_acl_isinsecure(updateacl)) {
2281@@ -1536,7 +1546,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2282 zname);
2283 }
2284
2285- RETERR(configure_zone_ssutable(zoptions, mayberaw, zname));
2286+ CHECK(configure_zone_ssutable(zoptions, mayberaw, zname));
2287 }
2288
2289 /*
2290@@ -1613,7 +1623,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2291 result = named_config_get(maps, "key-directory", &obj);
2292 if (result == ISC_R_SUCCESS) {
2293 filename = cfg_obj_asstring(obj);
2294- RETERR(dns_zone_setkeydirectory(zone, filename));
2295+ CHECK(dns_zone_setkeydirectory(zone, filename));
2296 }
2297
2298 obj = NULL;
2299@@ -1655,8 +1665,8 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2300 result = named_config_get(maps, "dnssec-loadkeys-interval",
2301 &obj);
2302 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2303- RETERR(dns_zone_setrefreshkeyinterval(zone,
2304- cfg_obj_asuint32(obj)));
2305+ CHECK(dns_zone_setrefreshkeyinterval(zone,
2306+ cfg_obj_asuint32(obj)));
2307
2308 obj = NULL;
2309 result = cfg_map_get(zoptions, "auto-dnssec", &obj);
2310@@ -1684,10 +1694,10 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2311 }
2312
2313 if (ztype == dns_zone_secondary || ztype == dns_zone_mirror) {
2314- RETERR(configure_zone_acl(zconfig, vconfig, config,
2315- allow_update_forwarding, ac, mayberaw,
2316- dns_zone_setforwardacl,
2317- dns_zone_clearforwardacl));
2318+ CHECK(configure_zone_acl(zconfig, vconfig, config,
2319+ allow_update_forwarding, ac, mayberaw,
2320+ dns_zone_setforwardacl,
2321+ dns_zone_clearforwardacl));
2322 }
2323
2324 /*%
2325@@ -1699,7 +1709,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2326 if (obj != NULL) {
2327 dns_ipkeylist_t ipkl;
2328 dns_ipkeylist_init(&ipkl);
2329- RETERR(named_config_getipandkeylist(
2330+ CHECK(named_config_getipandkeylist(
2331 config, "parental-agents", obj, mctx, &ipkl));
2332 dns_zone_setparentals(zone, ipkl.addrs, ipkl.keys,
2333 ipkl.tlss, ipkl.count);
2334@@ -1843,7 +1853,7 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2335 (void)cfg_map_get(zoptions, "allow-transfer", &obj);
2336 if (obj == NULL) {
2337 dns_acl_t *none;
2338- RETERR(dns_acl_none(mctx, &none));
2339+ CHECK(dns_acl_none(mctx, &none));
2340 dns_zone_setxfracl(zone, none);
2341 dns_acl_detach(&none);
2342 }
2343@@ -1868,14 +1878,14 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2344 result = named_config_getremotesdef(
2345 named_g_config, "primaries",
2346 DEFAULT_IANA_ROOT_ZONE_PRIMARIES, &obj);
2347- RETERR(result);
2348+ CHECK(result);
2349 }
2350 if (obj != NULL) {
2351 dns_ipkeylist_t ipkl;
2352 dns_ipkeylist_init(&ipkl);
2353
2354- RETERR(named_config_getipandkeylist(config, "primaries",
2355- obj, mctx, &ipkl));
2356+ CHECK(named_config_getipandkeylist(config, "primaries",
2357+ obj, mctx, &ipkl));
2358 dns_zone_setprimaries(mayberaw, ipkl.addrs, ipkl.keys,
2359 ipkl.tlss, ipkl.count);
2360 count = ipkl.count;
2361@@ -1896,12 +1906,16 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2362 obj = NULL;
2363 result = named_config_get(maps, "max-transfer-time-in", &obj);
2364 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2365- dns_zone_setmaxxfrin(mayberaw, cfg_obj_asuint32(obj) * 60);
2366+ dns_zone_setmaxxfrin(
2367+ mayberaw, transferinsecs ? cfg_obj_asuint32(obj)
2368+ : cfg_obj_asuint32(obj) * 60);
2369
2370 obj = NULL;
2371 result = named_config_get(maps, "max-transfer-idle-in", &obj);
2372 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2373- dns_zone_setidlein(mayberaw, cfg_obj_asuint32(obj) * 60);
2374+ dns_zone_setidlein(mayberaw,
2375+ transferinsecs ? cfg_obj_asuint32(obj)
2376+ : cfg_obj_asuint32(obj) * 60);
2377
2378 obj = NULL;
2379 result = named_config_get(maps, "max-refresh-time", &obj);
2380@@ -1926,29 +1940,29 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2381 obj = NULL;
2382 result = named_config_get(maps, "transfer-source", &obj);
2383 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2384- RETERR(dns_zone_setxfrsource4(mayberaw,
2385- cfg_obj_assockaddr(obj)));
2386+ CHECK(dns_zone_setxfrsource4(mayberaw,
2387+ cfg_obj_assockaddr(obj)));
2388 named_add_reserved_dispatch(named_g_server,
2389 cfg_obj_assockaddr(obj));
2390
2391 obj = NULL;
2392 result = named_config_get(maps, "transfer-source-v6", &obj);
2393 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2394- RETERR(dns_zone_setxfrsource6(mayberaw,
2395- cfg_obj_assockaddr(obj)));
2396+ CHECK(dns_zone_setxfrsource6(mayberaw,
2397+ cfg_obj_assockaddr(obj)));
2398 named_add_reserved_dispatch(named_g_server,
2399 cfg_obj_assockaddr(obj));
2400
2401 obj = NULL;
2402 result = named_config_get(maps, "alt-transfer-source", &obj);
2403 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2404- RETERR(dns_zone_setaltxfrsource4(mayberaw,
2405- cfg_obj_assockaddr(obj)));
2406+ CHECK(dns_zone_setaltxfrsource4(mayberaw,
2407+ cfg_obj_assockaddr(obj)));
2408 obj = NULL;
2409 result = named_config_get(maps, "alt-transfer-source-v6", &obj);
2410 INSIST(result == ISC_R_SUCCESS && obj != NULL);
2411- RETERR(dns_zone_setaltxfrsource6(mayberaw,
2412- cfg_obj_assockaddr(obj)));
2413+ CHECK(dns_zone_setaltxfrsource6(mayberaw,
2414+ cfg_obj_assockaddr(obj)));
2415 obj = NULL;
2416 (void)named_config_get(maps, "use-alt-transfer-source", &obj);
2417 if (obj == NULL) {
2418@@ -1975,15 +1989,21 @@ named_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
2419 break;
2420
2421 case dns_zone_staticstub:
2422- RETERR(configure_staticstub(zoptions, zone, zname,
2423- default_dbtype));
2424+ CHECK(configure_staticstub(zoptions, zone, zname,
2425+ default_dbtype));
2426 break;
2427
2428 default:
2429 break;
2430 }
2431
2432- return (ISC_R_SUCCESS);
2433+ result = ISC_R_SUCCESS;
2434+
2435+cleanup:
2436+ if (kasp != NULL) {
2437+ dns_kasp_detach(&kasp);
2438+ }
2439+ return (result);
2440 }
2441
2442 /*
2443diff --git a/bin/nsupdate/nsupdate.c b/bin/nsupdate/nsupdate.c
2444index 3dceff7..1f06dab 100644
2445--- a/bin/nsupdate/nsupdate.c
2446+++ b/bin/nsupdate/nsupdate.c
2447@@ -96,12 +96,11 @@
2448
2449 #include "../dig/readline.h"
2450
2451-#define MAXCMD (128 * 1024)
2452-#define MAXWIRE (64 * 1024)
2453-#define INITTEXT (2 * 1024)
2454-#define MAXTEXT (128 * 1024)
2455-#define FIND_TIMEOUT 5
2456-#define TTL_MAX 2147483647U /* Maximum signed 32 bit integer. */
2457+#define MAXCMD (128 * 1024)
2458+#define MAXWIRE (64 * 1024)
2459+#define INITTEXT (2 * 1024)
2460+#define MAXTEXT (128 * 1024)
2461+#define TTL_MAX 2147483647U /* Maximum signed 32 bit integer. */
2462
2463 #define DNSDEFAULTPORT 53
2464
2465@@ -1177,9 +1176,6 @@ parse_args(int argc, char **argv) {
2466 isc_commandline_argument);
2467 exit(1);
2468 }
2469- if (udp_timeout == 0) {
2470- udp_timeout = UINT_MAX;
2471- }
2472 break;
2473 case 'r':
2474 result = isc_parse_uint32(&udp_retries,
2475@@ -2614,9 +2610,9 @@ recvsoa(isc_task_t *task, isc_event_t *event) {
2476 }
2477
2478 result = dns_request_create(requestmgr, soaquery, srcaddr, addr,
2479- 0, NULL, FIND_TIMEOUT * 20,
2480- FIND_TIMEOUT, 3, global_task,
2481- recvsoa, reqinfo, &request);
2482+ 0, NULL, timeout, udp_timeout,
2483+ udp_retries, global_task, recvsoa,
2484+ reqinfo, &request);
2485 check_result(result, "dns_request_create");
2486 requests++;
2487 return;
2488@@ -2841,9 +2837,9 @@ sendrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
2489 }
2490
2491 result = dns_request_create(requestmgr, msg, srcaddr, destaddr, 0,
2492- default_servers ? NULL : tsigkey,
2493- FIND_TIMEOUT * 20, FIND_TIMEOUT, 3,
2494- global_task, recvsoa, reqinfo, request);
2495+ default_servers ? NULL : tsigkey, timeout,
2496+ udp_timeout, udp_retries, global_task,
2497+ recvsoa, reqinfo, request);
2498 check_result(result, "dns_request_create");
2499 requests++;
2500 }
2501@@ -3043,7 +3039,7 @@ send_gssrequest(isc_sockaddr_t *destaddr, dns_message_t *msg,
2502 }
2503
2504 result = dns_request_create(requestmgr, msg, srcaddr, destaddr, options,
2505- tsigkey, FIND_TIMEOUT * 20, FIND_TIMEOUT, 3,
2506+ tsigkey, timeout, udp_timeout, udp_retries,
2507 global_task, recvgss, reqinfo, request);
2508 check_result(result, "dns_request_create");
2509 if (debugging) {
2510@@ -3144,7 +3140,16 @@ recvgss(isc_task_t *task, isc_event_t *event) {
2511 if (rcvmsg->rcode != dns_rcode_noerror &&
2512 rcvmsg->rcode != dns_rcode_nxdomain)
2513 {
2514- fatal("response to GSS-TSIG query was unsuccessful");
2515+ char rcode[64];
2516+ isc_buffer_t b;
2517+
2518+ isc_buffer_init(&b, rcode, sizeof(rcode) - 1);
2519+ result = dns_rcode_totext(rcvmsg->rcode, &b);
2520+ check_result(result, "dns_rcode_totext");
2521+ rcode[isc_buffer_usedlength(&b)] = 0;
2522+
2523+ fatal("response to GSS-TSIG query was unsuccessful (%s)",
2524+ rcode);
2525 }
2526
2527 servname = dns_fixedname_initname(&fname);
2528@@ -3398,6 +3403,8 @@ getinput(isc_task_t *task, isc_event_t *event) {
2529 int
2530 main(int argc, char **argv) {
2531 isc_result_t result;
2532+ uint32_t timeoutms;
2533+
2534 style = &dns_master_style_debug;
2535
2536 input = stdin;
2537@@ -3424,6 +3431,10 @@ main(int argc, char **argv) {
2538
2539 setup_system();
2540
2541+ /* Set the network manager timeouts in milliseconds. */
2542+ timeoutms = timeout * 1000;
2543+ isc_nm_settimeouts(netmgr, timeoutms, timeoutms, timeoutms, timeoutms);
2544+
2545 result = isc_app_onrun(gmctx, global_task, getinput, NULL);
2546 check_result(result, "isc_app_onrun");
2547
2548diff --git a/bin/nsupdate/nsupdate.rst b/bin/nsupdate/nsupdate.rst
2549index b91a606..81bb481 100644
2550--- a/bin/nsupdate/nsupdate.rst
2551+++ b/bin/nsupdate/nsupdate.rst
2552@@ -141,7 +141,11 @@ Options
2553 .. option:: -t timeout
2554
2555 This option sets the maximum time an update request can take before it is aborted. The
2556- default is 300 seconds. If zero, the timeout is disabled.
2557+ default is 300 seconds. If zero, the timeout is disabled for TCP mode. For UDP mode,
2558+ the option :option:`-u` takes precedence over this option, unless the option :option:`-u`
2559+ is set to zero, in which case the interval is computed from the :option:`-t` timeout interval
2560+ and the number of UDP retries. For UDP mode, the timeout can not be disabled, and will
2561+ be rounded up to 1 second in case if both :option:`-t` and :option:`-u` are set to zero.
2562
2563 .. option:: -T
2564
2565diff --git a/bin/plugins/filter-a.c b/bin/plugins/filter-a.c
2566index 06cd3a7..8556cb7 100644
2567--- a/bin/plugins/filter-a.c
2568+++ b/bin/plugins/filter-a.c
2569@@ -358,7 +358,7 @@ plugin_register(const char *parameters, const void *cfg, const char *cfg_file,
2570 *instp = inst;
2571
2572 cleanup:
2573- if (result != ISC_R_SUCCESS && inst != NULL) {
2574+ if (result != ISC_R_SUCCESS) {
2575 plugin_destroy((void **)&inst);
2576 }
2577
2578diff --git a/bin/plugins/filter-aaaa.c b/bin/plugins/filter-aaaa.c
2579index 6a17f18..1ec1fd8 100644
2580--- a/bin/plugins/filter-aaaa.c
2581+++ b/bin/plugins/filter-aaaa.c
2582@@ -361,7 +361,7 @@ plugin_register(const char *parameters, const void *cfg, const char *cfg_file,
2583 *instp = inst;
2584
2585 cleanup:
2586- if (result != ISC_R_SUCCESS && inst != NULL) {
2587+ if (result != ISC_R_SUCCESS) {
2588 plugin_destroy((void **)&inst);
2589 }
2590
2591diff --git a/bin/rndc/rndc.c b/bin/rndc/rndc.c
2592index ebb7ade..87c36ba 100644
2593--- a/bin/rndc/rndc.c
2594+++ b/bin/rndc/rndc.c
2595@@ -54,7 +54,8 @@
2596
2597 #include "util.h"
2598
2599-#define SERVERADDRS 10
2600+#define SERVERADDRS 10
2601+#define RNDC_TIMEOUT 60 * 1000
2602
2603 const char *progname = NULL;
2604 bool verbose;
2605@@ -125,7 +126,7 @@ command is one of the following:\n\
2606 Requires the zone to have a dnssec-policy.\n\
2607 dnstap -reopen\n\
2608 Close, truncate and re-open the DNSTAP output file.\n\
2609- dnstap -roll count\n\
2610+ dnstap -roll [count]\n\
2611 Close, rename and re-open the DNSTAP output file(s).\n\
2612 dumpdb [-all|-cache|-zones|-adb|-bad|-expired|-fail] [view ...]\n\
2613 Dump cache(s) to the dump file (named_dump.db).\n\
2614@@ -599,7 +600,7 @@ rndc_startconnect(isc_sockaddr_t *addr) {
2615
2616 atomic_fetch_add_relaxed(&connects, 1);
2617 isc_nm_tcpconnect(netmgr, local, addr, rndc_connected, &rndc_ccmsg,
2618- 60000, 0);
2619+ RNDC_TIMEOUT, 0);
2620 }
2621
2622 static void
2623@@ -1035,6 +1036,9 @@ main(int argc, char **argv) {
2624 isc_mem_create(&rndc_mctx);
2625 isc_managers_create(rndc_mctx, 1, 0, &netmgr, &taskmgr, NULL);
2626 DO("create task", isc_task_create(taskmgr, 0, &rndc_task));
2627+
2628+ isc_nm_settimeouts(netmgr, RNDC_TIMEOUT, RNDC_TIMEOUT, RNDC_TIMEOUT, 0);
2629+
2630 isc_log_create(rndc_mctx, &log, &logconfig);
2631 isc_log_setcontext(log);
2632 isc_log_settag(logconfig, progname);
2633diff --git a/bin/rndc/rndc.rst b/bin/rndc/rndc.rst
2634index 6717e24..35a4f31 100644
2635--- a/bin/rndc/rndc.rst
2636+++ b/bin/rndc/rndc.rst
2637@@ -189,9 +189,13 @@ Currently supported commands are:
2638
2639 .. option:: dnstap (-reopen | -roll [number])
2640
2641- This command closes and re-opens DNSTAP output files. ``rndc dnstap -reopen`` allows
2642+ This command closes and re-opens DNSTAP output files.
2643+
2644+ ``rndc dnstap -reopen`` allows
2645 the output file to be renamed externally, so that :iscman:`named` can
2646- truncate and re-open it. ``rndc dnstap -roll`` causes the output file
2647+ truncate and re-open it.
2648+
2649+ ``rndc dnstap -roll`` causes the output file
2650 to be rolled automatically, similar to log files. The most recent
2651 output file has ".0" appended to its name; the previous most recent
2652 output file is moved to ".1", and so on. If ``number`` is specified, then
2653diff --git a/bin/tests/system/Makefile.am b/bin/tests/system/Makefile.am
2654index b26bcf0..f98be0b 100644
2655--- a/bin/tests/system/Makefile.am
2656+++ b/bin/tests/system/Makefile.am
2657@@ -57,6 +57,14 @@ resolve_CPPFLAGS = \
2658
2659 resolve_LDADD = $(LIBISC_LIBS) $(LIBIRS_LIBS) $(LIBDNS_LIBS)
2660
2661+rpz_dnsrps_CPPFLAGS = \
2662+ $(AM_CPPFLAGS) \
2663+ $(LIBDNS_CFLAGS)
2664+
2665+rpz_dnsrps_LDADD = \
2666+ $(LDADD) \
2667+ $(LIBDNS_LIBS)
2668+
2669 tkey_keycreate_CPPFLAGS = \
2670 $(AM_CPPFLAGS) \
2671 $(LIBDNS_CFLAGS)
2672@@ -239,9 +247,9 @@ LOG_DRIVER_V_1 = --verbose yes
2673 LOG_DRIVER = $(srcdir)/custom-test-driver
2674 AM_LOG_DRIVER_FLAGS = $(LOG_DRIVER_V)
2675
2676-LOG_COMPILER = $(builddir)/run.sh
2677+LOG_COMPILER = $(builddir)/legacy.run.sh
2678 AM_LOG_FLAGS = -r
2679
2680-$(TESTS): run.sh
2681+$(TESTS): legacy.run.sh
2682
2683 test-local: check
2684diff --git a/bin/tests/system/Makefile.in b/bin/tests/system/Makefile.in
2685index 9b253a2..ba4feab 100644
2686--- a/bin/tests/system/Makefile.in
2687+++ b/bin/tests/system/Makefile.in
2688@@ -150,7 +150,8 @@ am__configure_deps = $(am__aclocal_m4_deps) $(CONFIGURE_DEPENDENCIES) \
2689 DIST_COMMON = $(srcdir)/Makefile.am $(am__DIST_COMMON)
2690 mkinstalldirs = $(install_sh) -d
2691 CONFIG_HEADER = $(top_builddir)/config.h
2692-CONFIG_CLEAN_FILES = conf.sh ifconfig.sh run.sh start.sh stop.sh
2693+CONFIG_CLEAN_FILES = conf.sh ifconfig.sh legacy.run.sh start.sh \
2694+ stop.sh
2695 CONFIG_CLEAN_VPATH_FILES =
2696 feature_test_SOURCES = feature-test.c
2697 feature_test_OBJECTS = feature_test-feature-test.$(OBJEXT)
2698@@ -178,9 +179,8 @@ rndc_gencheck_OBJECTS = rndc/gencheck.$(OBJEXT)
2699 rndc_gencheck_LDADD = $(LDADD)
2700 rndc_gencheck_DEPENDENCIES = $(LIBISC_LIBS)
2701 rpz_dnsrps_SOURCES = rpz/dnsrps.c
2702-rpz_dnsrps_OBJECTS = rpz/dnsrps.$(OBJEXT)
2703-rpz_dnsrps_LDADD = $(LDADD)
2704-rpz_dnsrps_DEPENDENCIES = $(LIBISC_LIBS)
2705+rpz_dnsrps_OBJECTS = rpz/dnsrps-dnsrps.$(OBJEXT)
2706+@HAVE_PERL_TRUE@rpz_dnsrps_DEPENDENCIES = $(LDADD) $(LIBDNS_LIBS)
2707 tkey_keycreate_SOURCES = tkey/keycreate.c
2708 tkey_keycreate_OBJECTS = tkey/keycreate-keycreate.$(OBJEXT)
2709 @HAVE_PERL_TRUE@tkey_keycreate_DEPENDENCIES = $(LDADD) $(LIBDNS_LIBS)
2710@@ -206,7 +206,7 @@ am__depfiles_remade = ./$(DEPDIR)/feature_test-feature-test.Po \
2711 ./$(DEPDIR)/makejournal-makejournal.Po \
2712 ./$(DEPDIR)/resolve-resolve.Po \
2713 pipelined/$(DEPDIR)/pipequeries-pipequeries.Po \
2714- rndc/$(DEPDIR)/gencheck.Po rpz/$(DEPDIR)/dnsrps.Po \
2715+ rndc/$(DEPDIR)/gencheck.Po rpz/$(DEPDIR)/dnsrps-dnsrps.Po \
2716 tkey/$(DEPDIR)/keycreate-keycreate.Po \
2717 tkey/$(DEPDIR)/keydelete-keydelete.Po
2718 am__mv = mv -f
2719@@ -481,7 +481,7 @@ TEST_LOG_COMPILE = $(TEST_LOG_COMPILER) $(AM_TEST_LOG_FLAGS) \
2720 $(TEST_LOG_FLAGS)
2721 DIST_SUBDIRS = $(SUBDIRS)
2722 am__DIST_COMMON = $(srcdir)/Makefile.in $(srcdir)/conf.sh.in \
2723- $(srcdir)/ifconfig.sh.in $(srcdir)/run.sh.in \
2724+ $(srcdir)/ifconfig.sh.in $(srcdir)/legacy.run.sh.in \
2725 $(srcdir)/start.sh.in $(srcdir)/stop.sh.in \
2726 $(top_srcdir)/Makefile.top $(top_srcdir)/depcomp \
2727 $(top_srcdir)/test-driver README
2728@@ -790,6 +790,14 @@ SUBDIRS = dyndb/driver dlzexternal/driver hooks/driver
2729 @HAVE_PERL_TRUE@ $(LIBIRS_CFLAGS)
2730
2731 @HAVE_PERL_TRUE@resolve_LDADD = $(LIBISC_LIBS) $(LIBIRS_LIBS) $(LIBDNS_LIBS)
2732+@HAVE_PERL_TRUE@rpz_dnsrps_CPPFLAGS = \
2733+@HAVE_PERL_TRUE@ $(AM_CPPFLAGS) \
2734+@HAVE_PERL_TRUE@ $(LIBDNS_CFLAGS)
2735+
2736+@HAVE_PERL_TRUE@rpz_dnsrps_LDADD = \
2737+@HAVE_PERL_TRUE@ $(LDADD) \
2738+@HAVE_PERL_TRUE@ $(LIBDNS_LIBS)
2739+
2740 @HAVE_PERL_TRUE@tkey_keycreate_CPPFLAGS = \
2741 @HAVE_PERL_TRUE@ $(AM_CPPFLAGS) \
2742 @HAVE_PERL_TRUE@ $(LIBDNS_CFLAGS)
2743@@ -835,7 +843,7 @@ LOG_DRIVER_V_0 = --verbose no
2744 LOG_DRIVER_V_1 = --verbose yes
2745 LOG_DRIVER = $(srcdir)/custom-test-driver
2746 AM_LOG_DRIVER_FLAGS = $(LOG_DRIVER_V)
2747-LOG_COMPILER = $(builddir)/run.sh
2748+LOG_COMPILER = $(builddir)/legacy.run.sh
2749 AM_LOG_FLAGS = -r
2750 all: all-recursive
2751
2752@@ -875,7 +883,7 @@ conf.sh: $(top_builddir)/config.status $(srcdir)/conf.sh.in
2753 cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
2754 ifconfig.sh: $(top_builddir)/config.status $(srcdir)/ifconfig.sh.in
2755 cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
2756-run.sh: $(top_builddir)/config.status $(srcdir)/run.sh.in
2757+legacy.run.sh: $(top_builddir)/config.status $(srcdir)/legacy.run.sh.in
2758 cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
2759 start.sh: $(top_builddir)/config.status $(srcdir)/start.sh.in
2760 cd $(top_builddir) && $(SHELL) ./config.status $(subdir)/$@
2761@@ -932,7 +940,7 @@ rpz/$(am__dirstamp):
2762 rpz/$(DEPDIR)/$(am__dirstamp):
2763 @$(MKDIR_P) rpz/$(DEPDIR)
2764 @: > rpz/$(DEPDIR)/$(am__dirstamp)
2765-rpz/dnsrps.$(OBJEXT): rpz/$(am__dirstamp) \
2766+rpz/dnsrps-dnsrps.$(OBJEXT): rpz/$(am__dirstamp) \
2767 rpz/$(DEPDIR)/$(am__dirstamp)
2768
2769 rpz/dnsrps$(EXEEXT): $(rpz_dnsrps_OBJECTS) $(rpz_dnsrps_DEPENDENCIES) $(EXTRA_rpz_dnsrps_DEPENDENCIES) rpz/$(am__dirstamp)
2770@@ -972,7 +980,7 @@ distclean-compile:
2771 @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/resolve-resolve.Po@am__quote@ # am--include-marker
2772 @AMDEP_TRUE@@am__include@ @am__quote@pipelined/$(DEPDIR)/pipequeries-pipequeries.Po@am__quote@ # am--include-marker
2773 @AMDEP_TRUE@@am__include@ @am__quote@rndc/$(DEPDIR)/gencheck.Po@am__quote@ # am--include-marker
2774-@AMDEP_TRUE@@am__include@ @am__quote@rpz/$(DEPDIR)/dnsrps.Po@am__quote@ # am--include-marker
2775+@AMDEP_TRUE@@am__include@ @am__quote@rpz/$(DEPDIR)/dnsrps-dnsrps.Po@am__quote@ # am--include-marker
2776 @AMDEP_TRUE@@am__include@ @am__quote@tkey/$(DEPDIR)/keycreate-keycreate.Po@am__quote@ # am--include-marker
2777 @AMDEP_TRUE@@am__include@ @am__quote@tkey/$(DEPDIR)/keydelete-keydelete.Po@am__quote@ # am--include-marker
2778
2779@@ -1062,6 +1070,20 @@ resolve-resolve.obj: resolve.c
2780 @AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
2781 @am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(resolve_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o resolve-resolve.obj `if test -f 'resolve.c'; then $(CYGPATH_W) 'resolve.c'; else $(CYGPATH_W) '$(srcdir)/resolve.c'; fi`
2782
2783+rpz/dnsrps-dnsrps.o: rpz/dnsrps.c
2784+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rpz_dnsrps_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rpz/dnsrps-dnsrps.o -MD -MP -MF rpz/$(DEPDIR)/dnsrps-dnsrps.Tpo -c -o rpz/dnsrps-dnsrps.o `test -f 'rpz/dnsrps.c' || echo '$(srcdir)/'`rpz/dnsrps.c
2785+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) rpz/$(DEPDIR)/dnsrps-dnsrps.Tpo rpz/$(DEPDIR)/dnsrps-dnsrps.Po
2786+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rpz/dnsrps.c' object='rpz/dnsrps-dnsrps.o' libtool=no @AMDEPBACKSLASH@
2787+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
2788+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rpz_dnsrps_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rpz/dnsrps-dnsrps.o `test -f 'rpz/dnsrps.c' || echo '$(srcdir)/'`rpz/dnsrps.c
2789+
2790+rpz/dnsrps-dnsrps.obj: rpz/dnsrps.c
2791+@am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rpz_dnsrps_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT rpz/dnsrps-dnsrps.obj -MD -MP -MF rpz/$(DEPDIR)/dnsrps-dnsrps.Tpo -c -o rpz/dnsrps-dnsrps.obj `if test -f 'rpz/dnsrps.c'; then $(CYGPATH_W) 'rpz/dnsrps.c'; else $(CYGPATH_W) '$(srcdir)/rpz/dnsrps.c'; fi`
2792+@am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) rpz/$(DEPDIR)/dnsrps-dnsrps.Tpo rpz/$(DEPDIR)/dnsrps-dnsrps.Po
2793+@AMDEP_TRUE@@am__fastdepCC_FALSE@ $(AM_V_CC)source='rpz/dnsrps.c' object='rpz/dnsrps-dnsrps.obj' libtool=no @AMDEPBACKSLASH@
2794+@AMDEP_TRUE@@am__fastdepCC_FALSE@ DEPDIR=$(DEPDIR) $(CCDEPMODE) $(depcomp) @AMDEPBACKSLASH@
2795+@am__fastdepCC_FALSE@ $(AM_V_CC@am__nodep@)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(rpz_dnsrps_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -c -o rpz/dnsrps-dnsrps.obj `if test -f 'rpz/dnsrps.c'; then $(CYGPATH_W) 'rpz/dnsrps.c'; else $(CYGPATH_W) '$(srcdir)/rpz/dnsrps.c'; fi`
2796+
2797 tkey/keycreate-keycreate.o: tkey/keycreate.c
2798 @am__fastdepCC_TRUE@ $(AM_V_CC)$(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(tkey_keycreate_CPPFLAGS) $(CPPFLAGS) $(AM_CFLAGS) $(CFLAGS) -MT tkey/keycreate-keycreate.o -MD -MP -MF tkey/$(DEPDIR)/keycreate-keycreate.Tpo -c -o tkey/keycreate-keycreate.o `test -f 'tkey/keycreate.c' || echo '$(srcdir)/'`tkey/keycreate.c
2799 @am__fastdepCC_TRUE@ $(AM_V_at)$(am__mv) tkey/$(DEPDIR)/keycreate-keycreate.Tpo tkey/$(DEPDIR)/keycreate-keycreate.Po
2800@@ -2262,7 +2284,7 @@ distclean: distclean-recursive
2801 -rm -f ./$(DEPDIR)/resolve-resolve.Po
2802 -rm -f pipelined/$(DEPDIR)/pipequeries-pipequeries.Po
2803 -rm -f rndc/$(DEPDIR)/gencheck.Po
2804- -rm -f rpz/$(DEPDIR)/dnsrps.Po
2805+ -rm -f rpz/$(DEPDIR)/dnsrps-dnsrps.Po
2806 -rm -f tkey/$(DEPDIR)/keycreate-keycreate.Po
2807 -rm -f tkey/$(DEPDIR)/keydelete-keydelete.Po
2808 -rm -f Makefile
2809@@ -2319,7 +2341,7 @@ maintainer-clean: maintainer-clean-recursive
2810 -rm -f ./$(DEPDIR)/resolve-resolve.Po
2811 -rm -f pipelined/$(DEPDIR)/pipequeries-pipequeries.Po
2812 -rm -f rndc/$(DEPDIR)/gencheck.Po
2813- -rm -f rpz/$(DEPDIR)/dnsrps.Po
2814+ -rm -f rpz/$(DEPDIR)/dnsrps-dnsrps.Po
2815 -rm -f tkey/$(DEPDIR)/keycreate-keycreate.Po
2816 -rm -f tkey/$(DEPDIR)/keydelete-keydelete.Po
2817 -rm -f Makefile
2818@@ -2380,7 +2402,7 @@ dist-hook:
2819 @HAVE_PERL_FALSE@ echo Perl is not available, no tests were ran
2820 @HAVE_PERL_FALSE@ exit 1
2821
2822-$(TESTS): run.sh
2823+$(TESTS): legacy.run.sh
2824
2825 test-local: check
2826
2827diff --git a/bin/tests/system/README b/bin/tests/system/README
2828index 5db29de..265a9ef 100644
2829--- a/bin/tests/system/README
2830+++ b/bin/tests/system/README
2831@@ -67,18 +67,58 @@ then run
2832 ... as root.
2833
2834
2835-Running the System Tests
2836+Running the System Tests with pytest
2837 ===
2838
2839+The pytest system test runner is currently in development, but it is the
2840+recommended way to run tests. Please report issues to QA.
2841+
2842+Running an Individual Test
2843+---
2844+
2845+pytest -k <test-name>
2846+
2847+Note that in comparison to the legacy test runner, some additional tests might
2848+be picked up when specifying just the system test directory name. To check
2849+which tests will be executed, you can use the `--collect-only` option. You
2850+might also be able to find a more specific test name to provide to ensure only
2851+your desired test is executed. See help for `-k` option in `pytest --help` for
2852+more info.
2853+
2854+It is also possible to run a single individual pytest test case. For example,
2855+you can use the name test_sslyze_dot to execute just the test_sslyze_dot()
2856+function from doth/tests_sslyze.py. The entire needed setup and teardown will
2857+be handled by the framework.
2858+
2859+Running All the System Tests
2860+---
2861+
2862+Issuing plain `pytest` command without any argument will execute all tests
2863+sequenatially. To execute them in parallel, ensure you have pytest-xdist
2864+installed and run:
2865+
2866+pytest -n <number-of-workers>
2867+
2868+
2869+Running the System Tests Using the Legacy Runner
2870+===
2871+
2872+!!! WARNING !!!
2873+---
2874+The legacy way to run system tests is currently being reworked into a pytest
2875+system test runner described in the previous section. The contents of this
2876+section might be out of date and no longer applicable. Please try and use the
2877+pytest runner if possible and report issues and missing features.
2878+
2879 Running an Individual Test
2880 ---
2881 The tests can be run individually using the following command:
2882
2883- sh run.sh [flags] <test-name> [<test-arguments>]
2884+ sh legacy.run.sh [flags] <test-name> [<test-arguments>]
2885
2886 e.g.
2887
2888- sh run.sh [flags] notify
2889+ sh legacy.run.sh [flags] notify
2890
2891 Optional flags are:
2892
2893@@ -120,10 +160,10 @@ To run all the system tests, enter the command:
2894 sh runall.sh [-c] [-n] [numproc]
2895
2896 The optional flag "-c" forces colored output (by default system test output is
2897-not printed in color due to run.sh being piped through "tee").
2898+not printed in color due to legacy.run.sh being piped through "tee").
2899
2900-The optional flag "-n" has the same effect as it does for "run.sh" - it causes
2901-the retention of all output files from all tests.
2902+The optional flag "-n" has the same effect as it does for "legacy.run.sh" - it
2903+causes the retention of all output files from all tests.
2904
2905 The optional "numproc" argument specifies the maximum number of tests that can
2906 run in parallel. The default is 1, which means that all of the tests run
2907@@ -243,9 +283,9 @@ Re-Running the Tests
2908 ---
2909 If there is a requirement to re-run a test (or the entire test suite), the
2910 files produced by the tests should be deleted first. Normally, these files are
2911-deleted if the test succeeds but are retained on error. The run.sh script
2912-automatically calls a given test's clean.sh script before invoking its setup.sh
2913-script.
2914+deleted if the test succeeds but are retained on error. The legacy.run.sh
2915+script automatically calls a given test's clean.sh script before invoking its
2916+setup.sh script.
2917
2918 Deletion of the files produced by the set of tests (e.g. after the execution
2919 of "runall.sh") can be carried out using the command:
2920@@ -285,8 +325,8 @@ tests.sh Runs the actual tests. This file is mandatory.
2921
2922 clean.sh Run at the end to clean up temporary files, but only if the test
2923 was completed successfully and its running was not inhibited by the
2924- "-n" switch being passed to "run.sh". Otherwise the temporary
2925- files are left in place for inspection.
2926+ "-n" switch being passed to "legacy.run.sh". Otherwise the
2927+ temporary files are left in place for inspection.
2928
2929 ns<N> These subdirectories contain test name servers that can be queried
2930 or can interact with each other. The value of N indicates the
2931@@ -305,8 +345,8 @@ ans<N> Like ns[X], but these are simple mock name servers implemented in
2932 Port Usage
2933 ---
2934 In order for the tests to run in parallel, each test requires a unique set of
2935-ports. These are specified by the "-p" option passed to "run.sh", which sets
2936-environment variables that the scripts listed above can reference.
2937+ports. These are specified by the "-p" option passed to "legacy.run.sh", which
2938+sets environment variables that the scripts listed above can reference.
2939
2940 The convention used in the system tests is that the number passed is the start
2941 of a range of 100 ports. The test is free to use the ports as required,
2942@@ -358,10 +398,10 @@ General
2943 directory.
2944
2945 2. Arguments can be only passed to the script if the test is being run as a
2946-one-off with "run.sh". In this case, everything on the command line after the
2947-name of the test is passed to each script. For example, the command:
2948+one-off with "legacy.run.sh". In this case, everything on the command line
2949+after the name of the test is passed to each script. For example, the command:
2950
2951- sh run.sh -p 12300 mytest -D xyz
2952+ sh legacy.run.sh -p 12300 mytest -D xyz
2953
2954 ... will run "mytest" with a port range of 12300 to 12399. Each of the
2955 framework scripts provided by the test will be invoked using the remaining
2956@@ -448,14 +488,14 @@ This is the main test file and the contents depend on the test. The contents
2957 are completely up to the developer, although most test scripts have a form
2958 similar to the following for each sub-test:
2959
2960- 1. n=`expr $n + 1`
2961+ 1. n=$((n + 1))
2962 2. echo_i "prime cache nodata.example ($n)"
2963 3. ret=0
2964 4. $DIG -p ${PORT} @10.53.0.1 nodata.example TXT > dig.out.test$n
2965 5. grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
2966 6. grep "ANSWER: 0," dig.out.test$n > /dev/null || ret=1
2967 7. if [ $ret != 0 ]; then echo_i "failed"; fi
2968- 8. status=`expr $status + $ret`
2969+ 8. status=$((status + ret))
2970
2971 1. Increment the test number "n" (initialized to zero at the start of the
2972 script).
2973@@ -532,8 +572,8 @@ Ideally, the directory numbers should start at 1 and work upwards.
2974 When running a test, the servers are started using "start.sh" (which is nothing
2975 more than a wrapper for start.pl). The options for "start.pl" are documented
2976 in the header for that file, so will not be repeated here. In summary, when
2977-invoked by "run.sh", start.pl looks for directories named "nsN" or "ansN" in
2978-the test directory and starts the servers it finds there.
2979+invoked by "legacy.run.sh", start.pl looks for directories named "nsN" or
2980+"ansN" in the test directory and starts the servers it finds there.
2981
2982
2983 "named" Command-Line Options
2984@@ -630,8 +670,8 @@ the options available are listed in the file's header and will not be repeated
2985 here.
2986
2987 In summary though, the nameservers for a given test, if left running by
2988-specifying the "-k" flag to "run.sh" when the test is started, can be stopped
2989-by the command:
2990+specifying the "-k" flag to "legacy.run.sh" when the test is started, can be
2991+stopped by the command:
2992
2993 sh stop.sh <test-name> [server]
2994
2995@@ -663,17 +703,103 @@ completed. To enable this, set the USE_VALGRIND environment variable to
2996 "helgrind" to run the Helgrind tool, or any other value to run the Memcheck
2997 tool. To use "helgrind" effectively, build BIND with --disable-atomic.
2998
2999+Developer Notes for pytest runner
3000+===
3001+
3002+Test discovery and collection
3003+---
3004+There are two distinct types of system tests. The first is a shell script
3005+tests.sh containing individual test cases executed sequentially and the
3006+success/failure is determined by return code. The second type is a regular
3007+pytest file which contains test functions.
3008+
3009+Dealing with the regular pytest files doesn't require any special consideration
3010+as long as the naming conventions are met. Discovering the tests.sh tests is
3011+more complicated.
3012+
3013+The chosen solution is to add a bit of glue for each system test. For every
3014+tests.sh, there is an accompanying tests_sh_*.py file that contains a test
3015+function which utilizes a custom run_tests_sh fixture to call the tests.sh
3016+script. Other solutions were tried and eventually rejected. While this
3017+introduces a bit of extra glue, it is the most portable, compatible and least
3018+complex solution.
3019+
3020+Module scope
3021+---
3022+Pytest fixtures can have a scope. The "module" scope is the most important for
3023+our use. A module is a python file which contains test functions. Every system
3024+test directory may contain multiple modules (i.e. tests_*.py files)!
3025+
3026+The server setup/teardown is done for a module. Bundling test cases together
3027+inside a single module may save some resources. However, test cases inside a
3028+single module can't be executed in parallel.
3029+
3030+It is possible to execute different modules defined within a single system test
3031+directory in parallel. This is possible thanks to executing the tests inside a
3032+temporary directory and proper port assignment to ensure there won't be any
3033+conflicts.
3034+
3035+Test logging
3036+---
3037+Each module has a separate log which will be saved as pytest.log.txt in the
3038+temporary directory in which the test is executed. This log includes messages
3039+for this module setup/teardown as well as any logging from the tests using the
3040+`logger` fixture. Logging level DEBUG and above will be present in this log.
3041+
3042+In general, any log messages using INFO or above will also be printed out
3043+during pytest execution. In CI, the pytest output is also saved to
3044+pytest.out.txt in the bin/tests/system directory.
3045+
3046+Parallel execution
3047+---
3048+As mentioned in the previous section, test cases inside a single module can't
3049+be executed in parallel. To put it differently, all tests cases inside the same
3050+module must be performed by the same worker/thread. Otherwise, server
3051+setup/teardown fixtures won't be shared and runtime issues due to port
3052+collisions are likely to occur.
3053+
3054+Pytest-xdist is used for executing pytest test cases in parallel using the `-n
3055+N_WORKERS` option. By default, xdist will distribute any test case to any
3056+worker, which would lead to the issue described above. Therefore, conftest.py
3057+enforces equivalent of `--dist loadscope` option which ensures that test cases
3058+within the same (module) scope will be handled by the same worker. Parallelism
3059+is automatically disabled when xdist.scheduler.loadscope library is not
3060+available.
3061+
3062+$ pytest -n auto
3063+
3064+Test selection
3065+---
3066+It is possible to run just a single pytest test case from any module. Use
3067+standard pytest facility to select the desired test case(s), i.e. pass a
3068+sufficiently unique identifier for `-k` parameter. You can also check which
3069+tests will be executed by using the `--collect-only` flag to debug your `-k`
3070+expression.
3071+
3072+Compatibility with older pytest version
3073+---
3074+Keep in mind that the pytest runner must work with ancient versions of pytest.
3075+When implementing new features, it is advisable to check feature support in
3076+pytest and pytest-xdist in older distributions first.
3077+
3078+As a general rule, any changes to the pytest runner need to keep working on all
3079+platforms in CI that use the pytest runner. As of 2023-01-13, the oldest
3080+supported version is whatever is available in EL8.
3081+
3082+We may need to add more compat code eventually to handle breaking upstream
3083+changes. For example, using request.fspath attribute is already deprecatred in
3084+latest pytest.
3085
3086-Maintenance Notes
3087+Maintenance Notes for legacy runner
3088 ===
3089 This section is aimed at developers maintaining BIND's system test framework.
3090
3091 Notes on Parallel Execution
3092 ---
3093-Although execution of an individual test is controlled by "run.sh", which
3094-executes the above shell scripts (and starts the relevant servers) for each
3095-test, the running of all tests in the test suite is controlled by the Makefile.
3096-("runall.sh" does little more than invoke "make" on the Makefile.)
3097+Although execution of an individual test is controlled by "legacy.run.sh",
3098+which executes the above shell scripts (and starts the relevant servers) for
3099+each test, the running of all tests in the test suite is controlled by the
3100+Makefile. ("runall.sh" does little more than invoke "make" on the Makefile.)
3101
3102 All system tests are capable of being run in parallel. For this to work, each
3103 test needs to use a unique set of ports. To avoid the need to define which
3104@@ -683,7 +809,7 @@ the ports are assigned when the tests are run. This is achieved by having the
3105 when "make check" is run, and contains a target for each test of the form:
3106
3107 <test-name>:
3108- @$(SHELL) run.sh -p <baseport> <test-name>
3109+ @$(SHELL) legacy.run.sh -p <baseport> <test-name>
3110
3111 The <baseport> is unique and the values of <baseport> for each test are
3112 separated by at least 100 ports.
3113@@ -707,7 +833,7 @@ If the test fails, all these files are retained. But if the test succeeds,
3114 they are cleaned up at different times:
3115
3116 1. Files generated by the test itself are cleaned up by the test's own
3117-"clean.sh", which is called from "run.sh".
3118+"clean.sh", which is called from "legacy.run.sh".
3119
3120 2. Files that may not be cleaned up if named exits abnormally can be removed
3121 using the "cleanall.sh" script.
3122diff --git a/bin/tests/system/acl/ns2/named1.conf.in b/bin/tests/system/acl/ns2/named1.conf.in
3123index 8787c6a..c3343a3 100644
3124--- a/bin/tests/system/acl/ns2/named1.conf.in
3125+++ b/bin/tests/system/acl/ns2/named1.conf.in
3126@@ -32,6 +32,7 @@ options {
3127 notify yes;
3128 ixfr-from-differences yes;
3129 check-integrity no;
3130+ dnssec-validation no;
3131 };
3132
3133 key one {
3134diff --git a/bin/tests/system/acl/ns2/named2.conf.in b/bin/tests/system/acl/ns2/named2.conf.in
3135index a95b4c1..ac9ac84 100644
3136--- a/bin/tests/system/acl/ns2/named2.conf.in
3137+++ b/bin/tests/system/acl/ns2/named2.conf.in
3138@@ -32,6 +32,7 @@ options {
3139 notify yes;
3140 ixfr-from-differences yes;
3141 check-integrity no;
3142+ dnssec-validation no;
3143 };
3144
3145 key one {
3146diff --git a/bin/tests/system/acl/ns2/named3.conf.in b/bin/tests/system/acl/ns2/named3.conf.in
3147index 14cc3fe..efa73fa 100644
3148--- a/bin/tests/system/acl/ns2/named3.conf.in
3149+++ b/bin/tests/system/acl/ns2/named3.conf.in
3150@@ -32,6 +32,7 @@ options {
3151 notify yes;
3152 ixfr-from-differences yes;
3153 check-integrity no;
3154+ dnssec-validation no;
3155 };
3156
3157 key one {
3158diff --git a/bin/tests/system/acl/ns2/named4.conf.in b/bin/tests/system/acl/ns2/named4.conf.in
3159index 77cf110..54c0da3 100644
3160--- a/bin/tests/system/acl/ns2/named4.conf.in
3161+++ b/bin/tests/system/acl/ns2/named4.conf.in
3162@@ -32,6 +32,7 @@ options {
3163 notify yes;
3164 ixfr-from-differences yes;
3165 check-integrity no;
3166+ dnssec-validation no;
3167 };
3168
3169 key one {
3170diff --git a/bin/tests/system/acl/ns2/named5.conf.in b/bin/tests/system/acl/ns2/named5.conf.in
3171index 5ccabf9..e5b57f0 100644
3172--- a/bin/tests/system/acl/ns2/named5.conf.in
3173+++ b/bin/tests/system/acl/ns2/named5.conf.in
3174@@ -32,6 +32,7 @@ options {
3175 notify yes;
3176 ixfr-from-differences yes;
3177 check-integrity no;
3178+ dnssec-validation no;
3179 allow-query-on { 10.53.0.2; };
3180 blackhole { 10.53.0.8; };
3181 };
3182diff --git a/bin/tests/system/acl/ns3/named.conf.in b/bin/tests/system/acl/ns3/named.conf.in
3183index 396b1a9..31d3526 100644
3184--- a/bin/tests/system/acl/ns3/named.conf.in
3185+++ b/bin/tests/system/acl/ns3/named.conf.in
3186@@ -23,6 +23,7 @@ options {
3187 notify no;
3188 allow-new-zones yes;
3189 allow-transfer { none; };
3190+ dnssec-validation no;
3191 };
3192
3193 controls {
3194diff --git a/bin/tests/system/acl/ns4/named.conf.in b/bin/tests/system/acl/ns4/named.conf.in
3195index 951c61e..9b769d1 100644
3196--- a/bin/tests/system/acl/ns4/named.conf.in
3197+++ b/bin/tests/system/acl/ns4/named.conf.in
3198@@ -23,6 +23,7 @@ options {
3199 notify no;
3200 allow-new-zones yes;
3201 allow-transfer { none; };
3202+ dnssec-validation no;
3203 };
3204
3205 controls {
3206diff --git a/bin/tests/system/acl/tests.sh b/bin/tests/system/acl/tests.sh
3207index ad98fa1..48536da 100644
3208--- a/bin/tests/system/acl/tests.sh
3209+++ b/bin/tests/system/acl/tests.sh
3210@@ -11,6 +11,8 @@
3211 # See the COPYRIGHT file distributed with this work for additional
3212 # information regarding copyright ownership.
3213
3214+set -e
3215+
3216 . ../conf.sh
3217
3218 DIGOPTS="+tcp +noadd +nosea +nostat +noquest +nocomm +nocmd -p ${PORT}"
3219@@ -21,14 +23,14 @@ t=0
3220
3221 echo_i "testing basic ACL processing"
3222 # key "one" should fail
3223-t=`expr $t + 1`
3224+t=$((t + 1))
3225 $DIG $DIGOPTS tsigzone. \
3226 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
3227 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3228
3229
3230 # any other key should be fine
3231-t=`expr $t + 1`
3232+t=$((t + 1))
3233 $DIG $DIGOPTS tsigzone. \
3234 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
3235 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3236@@ -38,18 +40,18 @@ rndc_reload ns2 10.53.0.2
3237 sleep 5
3238
3239 # prefix 10/8 should fail
3240-t=`expr $t + 1`
3241+t=$((t + 1))
3242 $DIG $DIGOPTS tsigzone. \
3243 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
3244 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3245
3246 # any other address should work, as long as it sends key "one"
3247-t=`expr $t + 1`
3248+t=$((t + 1))
3249 $DIG $DIGOPTS tsigzone. \
3250 @10.53.0.2 -b 127.0.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
3251 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3252
3253-t=`expr $t + 1`
3254+t=$((t + 1))
3255 $DIG $DIGOPTS tsigzone. \
3256 @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
3257 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3258@@ -61,44 +63,44 @@ rndc_reload ns2 10.53.0.2
3259 sleep 5
3260
3261 # should succeed
3262-t=`expr $t + 1`
3263+t=$((t + 1))
3264 $DIG $DIGOPTS tsigzone. \
3265 @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
3266 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3267
3268 # should succeed
3269-t=`expr $t + 1`
3270+t=$((t + 1))
3271 $DIG $DIGOPTS tsigzone. \
3272 @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
3273 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3274
3275 # should succeed
3276-t=`expr $t + 1`
3277+t=$((t + 1))
3278 $DIG $DIGOPTS tsigzone. \
3279 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
3280 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3281
3282 # should succeed
3283-t=`expr $t + 1`
3284+t=$((t + 1))
3285 $DIG $DIGOPTS tsigzone. \
3286 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
3287 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3288
3289 # but only one or the other should fail
3290-t=`expr $t + 1`
3291+t=$((t + 1))
3292 $DIG $DIGOPTS tsigzone. \
3293 @10.53.0.2 -b 127.0.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
3294 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3295
3296-t=`expr $t + 1`
3297+t=$((t + 1))
3298 $DIG $DIGOPTS tsigzone. \
3299 @10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t}
3300 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $tt failed" ; status=1; }
3301
3302 # and other values? right out
3303-t=`expr $t + 1`
3304+t=$((t + 1))
3305 $DIG $DIGOPTS tsigzone. \
3306- @10.53.0.2 -b 127.0.0.1 axfr -y three:1234abcd8765 > dig.out.${t}
3307+ @10.53.0.2 -b 127.0.0.1 axfr -y "${DEFAULT_HMAC}:three:1234abcd8765" > dig.out.${t}
3308 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3309
3310 # now we only allow 10.53.0.1 *and* key one, or 10.53.0.2 *and* key two
3311@@ -107,31 +109,31 @@ rndc_reload ns2 10.53.0.2
3312 sleep 5
3313
3314 # should succeed
3315-t=`expr $t + 1`
3316+t=$((t + 1))
3317 $DIG $DIGOPTS tsigzone. \
3318 @10.53.0.2 -b 10.53.0.2 axfr -y two:1234abcd8765 > dig.out.${t}
3319 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3320
3321 # should succeed
3322-t=`expr $t + 1`
3323+t=$((t + 1))
3324 $DIG $DIGOPTS tsigzone. \
3325 @10.53.0.2 -b 10.53.0.1 axfr -y one:1234abcd8765 > dig.out.${t}
3326 grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
3327
3328 # should fail
3329-t=`expr $t + 1`
3330+t=$((t + 1))
3331 $DIG $DIGOPTS tsigzone. \
3332 @10.53.0.2 -b 10.53.0.2 axfr -y one:1234abcd8765 > dig.out.${t}
3333 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3334
3335 # should fail
3336-t=`expr $t + 1`
3337+t=$((t + 1))
3338 $DIG $DIGOPTS tsigzone. \
3339 @10.53.0.2 -b 10.53.0.1 axfr -y two:1234abcd8765 > dig.out.${t}
3340 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3341
3342 # should fail
3343-t=`expr $t + 1`
3344+t=$((t + 1))
3345 $DIG $DIGOPTS tsigzone. \
3346 @10.53.0.2 -b 10.53.0.3 axfr -y one:1234abcd8765 > dig.out.${t}
3347 grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3348@@ -140,31 +142,31 @@ echo_i "testing allow-query-on ACL processing"
3349 copy_setports ns2/named5.conf.in ns2/named.conf
3350 rndc_reload ns2 10.53.0.2
3351 sleep 5
3352-t=`expr $t + 1`
3353+t=$((t + 1))
3354 $DIG -p ${PORT} +tcp soa example. \
3355 @10.53.0.2 -b 10.53.0.3 > dig.out.${t}
3356 grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
3357
3358 echo_i "testing blackhole ACL processing"
3359-t=`expr $t + 1`
3360+t=$((t + 1))
3361 ret=0
3362 $DIG -p ${PORT} +tcp soa example. \
3363 @10.53.0.2 -b 10.53.0.3 > dig.out.1.${t}
3364 grep "status: NOERROR" dig.out.1.${t} > /dev/null 2>&1 || ret=1
3365 $DIG -p ${PORT} +tcp soa example. \
3366- @10.53.0.2 -b 10.53.0.8 > dig.out.2.${t}
3367+ @10.53.0.2 -b 10.53.0.8 > dig.out.2.${t} && ret=1
3368 grep "status: NOERROR" dig.out.2.${t} > /dev/null 2>&1 && ret=1
3369 grep "communications error" dig.out.2.${t} > /dev/null 2>&1 || ret=1
3370 $DIG -p ${PORT} soa example. \
3371 @10.53.0.2 -b 10.53.0.3 > dig.out.3.${t}
3372 grep "status: NOERROR" dig.out.3.${t} > /dev/null 2>&1 || ret=1
3373 $DIG -p ${PORT} soa example. \
3374- @10.53.0.2 -b 10.53.0.8 > dig.out.4.${t}
3375+ @10.53.0.2 -b 10.53.0.8 > dig.out.4.${t} && ret=1
3376 grep "status: NOERROR" dig.out.4.${t} > /dev/null 2>&1 && ret=1
3377 grep "timed out" dig.out.4.${t} > /dev/null 2>&1 || ret=1
3378 grep ";; no servers could be reached" dig.out.4.${t} > /dev/null 2>&1 || ret=1
3379 [ $ret -eq 0 ] || echo_i "failed"
3380-status=`expr $status + $ret`
3381+status=$((status + ret))
3382
3383 # AXFR tests against ns3
3384
3385@@ -174,26 +176,26 @@ echo_i "calling addzone example.com on ns3"
3386 $RNDCCMD 10.53.0.3 addzone 'example.com {type primary; file "example.db"; }; '
3387 sleep 1
3388
3389-t=`expr $t + 1`
3390+t=$((t + 1))
3391 ret=0
3392 echo_i "checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
3393 $DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
3394 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
3395 [ $ret -eq 0 ] || echo_i "failed"
3396-status=`expr $status + $ret`
3397+status=$((status + ret))
3398
3399 echo_i "calling rndc reconfig"
3400 rndc_reconfig ns3 10.53.0.3
3401
3402 sleep 1
3403
3404-t=`expr $t + 1`
3405+t=$((t + 1))
3406 ret=0
3407 echo_i "re-checking AXFR of example.com from ns3 with ACL allow-transfer { none; }; (${t})"
3408 $DIG -p ${PORT} @10.53.0.3 example.com axfr > dig.out.${t} 2>&1
3409 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
3410 [ $ret -eq 0 ] || echo_i "failed"
3411-status=`expr $status + $ret`
3412+status=$((status + ret))
3413
3414 # AXFR tests against ns4
3415
3416@@ -203,26 +205,26 @@ echo_i "calling addzone example.com on ns4"
3417 $RNDCCMD 10.53.0.4 addzone 'example.com {type primary; file "example.db"; }; '
3418 sleep 1
3419
3420-t=`expr $t + 1`
3421+t=$((t + 1))
3422 ret=0
3423 echo_i "checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
3424 $DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
3425 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
3426 [ $ret -eq 0 ] || echo_i "failed"
3427-status=`expr $status + $ret`
3428+status=$((status + ret))
3429
3430 echo_i "calling rndc reconfig"
3431 rndc_reconfig ns4 10.53.0.4
3432
3433 sleep 1
3434
3435-t=`expr $t + 1`
3436+t=$((t + 1))
3437 ret=0
3438 echo_i "re-checking AXFR of example.com from ns4 with ACL allow-transfer { none; }; (${t})"
3439 $DIG -p ${PORT} @10.53.0.4 example.com axfr > dig.out.${t} 2>&1
3440 grep "Transfer failed." dig.out.${t} >/dev/null 2>&1 || ret=1
3441 [ $ret -eq 0 ] || echo_i "failed"
3442-status=`expr $status + $ret`
3443+status=$((status + ret))
3444
3445 echo_i "exit status: $status"
3446 [ $status -eq 0 ] || exit 1
3447diff --git a/bin/tests/system/hooks/prereq.sh b/bin/tests/system/acl/tests_sh_acl.py
3448similarity index 68%
3449rename from bin/tests/system/hooks/prereq.sh
3450rename to bin/tests/system/acl/tests_sh_acl.py
3451index 665fdfe..2c98644 100644
3452--- a/bin/tests/system/hooks/prereq.sh
3453+++ b/bin/tests/system/acl/tests_sh_acl.py
3454@@ -1,5 +1,3 @@
3455-#!/bin/sh
3456-
3457 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3458 #
3459 # SPDX-License-Identifier: MPL-2.0
3460@@ -11,11 +9,6 @@
3461 # See the COPYRIGHT file distributed with this work for additional
3462 # information regarding copyright ownership.
3463
3464-. ../conf.sh
3465-
3466-$FEATURETEST --tsan && {
3467- echo_i "TSAN - skipping hooks test"
3468- exit 255
3469-}
3470
3471-exit 0
3472+def test_acl(run_tests_sh):
3473+ run_tests_sh()
3474diff --git a/bin/tests/system/additional/ns2/named.conf.in b/bin/tests/system/additional/ns2/named.conf.in
3475index dae255d..ed43ca6 100644
3476--- a/bin/tests/system/additional/ns2/named.conf.in
3477+++ b/bin/tests/system/additional/ns2/named.conf.in
3478@@ -22,6 +22,7 @@ options {
3479 listen-on-v6 { none; };
3480 notify no;
3481 minimal-responses yes;
3482+ dnssec-validation no;
3483 };
3484
3485 zone "." {
3486diff --git a/bin/tests/system/additional/tests.sh b/bin/tests/system/additional/tests.sh
3487index 6cede72..a50004c 100644
3488--- a/bin/tests/system/additional/tests.sh
3489+++ b/bin/tests/system/additional/tests.sh
3490@@ -11,6 +11,8 @@
3491 # See the COPYRIGHT file distributed with this work for additional
3492 # information regarding copyright ownership.
3493
3494+set -e
3495+
3496 . ../conf.sh
3497
3498 DIGOPTS="-p ${PORT}"
3499@@ -20,7 +22,7 @@ status=0
3500 n=0
3501
3502 dotests() {
3503- n=`expr $n + 1`
3504+ n=$((n + 1))
3505 echo_i "test with RT, single zone (+rec) ($n)"
3506 ret=0
3507 $DIG $DIGOPTS +rec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
3508@@ -28,7 +30,7 @@ dotests() {
3509 echo_i "failed"; status=$((status+1))
3510 fi
3511
3512- n=`expr $n + 1`
3513+ n=$((n + 1))
3514 echo_i "test with RT, two zones (+rec) ($n)"
3515 ret=0
3516 $DIG $DIGOPTS +rec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
3517@@ -36,7 +38,7 @@ dotests() {
3518 echo_i "failed"; status=$((status+1))
3519 fi
3520
3521- n=`expr $n + 1`
3522+ n=$((n + 1))
3523 echo_i "test with NAPTR, single zone (+rec) ($n)"
3524 ret=0
3525 $DIG $DIGOPTS +rec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
3526@@ -44,7 +46,7 @@ dotests() {
3527 echo_i "failed"; status=$((status+1))
3528 fi
3529
3530- n=`expr $n + 1`
3531+ n=$((n + 1))
3532 echo_i "test with NAPTR, two zones (+rec) ($n)"
3533 ret=0
3534 $DIG $DIGOPTS +rec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
3535@@ -52,7 +54,7 @@ dotests() {
3536 echo_i "failed"; status=$((status+1))
3537 fi
3538
3539- n=`expr $n + 1`
3540+ n=$((n + 1))
3541 echo_i "test with LP (+rec) ($n)"
3542 ret=0
3543 $DIG $DIGOPTS +rec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
3544@@ -82,7 +84,7 @@ dotests() {
3545 echo_i "failed"; status=$((status+1))
3546 fi
3547
3548- n=`expr $n + 1`
3549+ n=$((n + 1))
3550 echo_i "test with NID (+rec) ($n)"
3551 ret=0
3552 $DIG $DIGOPTS +rec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
3553@@ -98,7 +100,7 @@ dotests() {
3554 echo_i "failed"; status=$((status+1))
3555 fi
3556
3557- n=`expr $n + 1`
3558+ n=$((n + 1))
3559 echo_i "test with NID + LP (+rec) ($n)"
3560 ret=0
3561 $DIG $DIGOPTS +rec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
3562@@ -116,7 +118,7 @@ dotests() {
3563 echo_i "failed"; status=$((status+1))
3564 fi
3565
3566- n=`expr $n + 1`
3567+ n=$((n + 1))
3568 echo_i "test with RT, single zone (+norec) ($n)"
3569 ret=0
3570 $DIG $DIGOPTS +norec -t RT rt.rt.example @10.53.0.1 > dig.out.$n || ret=1
3571@@ -124,7 +126,7 @@ dotests() {
3572 echo_i "failed"; status=$((status+1))
3573 fi
3574
3575- n=`expr $n + 1`
3576+ n=$((n + 1))
3577 echo_i "test with RT, two zones (+norec) ($n)"
3578 ret=0
3579 $DIG $DIGOPTS +norec -t RT rt.rt2.example @10.53.0.1 > dig.out.$n || ret=1
3580@@ -132,7 +134,7 @@ dotests() {
3581 echo_i "failed"; status=$((status+1))
3582 fi
3583
3584- n=`expr $n + 1`
3585+ n=$((n + 1))
3586 echo_i "test with NAPTR, single zone (+norec) ($n)"
3587 ret=0
3588 $DIG $DIGOPTS +norec -t NAPTR nap.naptr.example @10.53.0.1 > dig.out.$n || ret=1
3589@@ -140,7 +142,7 @@ dotests() {
3590 echo_i "failed"; status=$((status+1))
3591 fi
3592
3593- n=`expr $n + 1`
3594+ n=$((n + 1))
3595 echo_i "test with NAPTR, two zones (+norec) ($n)"
3596 ret=0
3597 $DIG $DIGOPTS +norec -t NAPTR nap.hang3b.example @10.53.0.1 > dig.out.$n || ret=1
3598@@ -148,7 +150,7 @@ dotests() {
3599 echo_i "failed"; status=$((status+1))
3600 fi
3601
3602- n=`expr $n + 1`
3603+ n=$((n + 1))
3604 echo_i "test with LP (+norec) ($n)"
3605 ret=0
3606 $DIG $DIGOPTS +norec -t LP nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
3607@@ -178,7 +180,7 @@ dotests() {
3608 echo_i "failed"; status=$((status+1))
3609 fi
3610
3611- n=`expr $n + 1`
3612+ n=$((n + 1))
3613 echo_i "test with NID (+norec) ($n)"
3614 ret=0
3615 $DIG $DIGOPTS +norec -t NID ns1.nid.example @10.53.0.1 > dig.out.$n || ret=1
3616@@ -194,7 +196,7 @@ dotests() {
3617 echo_i "failed"; status=$((status+1))
3618 fi
3619
3620- n=`expr $n + 1`
3621+ n=$((n + 1))
3622 echo_i "test with NID + LP (+norec) ($n)"
3623 ret=0
3624 $DIG $DIGOPTS +norec -t NID nid2.nid.example @10.53.0.1 > dig.out.$n || ret=1
3625@@ -212,7 +214,7 @@ dotests() {
3626 echo_i "failed"; status=$((status+1))
3627 fi
3628
3629- n=`expr $n + 1`
3630+ n=$((n + 1))
3631 echo_i "test with NS, root zone ($n)"
3632 ret=0
3633 $DIG $DIGOPTS -t NS . @10.53.0.1 > dig.out.$n || ret=1
3634@@ -222,7 +224,7 @@ dotests() {
3635 echo_i "failed"; status=$((status+1))
3636 fi
3637
3638- n=`expr $n + 1`
3639+ n=$((n + 1))
3640 echo_i "test with NS, non-root zone ($n)"
3641 ret=0
3642 $DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
3643@@ -257,7 +259,7 @@ echo_i "testing with 'minimal-responses no;'"
3644 minimal=no
3645 dotests
3646
3647-n=`expr $n + 1`
3648+n=$((n + 1))
3649 echo_i "testing with 'minimal-any no;' ($n)"
3650 ret=0
3651 $DIG $DIGOPTS -t ANY www.rt.example @10.53.0.1 > dig.out.$n || ret=1
3652@@ -270,7 +272,7 @@ echo_i "reconfiguring server: minimal-any yes"
3653 copy_setports ns1/named3.conf.in ns1/named.conf
3654 rndc_reconfig ns1 10.53.0.1
3655
3656-n=`expr $n + 1`
3657+n=$((n + 1))
3658 echo_i "testing with 'minimal-any yes;' over UDP ($n)"
3659 ret=0
3660 $DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
3661@@ -278,7 +280,7 @@ grep "ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1" dig.out.$n > /dev/null || ret=1
3662 if [ $ret -eq 1 ] ; then
3663 echo_i "failed"; status=$((status+1))
3664 fi
3665-n=`expr $n + 1`
3666+n=$((n + 1))
3667
3668 echo_i "testing with 'minimal-any yes;' over TCP ($n)"
3669 ret=0
3670@@ -288,7 +290,7 @@ if [ $ret -eq 1 ] ; then
3671 echo_i "failed"; status=$((status+1))
3672 fi
3673
3674-n=`expr $n + 1`
3675+n=$((n + 1))
3676 echo_i "testing with 'minimal-any yes;' over UDP ($n)"
3677 ret=0
3678 $DIG $DIGOPTS -t ANY +notcp www.rt.example @10.53.0.1 > dig.out.$n || ret=1
3679@@ -309,7 +311,7 @@ echo_i "testing with 'minimal-responses no-auth-recursive;'"
3680 minimal=no-auth-recursive
3681 dotests
3682
3683-n=`expr $n + 1`
3684+n=$((n + 1))
3685 echo_i "testing returning TLSA records with MX query ($n)"
3686 ret=0
3687 $DIG $DIGOPTS -t mx mx.example @10.53.0.1 > dig.out.$n || ret=1
3688@@ -320,7 +322,7 @@ if [ $ret -eq 1 ] ; then
3689 echo_i "failed"; status=$((status+1))
3690 fi
3691
3692-n=`expr $n + 1`
3693+n=$((n + 1))
3694 echo_i "testing returning TLSA records with SRV query ($n)"
3695 ret=0
3696 $DIG $DIGOPTS -t srv _xmpp-client._tcp.srv.example @10.53.0.1 > dig.out.$n || ret=1
3697@@ -335,7 +337,7 @@ echo_i "reconfiguring server: minimal-responses no"
3698 copy_setports ns1/named2.conf.in ns1/named.conf
3699 rndc_reconfig ns1 10.53.0.1
3700
3701-n=`expr $n + 1`
3702+n=$((n + 1))
3703 echo_i "testing NS handling in ANY responses (authoritative) ($n)"
3704 ret=0
3705 $DIG $DIGOPTS -t ANY rt.example @10.53.0.1 > dig.out.$n || ret=1
3706@@ -345,7 +347,7 @@ if [ $ret -eq 1 ] ; then
3707 echo_i "failed"; status=$((status+1))
3708 fi
3709
3710-n=`expr $n + 1`
3711+n=$((n + 1))
3712 echo_i "testing NS handling in ANY responses (recursive) ($n)"
3713 ret=0
3714 $DIG $DIGOPTS -t ANY rt.example @10.53.0.3 > dig.out.$n || ret=1
3715@@ -355,7 +357,7 @@ if [ $ret -eq 1 ] ; then
3716 echo_i "failed"; status=$((status+1))
3717 fi
3718
3719-n=`expr $n + 1`
3720+n=$((n + 1))
3721 echo_i "testing out-of-zone additional data from auth zones (authoritative) ($n)"
3722 ret=0
3723 $DIG $DIGOPTS -t NS rt.example @10.53.0.1 > dig.out.$n || ret=1
3724@@ -364,7 +366,7 @@ if [ $ret -eq 1 ] ; then
3725 echo_i "failed"; status=$((status+1))
3726 fi
3727
3728-n=`expr $n + 1`
3729+n=$((n + 1))
3730 echo_i "testing out-of-zone additional data from auth zones (recursive) ($n)"
3731 ret=0
3732 $DIG $DIGOPTS -t NS ex @10.53.0.3 > dig.out.$n || ret=1
3733diff --git a/bin/tests/system/hooks/tests.sh b/bin/tests/system/additional/tests_sh_additional.py
3734similarity index 51%
3735rename from bin/tests/system/hooks/tests.sh
3736rename to bin/tests/system/additional/tests_sh_additional.py
3737index 9ba0bd8..cdc38f4 100644
3738--- a/bin/tests/system/hooks/tests.sh
3739+++ b/bin/tests/system/additional/tests_sh_additional.py
3740@@ -1,5 +1,3 @@
3741-#!/bin/sh
3742-
3743 # Copyright (C) Internet Systems Consortium, Inc. ("ISC")
3744 #
3745 # SPDX-License-Identifier: MPL-2.0
3746@@ -11,26 +9,6 @@
3747 # See the COPYRIGHT file distributed with this work for additional
3748 # information regarding copyright ownership.
3749
3750-. ../conf.sh
3751-
3752-status=0
3753-n=0
3754-
3755-rm -f dig.out.*
3756-
3757-DIGOPTS="+tcp +noadd +nosea +nostat +nocmd -p ${PORT}"
3758-RNDCCMD="$RNDC -c ../common/rndc.conf -p ${CONTROLPORT} -s"
3759-
3760-n=$((n+1))
3761-echo_i "checking asynchronous hook action resumes correctly ($n)"
3762-ret=0
3763-$DIG $DIGOPTS example.com @10.53.0.1 > dig.out.ns1.test$n || ret=1
3764-# the test-async plugin changes the status of any postiive answer to NOTIMP
3765-grep -q "status: NOTIMP" dig.out.ns1.test$n || ret=1
3766-if [ $ret != 0 ]; then echo_i "failed"; fi
3767-status=$((status + ret))
3768-
3769-
3770
3771-echo_i "exit status: $status"
3772-[ $status -eq 0 ] || exit 1
3773+def test_additional(run_tests_sh):
3774+ run_tests_sh()
3775diff --git a/bin/tests/system/addzone/ns1/named.conf.in b/bin/tests/system/addzone/ns1/named.conf.in
3776index b2d5e05..9015e1b 100644
3777--- a/bin/tests/system/addzone/ns1/named.conf.in
3778+++ b/bin/tests/system/addzone/ns1/named.conf.in
3779@@ -28,6 +28,7 @@ options {
3780 allow-query { any; };
3781 allow-new-zones yes;
3782 recursion no;
3783+ dnssec-validation no;
3784 };
3785
3786 zone "." {
3787diff --git a/bin/tests/system/addzone/ns2/named1.conf.in b/bin/tests/system/addzone/ns2/named1.conf.in
3788index eb8519a..23be60e 100644
3789--- a/bin/tests/system/addzone/ns2/named1.conf.in
3790+++ b/bin/tests/system/addzone/ns2/named1.conf.in
3791@@ -19,6 +19,7 @@ options {
3792 allow-query { any; };
3793 recursion no;
3794 allow-new-zones yes;
3795+ dnssec-validation no;
3796 };
3797
3798 include "../../common/rndc.key";
3799diff --git a/bin/tests/system/addzone/ns2/named2.conf.in b/bin/tests/system/addzone/ns2/named2.conf.in
3800index 33e45b9..8b0f23d 100644
3801--- a/bin/tests/system/addzone/ns2/named2.conf.in
3802+++ b/bin/tests/system/addzone/ns2/named2.conf.in
3803@@ -24,6 +24,7 @@ options {
3804 listen-on { 10.53.0.2; 10.53.0.4; };
3805 listen-on-v6 { none; };
3806 recursion no;
3807+ dnssec-validation no;
3808 };
3809
3810 view internal {
3811diff --git a/bin/tests/system/addzone/ns2/named3.conf.in b/bin/tests/system/addzone/ns2/named3.conf.in
3812index 697d279..7078ce9 100644
3813--- a/bin/tests/system/addzone/ns2/named3.conf.in
3814+++ b/bin/tests/system/addzone/ns2/named3.conf.in
3815@@ -24,6 +24,7 @@ options {
3816 listen-on-v6 { none; };
3817 recursion no;
3818 new-zones-directory "new-zones";
3819+ dnssec-validation no;
3820 };
3821
3822 view internal {
3823diff --git a/bin/tests/system/addzone/ns3/named1.conf.in b/bin/tests/system/addzone/ns3/named1.conf.in
3824index f1488f4..6c512a6 100644
3825--- a/bin/tests/system/addzone/ns3/named1.conf.in
3826+++ b/bin/tests/system/addzone/ns3/named1.conf.in
3827@@ -25,6 +25,7 @@ options {
3828 allow-query { any; };
3829 recursion no;
3830 allow-new-zones yes;
3831+ dnssec-validation no;
3832 };
3833
3834 zone "." {
3835diff --git a/bin/tests/system/addzone/ns3/named2.conf.in b/bin/tests/system/addzone/ns3/named2.conf.in
3836index 3b56d64..6ca25f1 100644
3837--- a/bin/tests/system/addzone/ns3/named2.conf.in
3838+++ b/bin/tests/system/addzone/ns3/named2.conf.in
3839@@ -25,4 +25,5 @@ options {
3840 allow-query { any; };
3841 recursion no;
3842 allow-new-zones yes;
3843+ dnssec-validation no;
3844 };
3845diff --git a/bin/tests/system/addzone/tests.sh b/bin/tests/system/addzone/tests.sh
3846index 0f81eb7..2937e79 100755
3847--- a/bin/tests/system/addzone/tests.sh
3848+++ b/bin/tests/system/addzone/tests.sh
3849@@ -11,6 +11,8 @@
3850 # See the COPYRIGHT file distributed with this work for additional
3851 # information regarding copyright ownership.
3852
3853+set -e
3854+
3855 . ../conf.sh
3856
3857 DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}"
3858@@ -30,9 +32,9 @@ ret=0
3859 $DIG $DIGOPTS @10.53.0.2 a.normal.example a > dig.out.ns2.$n || ret=1
3860 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
3861 grep '^a.normal.example' dig.out.ns2.$n > /dev/null || ret=1
3862-n=`expr $n + 1`
3863+n=$((n + 1))
3864 if [ $ret != 0 ]; then echo_i "failed"; fi
3865-status=`expr $status + $ret`
3866+status=$((status + ret))
3867
3868 # When LMDB support is compiled in, this tests that migration from
3869 # NZF to NZD occurs during named startup
3870@@ -41,16 +43,16 @@ ret=0
3871 $DIG $DIGOPTS @10.53.0.2 a.previous.example a > dig.out.ns2.$n || ret=1
3872 grep 'status: NOERROR' dig.out.ns2.$n > /dev/null || ret=1
3873 grep '^a.previous.example' dig.out.ns2.$n > /dev/null || ret=1
3874-n=`expr $n + 1`
3875+n=$((n + 1))
3876 if [ $ret != 0 ]; then echo_i "failed"; fi
3877-status=`expr $status + $ret`
3878+status=$((status + ret))
3879
3880 if $FEATURETEST --with-lmdb; then
3881 echo_i "checking that existing NZF file was renamed after migration ($n)"
3882 [ -e ns2/3bf305731dd26307.nzf~ ] || ret=1
3883- n=`expr $n + 1`
3884+ n=$((n + 1))
3885 if [ $ret != 0 ]; then echo_i "failed"; fi
3886- status=`expr $status + $ret`
3887+ status=$((status + ret))
3888 fi
3889
3890 echo_i "adding new zone ($n)"
3891@@ -62,27 +64,27 @@ _check_adding_new_zone () (
3892 grep '^a.added.example' dig.out.ns2.$n > /dev/null
3893 )
3894 retry_quiet 10 _check_adding_new_zone || ret=1
3895-n=`expr $n + 1`
3896+n=$((n + 1))
3897 if [ $ret != 0 ]; then echo_i "failed"; fi
3898-status=`expr $status + $ret`
3899+status=$((status + ret))
3900
3901 nextpart ns2/named.run >/dev/null
3902 echo_i "checking addzone errors are logged correctly"
3903 ret=0
3904 $RNDCCMD 10.53.0.2 addzone bad.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
3905 wait_for_log_peek 20 "addzone: 'mister' unexpected" ns2/named.run || ret=1
3906-n=`expr $n + 1`
3907+n=$((n + 1))
3908 if [ $ret != 0 ]; then echo_i "failed"; fi
3909-status=`expr $status + $ret`
3910+status=$((status + ret))
3911
3912 nextpart ns2/named.run >/dev/null
3913 echo_i "checking modzone errors are logged correctly"
3914 ret=0
3915 $RNDCCMD 10.53.0.2 modzone added.example '{ type mister; };' 2>&1 | grep 'unexpected token' > /dev/null 2>&1 || ret=1
3916 wait_for_log_peek 20 "modzone: 'mister' unexpected" ns2/named.run || ret=1
3917-n=`expr $n + 1`
3918+n=$((n + 1))
3919 if [ $ret != 0 ]; then echo_i "failed"; fi
3920-status=`expr $status + $ret`
3921+status=$((status + ret))
3922
3923 echo_i "adding a zone that requires quotes ($n)"
3924 ret=0
3925@@ -94,9 +96,9 @@ _check_zone_that_requires_quotes() (
3926 grep '^a.32/1.0.0.127-in-addr.added.example' dig.out.ns2.$n > /dev/null
3927 )
3928 retry_quiet 10 _check_zone_that_requires_quotes || ret=1
3929-n=`expr $n + 1`
3930+n=$((n + 1))
3931 if [ $ret != 0 ]; then echo_i "failed"; fi
3932-status=`expr $status + $ret`
3933+status=$((status + ret))
3934
3935 echo_i "adding a zone with a quote in the name ($n)"
3936 ret=0
3937@@ -107,48 +109,48 @@ _check_zone_with_a_quote() (
3938 grep '^a.foo\\"bar.example' dig.out.ns2.$n > /dev/null
3939 )
3940 retry_quiet 10 _check_zone_with_a_quote || ret=1
3941-n=`expr $n + 1`
3942+n=$((n + 1))
3943 if [ $ret != 0 ]; then echo_i "failed"; fi
3944-status=`expr $status + $ret`
3945+status=$((status + ret))
3946
3947 echo_i "adding new zone with missing file ($n)"
3948 ret=0
3949 $DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.pre.$n || ret=1
3950 grep "status: REFUSED" dig.out.ns2.pre.$n > /dev/null || ret=1
3951-$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2> rndc.out.ns2.$n
3952+$RNDCCMD 10.53.0.2 addzone 'missing.example { type primary; file "missing.db"; };' 2> rndc.out.ns2.$n && ret=1
3953 grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
3954 $DIG $DIGOPTS +all @10.53.0.2 a.missing.example a > dig.out.ns2.post.$n || ret=1
3955 grep "status: REFUSED" dig.out.ns2.post.$n > /dev/null || ret=1
3956 digcomp dig.out.ns2.pre.$n dig.out.ns2.post.$n || ret=1
3957-n=`expr $n + 1`
3958+n=$((n + 1))
3959 if [ $ret != 0 ]; then echo_i "failed"; fi
3960-status=`expr $status + $ret`
3961+status=$((status + ret))
3962
3963 if ! $FEATURETEST --with-lmdb; then
3964 echo_i "verifying no comments in NZF file ($n)"
3965 ret=0
3966- hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
3967+ hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l)
3968 [ $hcount -eq 0 ] || ret=1
3969- n=`expr $n + 1`
3970+ n=$((n + 1))
3971 if [ $ret != 0 ]; then echo_i "failed"; fi
3972- status=`expr $status + $ret`
3973+ status=$((status + ret))
3974 fi
3975
3976 echo_i "checking rndc showzone with previously added zone ($n)"
3977 ret=0
3978 $RNDCCMD 10.53.0.2 showzone previous.example > rndc.out.ns2.$n
3979 expected='zone "previous.example" { type primary; file "previous.db"; };'
3980-[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
3981-n=`expr $n + 1`
3982+[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
3983+n=$((n + 1))
3984 if [ $ret != 0 ]; then echo_i "failed"; fi
3985-status=`expr $status + $ret`
3986+status=$((status + ret))
3987
3988 if $FEATURETEST --with-lmdb; then
3989 echo_i "checking zone is present in NZD ($n)"
3990 ret=0
3991 $NZD2NZF ns2/_default.nzd | grep previous.example > /dev/null || ret=1
3992 if [ $ret != 0 ]; then echo_i "failed"; fi
3993- status=`expr $status + $ret`
3994+ status=$((status + ret))
3995 fi
3996
3997 echo_i "deleting previously added zone ($n)"
3998@@ -160,9 +162,9 @@ _check_deleting_previously_added_zone() (
3999 ! grep '^a.previous.example' dig.out.ns2.$n > /dev/null
4000 )
4001 retry_quiet 10 _check_deleting_previously_added_zone || ret=1
4002-n=`expr $n + 1`
4003+n=$((n + 1))
4004 if [ $ret != 0 ]; then echo_i "failed"; fi
4005-status=`expr $status + $ret`
4006+status=$((status + ret))
4007
4008 check_nzd2nzf() (
4009 $NZD2NZF ns2/_default.nzd > nzd2nzf.out.$n &&
4010@@ -173,17 +175,17 @@ if $FEATURETEST --with-lmdb; then
4011 echo_i "checking zone was deleted from NZD ($n)"
4012 retry_quiet 10 check_nzd2nzf || ret=1
4013 if [ $ret != 0 ]; then echo_i "failed"; fi
4014- status=`expr $status + $ret`
4015+ status=$((status + ret))
4016 fi
4017
4018 if ! $FEATURETEST --with-lmdb; then
4019 echo_i "checking NZF file now has comment ($n)"
4020 ret=0
4021- hcount=`grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l`
4022+ hcount=$(grep "^# New zone file for view: _default" ns2/3bf305731dd26307.nzf | wc -l)
4023 [ $hcount -eq 1 ] || ret=1
4024- n=`expr $n + 1`
4025+ n=$((n + 1))
4026 if [ $ret != 0 ]; then echo_i "failed"; fi
4027- status=`expr $status + $ret`
4028+ status=$((status + ret))
4029 fi
4030
4031 echo_i "deleting newly added zone added.example ($n)"
4032@@ -195,9 +197,9 @@ _check_deleting_newly_added_zone() (
4033 ! grep '^a.added.example' dig.out.ns2.$n > /dev/null
4034 )
4035 retry_quiet 10 _check_deleting_newly_added_zone || ret=1
4036-n=`expr $n + 1`
4037+n=$((n + 1))
4038 if [ $ret != 0 ]; then echo_i "failed"; fi
4039-status=`expr $status + $ret`
4040+status=$((status + ret))
4041
4042 echo_i "deleting newly added zone with escaped quote ($n)"
4043 ret=0
4044@@ -208,45 +210,45 @@ _check_deleting_newly_added_zone_quote() (
4045 ! grep "^a.foo\"bar.example" dig.out.ns2.$n > /dev/null
4046 )
4047 retry_quiet 10 _check_deleting_newly_added_zone_quote || ret=1
4048-n=`expr $n + 1`
4049+n=$((n + 1))
4050 if [ $ret != 0 ]; then echo_i "failed"; fi
4051-status=`expr $status + $ret`
4052+status=$((status + ret))
4053
4054 echo_i "checking rndc showzone with a normally-loaded zone ($n)"
4055 ret=0
4056 $RNDCCMD 10.53.0.2 showzone normal.example > rndc.out.ns2.$n
4057 expected='zone "normal.example" { type primary; file "normal.db"; };'
4058-[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
4059-n=`expr $n + 1`
4060+[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
4061+n=$((n + 1))
4062 if [ $ret != 0 ]; then echo_i "failed"; fi
4063-status=`expr $status + $ret`
4064+status=$((status + ret))
4065
4066 echo_i "checking rndc showzone with a normally-loaded zone with trailing dot ($n)"
4067 ret=0
4068 $RNDCCMD 10.53.0.2 showzone finaldot.example > rndc.out.ns2.$n
4069 expected='zone "finaldot.example." { type primary; file "normal.db"; };'
4070-[ "`cat rndc.out.ns2.$n`" = "$expected" ] || ret=1
4071-n=`expr $n + 1`
4072+[ "$(cat rndc.out.ns2.$n)" = "$expected" ] || ret=1
4073+n=$((n + 1))
4074 if [ $ret != 0 ]; then echo_i "failed"; fi
4075-status=`expr $status + $ret`
4076+status=$((status + ret))
4077
4078 echo_i "checking rndc showzone with a normally-loaded redirect zone ($n)"
4079 ret=0
4080 $RNDCCMD 10.53.0.1 showzone -redirect > rndc.out.ns1.$n
4081 expected='zone "." { type redirect; file "redirect.db"; };'
4082-[ "`cat rndc.out.ns1.$n`" = "$expected" ] || ret=1
4083-n=`expr $n + 1`
4084+[ "$(cat rndc.out.ns1.$n)" = "$expected" ] || ret=1
4085+n=$((n + 1))
4086 if [ $ret != 0 ]; then echo_i "failed"; fi
4087-status=`expr $status + $ret`
4088+status=$((status + ret))
4089
4090 echo_i "checking rndc zonestatus with a normally-loaded redirect zone ($n)"
4091 ret=0
4092 $RNDCCMD 10.53.0.1 zonestatus -redirect > rndc.out.ns1.$n
4093 grep "type: redirect" rndc.out.ns1.$n > /dev/null || ret=1
4094 grep "serial: 0" rndc.out.ns1.$n > /dev/null || ret=1
4095-n=`expr $n + 1`
4096+n=$((n + 1))
4097 if [ $ret != 0 ]; then echo_i "failed"; fi
4098-status=`expr $status + $ret`
4099+status=$((status + ret))
4100
4101 echo_i "checking rndc reload with a normally-loaded redirect zone ($n)"
4102 ret=0
4103@@ -254,9 +256,9 @@ sleep 1
4104 cp -f ns1/redirect.db.2 ns1/redirect.db
4105 $RNDCCMD 10.53.0.1 reload -redirect > rndc.out.ns1.$n
4106 retry_quiet 5 check_zonestatus 1 || ret=1
4107-n=`expr $n + 1`
4108+n=$((n + 1))
4109 if [ $ret != 0 ]; then echo_i "failed"; fi
4110-status=`expr $status + $ret`
4111+status=$((status + ret))
4112
4113 echo_i "delete a normally-loaded zone ($n)"
4114 ret=0
4115@@ -270,9 +272,9 @@ _check_delete_normally_loaded_zone() (
4116 )
4117 retry_quiet 5 _check_delete_normally_loaded_zone || ret=1
4118
4119-n=`expr $n + 1`
4120+n=$((n + 1))
4121 if [ $ret != 0 ]; then echo_i "failed"; fi
4122-status=`expr $status + $ret`
4123+status=$((status + ret))
4124
4125 echo_i "attempting to add primary zone with inline signing ($n)"
4126 $RNDCCMD 10.53.0.2 addzone 'inline.example { type primary; file "inline.db"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
4127@@ -282,17 +284,17 @@ _check_add_primary_zone_with_inline() (
4128 grep '^a.inline.example' dig.out.ns2.$n > /dev/null
4129 )
4130 retry_quiet 5 _check_add_primary_zone_with_inline || ret=1
4131-n=`expr $n + 1`
4132+n=$((n + 1))
4133 if [ $ret != 0 ]; then echo_i "failed"; fi
4134-status=`expr $status + $ret`
4135+status=$((status + ret))
4136
4137 echo_i "attempting to add primary zone with inline signing and missing file ($n)"
4138 ret=0
4139-$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n
4140+$RNDCCMD 10.53.0.2 addzone 'inlinemissing.example { type primary; file "missing.db"; inline-signing yes; };' 2> rndc.out.ns2.$n && ret=1
4141 grep "file not found" rndc.out.ns2.$n > /dev/null || ret=1
4142-n=`expr $n + 1`
4143+n=$((n + 1))
4144 if [ $ret != 0 ]; then echo_i "failed"; fi
4145-status=`expr $status + $ret`
4146+status=$((status + ret))
4147
4148 echo_i "attempting to add secondary zone with inline signing ($n)"
4149 $RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
4150@@ -302,9 +304,9 @@ _check_add_secondary_with_inline() (
4151 grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
4152 )
4153 retry_quiet 5 _check_add_secondary_with_inline || ret=1
4154-n=`expr $n + 1`
4155+n=$((n + 1))
4156 if [ $ret != 0 ]; then echo_i "failed"; fi
4157-status=`expr $status + $ret`
4158+status=$((status + ret))
4159
4160 echo_i "attempting to delete secondary zone with inline signing ($n)"
4161 ret=0
4162@@ -318,8 +320,8 @@ test ! -f inlinesec.bk.signed ||
4163 grep '^inlinesec.bk.signed$' rndc.out2.test$n > /dev/null || {
4164 echo_i "failed to report inlinesec.bk.signed"; ret=1;
4165 }
4166-n=`expr $n + 1`
4167-status=`expr $status + $ret`
4168+n=$((n + 1))
4169+status=$((status + ret))
4170
4171 echo_i "restoring secondary zone with inline signing ($n)"
4172 $RNDCCMD 10.53.0.2 addzone 'inlinesec.example { type secondary; primaries { 10.53.0.1; }; file "inlinesec.bk"; inline-signing yes; };' 2>&1 | sed 's/^/I:ns2 /'
4173@@ -329,17 +331,17 @@ _check_restoring_secondary_with_inline() (
4174 grep '^a.inlinesec.example' dig.out.ns2.$n > /dev/null
4175 )
4176 retry_quiet 5 _check_restoring_secondary_with_inline || ret=1
4177-n=`expr $n + 1`
4178+n=$((n + 1))
4179 if [ $ret != 0 ]; then echo_i "failed"; fi
4180-status=`expr $status + $ret`
4181+status=$((status + ret))
4182
4183 echo_i "deleting secondary zone with automatic zone file removal ($n)"
4184 ret=0
4185 retry_quiet 10 test -f ns2/inlinesec.bk.signed -a -f ns2/inlinesec.bk || ret=1
4186 $RNDCCMD 10.53.0.2 delzone -clean inlinesec.example > /dev/null 2>&1
4187 retry_quiet 10 test ! -f ns2/inlinesec.bk.signed -a ! -f ns2/inlinesec.bk
4188-n=`expr $n + 1`
4189-status=`expr $status + $ret`
4190+n=$((n + 1))
4191+status=$((status + ret))
4192
4193 echo_i "modifying zone configuration ($n)"
4194 ret=0
4195@@ -349,23 +351,23 @@ grep 'status: NOERROR' dig.out.ns2.1.$n > /dev/null || ret=1
4196 $RNDCCMD 10.53.0.2 modzone 'mod.example { type primary; file "added.db"; allow-query { none; }; };' 2>&1 | sed 's/^/ns2 /' | cat_i
4197 $DIG +norec $DIGOPTS @10.53.0.2 mod.example ns > dig.out.ns2.2.$n || ret=1
4198 $RNDCCMD 10.53.0.2 showzone mod.example | grep 'allow-query { "none"; };' > /dev/null 2>&1 || ret=1
4199-n=`expr $n + 1`
4200+n=$((n + 1))
4201 if [ $ret != 0 ]; then echo_i "failed"; fi
4202-status=`expr $status + $ret`
4203+status=$((status + ret))
4204
4205 echo_i "check that adding a 'stub' zone works ($n)"
4206 ret=0
4207 $RNDCCMD 10.53.0.2 addzone 'stub.example { type stub; primaries { 1.2.3.4; }; file "stub.example.bk"; };' > rndc.out.ns2.$n 2>&1 || ret=1
4208-n=`expr $n + 1`
4209+n=$((n + 1))
4210 if [ $ret != 0 ]; then echo_i "failed"; fi
4211-status=`expr $status + $ret`
4212+status=$((status + ret))
4213
4214 echo_i "check that adding a 'static-stub' zone works ($n)"
4215 ret=0
4216 $RNDCCMD 10.53.0.2 addzone 'static-stub.example { type static-stub; server-addresses { 1.2.3.4; }; };' > rndc.out.ns2.$n 2>&1 || ret=1
4217-n=`expr $n + 1`
4218+n=$((n + 1))
4219 if [ $ret != 0 ]; then echo_i "failed"; fi
4220-status=`expr $status + $ret`
4221+status=$((status + ret))
4222
4223 echo_i "check that adding a 'primary redirect' zone works ($n)"
4224 ret=0
4225@@ -378,9 +380,9 @@ _check_add_primary_redirect() (
4226 grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
4227 )
4228 retry_quiet 10 _check_add_primary_redirect || ret=1
4229-n=`expr $n + 1`
4230+n=$((n + 1))
4231 if [ $ret != 0 ]; then echo_i "failed"; fi
4232-status=`expr $status + $ret`
4233+status=$((status + ret))
4234
4235 echo_i "check that reloading a added 'primary redirect' zone works ($n)"
4236 ret=0
4237@@ -388,16 +390,16 @@ sleep 1
4238 cp -f ns2/redirect.db.2 ns2/redirect.db
4239 $RNDCCMD 10.53.0.2 reload -redirect > rndc.out.ns2.$n
4240 retry_quiet 10 check_zonestatus 2 || ret=1
4241-n=`expr $n + 1`
4242+n=$((n + 1))
4243 if [ $ret != 0 ]; then echo_i "failed"; fi
4244-status=`expr $status + $ret`
4245+status=$((status + ret))
4246
4247 echo_i "check that retransfer of a added 'primary redirect' zone fails ($n)"
4248 ret=0
4249 $RNDCCMD 10.53.0.2 retransfer -redirect > rndc.out.ns2.$n 2>&1 && ret=1
4250-n=`expr $n + 1`
4251+n=$((n + 1))
4252 if [ $ret != 0 ]; then echo_i "failed"; fi
4253-status=`expr $status + $ret`
4254+status=$((status + ret))
4255
4256 echo_i "check that deleting a 'primary redirect' zone works ($n)"
4257 ret=0
4258@@ -407,9 +409,9 @@ _check_deleting_primary_redirect() (
4259 grep 'not found' showzone.out.ns2.$n > /dev/null
4260 )
4261 retry_quiet 10 _check_deleting_primary_redirect || ret=1
4262-n=`expr $n + 1`
4263+n=$((n + 1))
4264 if [ $ret != 0 ]; then echo_i "failed"; fi
4265-status=`expr $status + $ret`
4266+status=$((status + ret))
4267
4268 echo_i "check that adding a 'secondary redirect' zone works ($n)"
4269 ret=0
4270@@ -422,9 +424,9 @@ _check_adding_secondary_redirect() (
4271 grep "serial: 0" zonestatus.out.ns2.$n > /dev/null
4272 )
4273 retry_quiet 10 _check_adding_secondary_redirect || ret=1
4274-n=`expr $n + 1`
4275+n=$((n + 1))
4276 if [ $ret != 0 ]; then echo_i "failed"; fi
4277-status=`expr $status + $ret`
4278+status=$((status + ret))
4279
4280 echo_i "check that retransfering a added 'secondary redirect' zone works ($n)"
4281 ret=0
4282@@ -437,9 +439,9 @@ _check_retransfering_secondary_redirect() (
4283 grep "serial: 1" zonestatus.out.ns2.$n > /dev/null
4284 )
4285 retry_quiet 10 _check_retransfering_secondary_redirect || ret=1
4286-n=`expr $n + 1`
4287+n=$((n + 1))
4288 if [ $ret != 0 ]; then echo_i "failed"; fi
4289-status=`expr $status + $ret`
4290+status=$((status + ret))
4291
4292 echo_i "check that deleting a 'secondary redirect' zone works ($n)"
4293 ret=0
4294@@ -449,41 +451,41 @@ _check_deleting_secondary_redirect() (
4295 grep 'not found' showzone.out.ns2.$n > /dev/null
4296 )
4297 retry_quiet 10 _check_deleting_secondary_redirect || ret=1
4298-n=`expr $n + 1`
4299+n=$((n + 1))
4300 if [ $ret != 0 ]; then echo_i "failed"; fi
4301-status=`expr $status + $ret`
4302+status=$((status + ret))
4303
4304 echo_i "check that zone type 'hint' is properly rejected ($n)"
4305 ret=0
4306 $RNDCCMD 10.53.0.2 addzone '"." { type hint; file "hints.db"; };' > rndc.out.ns2.$n 2>&1 && ret=1
4307 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
4308-n=`expr $n + 1`
4309+n=$((n + 1))
4310 if [ $ret != 0 ]; then echo_i "failed"; fi
4311-status=`expr $status + $ret`
4312+status=$((status + ret))
4313
4314 echo_i "check that zone type 'forward' is properly rejected ($n)"
4315 ret=0
4316 $RNDCCMD 10.53.0.2 addzone 'forward.example { type forward; forwarders { 1.2.3.4; }; forward only; };' > rndc.out.ns2.$n 2>&1 && ret=1
4317 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
4318-n=`expr $n + 1`
4319+n=$((n + 1))
4320 if [ $ret != 0 ]; then echo_i "failed"; fi
4321-status=`expr $status + $ret`
4322+status=$((status + ret))
4323
4324 echo_i "check that zone type 'delegation-only' is properly rejected ($n)"
4325 ret=0
4326 $RNDCCMD 10.53.0.2 addzone 'delegation-only.example { type delegation-only; };' > rndc.out.ns2.$n 2>&1 && ret=1
4327 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
4328-n=`expr $n + 1`
4329+n=$((n + 1))
4330 if [ $ret != 0 ]; then echo_i "failed"; fi
4331-status=`expr $status + $ret`
4332+status=$((status + ret))
4333
4334 echo_i "check that 'in-view' zones are properly rejected ($n)"
4335 ret=0
4336 $RNDCCMD 10.53.0.2 addzone 'in-view.example { in-view "_default"; };' > rndc.out.ns2.$n 2>&1 && ret=1
4337 grep "zones not supported by addzone" rndc.out.ns2.$n > /dev/null || ret=1
4338-n=`expr $n + 1`
4339+n=$((n + 1))
4340 if [ $ret != 0 ]; then echo_i "failed"; fi
4341-status=`expr $status + $ret`
4342+status=$((status + ret))
4343
4344 echo_i "reconfiguring server with multiple views"
4345 rm -f ns2/named.conf
4346@@ -508,27 +510,27 @@ grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
4347 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
4348 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
4349 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
4350-n=`expr $n + 1`
4351+n=$((n + 1))
4352 if [ $ret != 0 ]; then echo_i "failed"; fi
4353-status=`expr $status + $ret`
4354+status=$((status + ret))
4355
4356 if ! $FEATURETEST --with-lmdb; then
4357 echo_i "checking new NZF file has comment ($n)"
4358 ret=0
4359- hcount=`grep "^# New zone file for view: external" ns2/external.nzf | wc -l`
4360+ hcount=$(grep "^# New zone file for view: external" ns2/external.nzf | wc -l)
4361 [ $hcount -eq 1 ] || ret=1
4362- n=`expr $n + 1`
4363+ n=$((n + 1))
4364 if [ $ret != 0 ]; then echo_i "failed"; fi
4365- status=`expr $status + $ret`
4366+ status=$((status + ret))
4367 fi
4368
4369 if $FEATURETEST --with-lmdb; then
4370 echo_i "verifying added.example in external view created an external.nzd DB ($n)"
4371 ret=0
4372 [ -e ns2/external.nzd ] || ret=1
4373- n=`expr $n + 1`
4374+ n=$((n + 1))
4375 if [ $ret != 0 ]; then echo_i "failed"; fi
4376- status=`expr $status + $ret`
4377+ status=$((status + ret))
4378 fi
4379
4380 echo_i "checking rndc reload causes named to reload the external view's new zone config ($n)"
4381@@ -542,9 +544,9 @@ _check_rndc_reload_external_view_config() (
4382 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
4383 )
4384 retry_quiet 10 _check_rndc_reload_external_view_config || ret=1
4385-n=`expr $n + 1`
4386+n=$((n + 1))
4387 if [ $ret != 0 ]; then echo_i "failed"; fi
4388-status=`expr $status + $ret`
4389+status=$((status + ret))
4390
4391 echo_i "checking rndc showzone with newly added zone ($n)"
4392 _check_rndc_showzone_newly_added() (
4393@@ -554,12 +556,12 @@ _check_rndc_showzone_newly_added() (
4394 expected='zone "added.example" { type primary; file "added.db"; };'
4395 fi
4396 $RNDCCMD 10.53.0.2 showzone added.example in external > rndc.out.ns2.$n 2>/dev/null &&
4397- [ "`cat rndc.out.ns2.$n`" = "$expected" ]
4398+ [ "$(cat rndc.out.ns2.$n)" = "$expected" ]
4399 )
4400 retry_quiet 10 _check_rndc_showzone_newly_added || ret=1
4401-n=`expr $n + 1`
4402+n=$((n + 1))
4403 if [ $ret != 0 ]; then echo_i "failed"; fi
4404-status=`expr $status + $ret`
4405+status=$((status + ret))
4406
4407 echo_i "deleting newly added zone ($n)"
4408 ret=0
4409@@ -570,31 +572,31 @@ _check_deleting_newly_added_zone() (
4410 ! grep '^a.added.example' dig.out.ns2.$n > /dev/null
4411 )
4412 retry_quiet 10 _check_deleting_newly_added_zone || ret=1
4413-n=`expr $n + 1`
4414+n=$((n + 1))
4415 if [ $ret != 0 ]; then echo_i "failed"; fi
4416-status=`expr $status + $ret`
4417+status=$((status + ret))
4418
4419 echo_i "attempting to add zone to internal view ($n)"
4420 ret=0
4421 $DIG +norec $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.pre.$n || ret=1
4422 grep 'status: NOERROR' dig.out.ns2.pre.$n > /dev/null || ret=1
4423-$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2> rndc.out.ns2.$n
4424+$RNDCCMD 10.53.0.2 addzone 'added.example in internal { type primary; file "added.db"; };' 2> rndc.out.ns2.$n && ret=1
4425 grep "permission denied" rndc.out.ns2.$n > /dev/null || ret=1
4426 $DIG $DIGOPTS @10.53.0.2 -b 10.53.0.2 a.added.example a > dig.out.ns2.int.$n || ret=1
4427 grep 'status: NOERROR' dig.out.ns2.int.$n > /dev/null || ret=1
4428 $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
4429 grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
4430-n=`expr $n + 1`
4431+n=$((n + 1))
4432 if [ $ret != 0 ]; then echo_i "failed"; fi
4433-status=`expr $status + $ret`
4434+status=$((status + ret))
4435
4436 echo_i "attempting to delete a policy zone ($n)"
4437 ret=0
4438-$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1
4439+$RNDCCMD 10.53.0.2 delzone 'policy in internal' 2> rndc.out.ns2.$n >&1 && ret=1
4440 grep 'cannot be deleted' rndc.out.ns2.$n > /dev/null || ret=1
4441-n=`expr $n + 1`
4442+n=$((n + 1))
4443 if [ $ret != 0 ]; then echo_i "failed"; fi
4444-status=`expr $status + $ret`
4445+status=$((status + ret))
4446
4447 echo_i "adding new zone again to external view ($n)"
4448 ret=0
4449@@ -607,9 +609,9 @@ _check_adding_new_zone_again_external() (
4450 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null
4451 )
4452 retry_quiet 10 _check_adding_new_zone_again_external || ret=1
4453-n=`expr $n + 1`
4454+n=$((n + 1))
4455 if [ $ret != 0 ]; then echo_i "failed"; fi
4456-status=`expr $status + $ret`
4457+status=$((status + ret))
4458
4459 echo_i "reconfiguring server with multiple views and new-zones-directory"
4460 rm -f ns2/named.conf
4461@@ -621,9 +623,9 @@ ret=0
4462 $DIG +norec $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.ext.$n || ret=1
4463 grep 'status: NOERROR' dig.out.ns2.ext.$n > /dev/null || ret=1
4464 grep '^a.added.example' dig.out.ns2.ext.$n > /dev/null || ret=1
4465-n=`expr $n + 1`
4466+n=$((n + 1))
4467 if [ $ret != 0 ]; then echo_i "failed"; fi
4468-status=`expr $status + $ret`
4469+status=$((status + ret))
4470
4471 echo_i "deleting newly added zone from external ($n)"
4472 ret=0
4473@@ -631,9 +633,9 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in external' 2>&1 | sed 's/^/I:ns2 /'
4474 $DIG $DIGOPTS @10.53.0.4 -b 10.53.0.4 a.added.example a > dig.out.ns2.$n || ret=1
4475 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
4476 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
4477-n=`expr $n + 1`
4478+n=$((n + 1))
4479 if [ $ret != 0 ]; then echo_i "failed"; fi
4480-status=`expr $status + $ret`
4481+status=$((status + ret))
4482
4483 echo_i "adding new zone to directory view ($n)"
4484 ret=0
4485@@ -651,9 +653,9 @@ grep 'status: REFUSED' dig.out.ns2.ext.$n > /dev/null || ret=1
4486 $DIG +norec $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.dir.$n || ret=1
4487 grep 'status: NOERROR' dig.out.ns2.dir.$n > /dev/null || ret=1
4488 grep '^a.added.example' dig.out.ns2.dir.$n > /dev/null || ret=1
4489-n=`expr $n + 1`
4490+n=$((n + 1))
4491 if [ $ret != 0 ]; then echo_i "failed"; fi
4492-status=`expr $status + $ret`
4493+status=$((status + ret))
4494
4495 if $FEATURETEST --with-lmdb; then
4496 echo_i "checking NZD file was created in new-zones-directory ($n)"
4497@@ -665,9 +667,9 @@ fi
4498 $RNDCCMD 10.53.0.2 sync 'added.example IN directory' 2>&1 | sed 's/^/I:ns2 /'
4499 sleep 2
4500 [ -e "$expect" ] || ret=1
4501-n=`expr $n + 1`
4502+n=$((n + 1))
4503 if [ $ret != 0 ]; then echo_i "failed"; fi
4504-status=`expr $status + $ret`
4505+status=$((status + ret))
4506
4507 echo_i "deleting newly added zone from directory ($n)"
4508 ret=0
4509@@ -675,17 +677,17 @@ $RNDCCMD 10.53.0.2 delzone 'added.example in directory' 2>&1 | sed 's/^/I:ns2 /'
4510 $DIG $DIGOPTS @10.53.0.5 -b 10.53.0.5 a.added.example a > dig.out.ns2.$n || ret=1
4511 grep 'status: REFUSED' dig.out.ns2.$n > /dev/null || ret=1
4512 grep '^a.added.example' dig.out.ns2.$n > /dev/null && ret=1
4513-n=`expr $n + 1`
4514+n=$((n + 1))
4515 if [ $ret != 0 ]; then echo_i "failed"; fi
4516-status=`expr $status + $ret`
4517+status=$((status + ret))
4518
4519 echo_i "ensure the configuration context is cleaned up correctly ($n)"
4520 ret=0
4521 rndc_reconfig ns2 10.53.0.2
4522 $RNDCCMD 10.53.0.2 status > /dev/null 2>&1 || ret=1
4523-n=`expr $n + 1`
4524+n=$((n + 1))
4525 if [ $ret != 0 ]; then echo_i "failed"; fi
4526-status=`expr $status + $ret`
4527+status=$((status + ret))
4528
4529 echo_i "check delzone after reconfig failure ($n)"
4530 ret=0
4531@@ -693,9 +695,9 @@ $RNDCCMD 10.53.0.3 addzone 'inlinesec.example. IN { type secondary; file "inline
4532 copy_setports ns3/named2.conf.in ns3/named.conf
4533 rndc_reconfig ns3 10.53.0.3
4534 $RNDCCMD 10.53.0.3 delzone inlinesec.example > /dev/null 2>&1 || ret=1
4535-n=`expr $n + 1`
4536+n=$((n + 1))
4537 if [ $ret != 0 ]; then echo_i "failed"; fi
4538-status=`expr $status + $ret`
4539+status=$((status + ret))
4540
4541 if ! $FEATURETEST --with-lmdb
4542 then
4543@@ -706,9 +708,9 @@ then
4544 $RNDCCMD 10.53.0.3 addzone "test3.baz" '{ type primary; file "e.db"; };' > /dev/null 2>&1 || ret=1
4545 $RNDCCMD 10.53.0.3 delzone "test3.baz" > /dev/null 2>&1 || ret=1
4546 grep test2.baz ns3/_default.nzf > /dev/null && ret=1
4547- n=`expr $n + 1`
4548+ n=$((n + 1))
4549 if [ $ret != 0 ]; then echo_i "failed"; fi
4550- status=`expr $status + $ret`
4551+ status=$((status + ret))
4552 fi
4553
4554 _check_version_bind() (
4555@@ -747,8 +749,8 @@ $DIG $DIGOPTS @10.53.0.3 SOA 'test\010.baz' > dig.out.6.test$n || ret=1
4556 grep "status: NOERROR" dig.out.6.test$n > /dev/null || ret=1
4557 grep "ANSWER: 1," dig.out.6.test$n > /dev/null || ret=1
4558 if [ $ret != 0 ]; then echo_i "failed"; fi
4559-status=`expr $status + $ret`
4560-n=`expr $n + 1`
4561+status=$((status + ret))
4562+n=$((n + 1))
4563
4564 echo_i "exit status: $status"
4565 [ $status -eq 0 ] || exit 1
4566diff --git a/bin/tests/system/addzone/tests_sh_addzone.py b/bin/tests/system/addzone/tests_sh_addzone.py
4567new file mode 100644
4568index 0000000..dca8e74
4569--- /dev/null
4570+++ b/bin/tests/system/addzone/tests_sh_addzone.py
4571@@ -0,0 +1,14 @@
4572+# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
4573+#
4574+# SPDX-License-Identifier: MPL-2.0
4575+#
4576+# This Source Code Form is subject to the terms of the Mozilla Public
4577+# License, v. 2.0. If a copy of the MPL was not distributed with this
4578+# file, you can obtain one at https://mozilla.org/MPL/2.0/.
4579+#
4580+# See the COPYRIGHT file distributed with this work for additional
4581+# information regarding copyright ownership.
4582+
4583+
4584+def test_addzone(run_tests_sh):
4585+ run_tests_sh()
4586diff --git a/bin/tests/system/allow-query/ns1/named.conf.in b/bin/tests/system/allow-query/ns1/named.conf.in
4587index a72cc87..dd786e2 100644
4588--- a/bin/tests/system/allow-query/ns1/named.conf.in
4589+++ b/bin/tests/system/allow-query/ns1/named.conf.in
4590@@ -17,6 +17,7 @@ options {
4591 listen-on { 10.53.0.1; };
4592 listen-on-v6 { none; };
4593 recursion no;
4594+ dnssec-validation no;
4595 };
4596
4597 zone "." {
4598diff --git a/bin/tests/system/allow-query/ns2/named01.conf.in b/bin/tests/system/allow-query/ns2/named01.conf.in
4599index 1f7ab40..3069010 100644
4600--- a/bin/tests/system/allow-query/ns2/named01.conf.in
4601+++ b/bin/tests/system/allow-query/ns2/named01.conf.in
4602@@ -17,6 +17,7 @@ options {
4603 listen-on { 10.53.0.2; };
4604 listen-on-v6 { none; };
4605 recursion no;
4606+ dnssec-validation no;
4607 };
4608
4609 include "controls.conf";
4610diff --git a/bin/tests/system/allow-query/ns2/named02.conf.in b/bin/tests/system/allow-query/ns2/named02.conf.in
4611index 3e24bdc..678c417 100644
4612--- a/bin/tests/system/allow-query/ns2/named02.conf.in
4613+++ b/bin/tests/system/allow-query/ns2/named02.conf.in
4614@@ -18,6 +18,7 @@ options {
4615 listen-on-v6 { none; };
4616 recursion no;
4617 allow-query { any; };
4618+ dnssec-validation no;
4619 };
4620
4621 include "controls.conf";
4622diff --git a/bin/tests/system/allow-query/ns2/named03.conf.in b/bin/tests/system/allow-query/ns2/named03.conf.in
4623index dd5985b..cdc64ff 100644
4624--- a/bin/tests/system/allow-query/ns2/named03.conf.in
4625+++ b/bin/tests/system/allow-query/ns2/named03.conf.in
4626@@ -18,6 +18,7 @@ options {
4627 listen-on-v6 { none; };
4628 recursion no;
4629 allow-query { none; };
4630+ dnssec-validation no;
4631 };
4632
4633 include "controls.conf";
4634diff --git a/bin/tests/system/allow-query/ns2/named04.conf.in b/bin/tests/system/allow-query/ns2/named04.conf.in
4635index f61447e..0544662 100644
4636--- a/bin/tests/system/allow-query/ns2/named04.conf.in
4637+++ b/bin/tests/system/allow-query/ns2/named04.conf.in
4638@@ -18,6 +18,7 @@ options {
4639 listen-on-v6 { none; };
4640 recursion no;
4641 allow-query { 10.53.0.2; };
4642+ dnssec-validation no;
4643 };
4644
4645 include "controls.conf";
4646diff --git a/bin/tests/system/allow-query/ns2/named05.conf.in b/bin/tests/system/allow-query/ns2/named05.conf.in
4647index 53c31a3..6f92049 100644
4648--- a/bin/tests/system/allow-query/ns2/named05.conf.in
4649+++ b/bin/tests/system/allow-query/ns2/named05.conf.in
4650@@ -18,6 +18,7 @@ options {
4651 listen-on-v6 { none; };
4652 recursion no;
4653 allow-query { 10.53.0.1; };
4654+ dnssec-validation no;
4655 };
4656
4657 include "controls.conf";
4658diff --git a/bin/tests/system/allow-query/ns2/named06.conf.in b/bin/tests/system/allow-query/ns2/named06.conf.in
4659index 49d9e42..261c75b 100644
4660--- a/bin/tests/system/allow-query/ns2/named06.conf.in
4661+++ b/bin/tests/system/allow-query/ns2/named06.conf.in
4662@@ -18,6 +18,7 @@ options {
4663 listen-on-v6 { none; };
4664 recursion no;
4665 allow-query {! 10.53.0.2; };
4666+ dnssec-validation no;
4667 };
4668
4669 include "controls.conf";
4670diff --git a/bin/tests/system/allow-query/ns2/named07.conf.in b/bin/tests/system/allow-query/ns2/named07.conf.in
4671index a40cade..8050fa2 100644
4672--- a/bin/tests/system/allow-query/ns2/named07.conf.in
4673+++ b/bin/tests/system/allow-query/ns2/named07.conf.in
4674@@ -20,6 +20,7 @@ options {
4675 listen-on-v6 { none; };
4676 recursion no;
4677 allow-query { accept; };
4678+ dnssec-validation no;
4679 };
4680
4681 include "controls.conf";
4682diff --git a/bin/tests/system/allow-query/ns2/named08.conf.in b/bin/tests/system/allow-query/ns2/named08.conf.in
4683index 413878b..ffa4cdc 100644
4684--- a/bin/tests/system/allow-query/ns2/named08.conf.in
4685+++ b/bin/tests/system/allow-query/ns2/named08.conf.in
4686@@ -20,6 +20,7 @@ options {
4687 listen-on-v6 { none; };
4688 recursion no;
4689 allow-query { accept; };
4690+ dnssec-validation no;
4691 };
4692
4693 include "controls.conf";
4694diff --git a/bin/tests/system/allow-query/ns2/named09.conf.in b/bin/tests/system/allow-query/ns2/named09.conf.in
4695index b2d900e..49166e6 100644
4696--- a/bin/tests/system/allow-query/ns2/named09.conf.in
4697+++ b/bin/tests/system/allow-query/ns2/named09.conf.in
4698@@ -20,6 +20,7 @@ options {
4699 listen-on-v6 { none; };
4700 recursion no;
4701 allow-query {! accept; };
4702+ dnssec-validation no;
4703 };
4704
4705 include "controls.conf";
4706diff --git a/bin/tests/system/allow-query/ns2/named10.conf.in b/bin/tests/system/allow-query/ns2/named10.conf.in
4707index b91d19a..d684c2d 100644
4708--- a/bin/tests/system/allow-query/ns2/named10.conf.in
4709+++ b/bin/tests/system/allow-query/ns2/named10.conf.in
4710@@ -23,6 +23,7 @@ options {
4711 listen-on-v6 { none; };
4712 recursion no;
4713 allow-query { key one; };
4714+ dnssec-validation no;
4715 };
4716
4717 include "controls.conf";
4718diff --git a/bin/tests/system/allow-query/ns2/named11.conf.in b/bin/tests/system/allow-query/ns2/named11.conf.in
4719index 308c4ca..59b9e0e 100644
4720--- a/bin/tests/system/allow-query/ns2/named11.conf.in
4721+++ b/bin/tests/system/allow-query/ns2/named11.conf.in
4722@@ -29,6 +29,7 @@ options {
4723 listen-on-v6 { none; };
4724 recursion no;
4725 allow-query { key one; };
4726+ dnssec-validation no;
4727 };
4728
4729 include "controls.conf";
4730diff --git a/bin/tests/system/allow-query/ns2/named12.conf.in b/bin/tests/system/allow-query/ns2/named12.conf.in
4731index 6b0fe55..a8e9107 100644
4732--- a/bin/tests/system/allow-query/ns2/named12.conf.in
4733+++ b/bin/tests/system/allow-query/ns2/named12.conf.in
4734@@ -23,6 +23,7 @@ options {
4735 listen-on-v6 { none; };
4736 recursion no;
4737 allow-query {! key one; };
4738+ dnssec-validation no;
4739 };
4740
4741 include "controls.conf";
4742diff --git a/bin/tests/system/allow-query/ns2/named21.conf.in b/bin/tests/system/allow-query/ns2/named21.conf.in
4743index 311eaf7..c6204a3 100644
4744--- a/bin/tests/system/allow-query/ns2/named21.conf.in
4745+++ b/bin/tests/system/allow-query/ns2/named21.conf.in
4746@@ -17,6 +17,7 @@ options {
4747 listen-on { 10.53.0.2; };
4748 listen-on-v6 { none; };
4749 recursion no;
4750+ dnssec-validation no;
4751 };
4752
4753 include "controls.conf";
4754diff --git a/bin/tests/system/allow-query/ns2/named22.conf.in b/bin/tests/system/allow-query/ns2/named22.conf.in
4755index 1c191da..454f24a 100644
4756--- a/bin/tests/system/allow-query/ns2/named22.conf.in
4757+++ b/bin/tests/system/allow-query/ns2/named22.conf.in
4758@@ -17,6 +17,7 @@ options {
4759 listen-on { 10.53.0.2; };
4760 listen-on-v6 { none; };
4761 recursion no;
4762+ dnssec-validation no;
4763 };
4764
4765 include "controls.conf";
4766diff --git a/bin/tests/system/allow-query/ns2/named23.conf.in b/bin/tests/system/allow-query/ns2/named23.conf.in
4767index e0cd069..f62337b 100644
4768--- a/bin/tests/system/allow-query/ns2/named23.conf.in
4769+++ b/bin/tests/system/allow-query/ns2/named23.conf.in
4770@@ -17,6 +17,7 @@ options {
4771 listen-on { 10.53.0.2; };
4772 listen-on-v6 { none; };
4773 recursion no;
4774+ dnssec-validation no;
4775 };
4776
4777 include "controls.conf";
4778diff --git a/bin/tests/system/allow-query/ns2/named24.conf.in b/bin/tests/system/allow-query/ns2/named24.conf.in
4779index 33f03b0..1e277a9 100644
4780--- a/bin/tests/system/allow-query/ns2/named24.conf.in
4781+++ b/bin/tests/system/allow-query/ns2/named24.conf.in
4782@@ -17,6 +17,7 @@ options {
4783 listen-on { 10.53.0.2; };
4784 listen-on-v6 { none; };
4785 recursion no;
4786+ dnssec-validation no;
4787 };
4788
4789 include "controls.conf";
4790diff --git a/bin/tests/system/allow-query/ns2/named25.conf.in b/bin/tests/system/allow-query/ns2/named25.conf.in
4791index 28cadd0..0548af2 100644
4792--- a/bin/tests/system/allow-query/ns2/named25.conf.in
4793+++ b/bin/tests/system/allow-query/ns2/named25.conf.in
4794@@ -17,6 +17,7 @@ options {
4795 listen-on { 10.53.0.2; };
4796 listen-on-v6 { none; };
4797 recursion no;
4798+ dnssec-validation no;
4799 };
4800
4801 include "controls.conf";
4802diff --git a/bin/tests/system/allow-query/ns2/named26.conf.in b/bin/tests/system/allow-query/ns2/named26.conf.in
4803index 52b915d..40e5dfd 100644
4804--- a/bin/tests/system/allow-query/ns2/named26.conf.in
4805+++ b/bin/tests/system/allow-query/ns2/named26.conf.in
4806@@ -17,6 +17,7 @@ options {
4807 listen-on { 10.53.0.2; };
4808 listen-on-v6 { none; };
4809 recursion no;
4810+ dnssec-validation no;
4811 };
4812
4813 include "controls.conf";
4814diff --git a/bin/tests/system/allow-query/ns2/named27.conf.in b/bin/tests/system/allow-query/ns2/named27.conf.in
4815index c95838c..92fa1f8 100644
4816--- a/bin/tests/system/allow-query/ns2/named27.conf.in
4817+++ b/bin/tests/system/allow-query/ns2/named27.conf.in
4818@@ -19,6 +19,7 @@ options {
4819 listen-on { 10.53.0.2; };
4820 listen-on-v6 { none; };
4821 recursion no;
4822+ dnssec-validation no;
4823 };
4824
4825 include "controls.conf";
4826diff --git a/bin/tests/system/allow-query/ns2/named28.conf.in b/bin/tests/system/allow-query/ns2/named28.conf.in
4827index 06d9b91..2ecac7c 100644
4828--- a/bin/tests/system/allow-query/ns2/named28.conf.in
4829+++ b/bin/tests/system/allow-query/ns2/named28.conf.in
4830@@ -19,6 +19,7 @@ options {
4831 listen-on { 10.53.0.2; };
4832 listen-on-v6 { none; };
4833 recursion no;
4834+ dnssec-validation no;
4835 };
4836
4837 include "controls.conf";
4838diff --git a/bin/tests/system/allow-query/ns2/named29.conf.in b/bin/tests/system/allow-query/ns2/named29.conf.in
4839index acd1b41..9a6c9e5 100644
4840--- a/bin/tests/system/allow-query/ns2/named29.conf.in
4841+++ b/bin/tests/system/allow-query/ns2/named29.conf.in
4842@@ -19,6 +19,7 @@ options {
4843 listen-on { 10.53.0.2; };
4844 listen-on-v6 { none; };
4845 recursion no;
4846+ dnssec-validation no;
4847 };
4848
4849 include "controls.conf";
4850diff --git a/bin/tests/system/allow-query/ns2/named30.conf.in b/bin/tests/system/allow-query/ns2/named30.conf.in
4851index aefc474..f7084c8 100644
4852--- a/bin/tests/system/allow-query/ns2/named30.conf.in
4853+++ b/bin/tests/system/allow-query/ns2/named30.conf.in
4854@@ -22,6 +22,7 @@ options {
4855 listen-on { 10.53.0.2; };
4856 listen-on-v6 { none; };
4857 recursion no;
4858+ dnssec-validation no;
4859 };
4860
4861 include "controls.conf";
4862diff --git a/bin/tests/system/allow-query/ns2/named31.conf.in b/bin/tests/system/allow-query/ns2/named31.conf.in
4863index 27eccc2..d6a7af5 100644
4864--- a/bin/tests/system/allow-query/ns2/named31.conf.in
4865+++ b/bin/tests/system/allow-query/ns2/named31.conf.in
4866@@ -29,6 +29,7 @@ options {
4867 listen-on-v6 { none; };
4868 recursion no;
4869 allow-query { key one; };
4870+ dnssec-validation no;
4871 };
4872
4873 include "controls.conf";
4874diff --git a/bin/tests/system/allow-query/ns2/named32.conf.in b/bin/tests/system/allow-query/ns2/named32.conf.in
4875index adbb203..b7d7ee4 100644
4876--- a/bin/tests/system/allow-query/ns2/named32.conf.in
4877+++ b/bin/tests/system/allow-query/ns2/named32.conf.in
4878@@ -22,6 +22,7 @@ options {
4879 listen-on { 10.53.0.2; };
4880 listen-on-v6 { none; };
4881 recursion no;
4882+ dnssec-validation no;
4883 };
4884
4885 include "controls.conf";
4886diff --git a/bin/tests/system/allow-query/ns2/named33.conf.in b/bin/tests/system/allow-query/ns2/named33.conf.in
4887index be1e160..be31b72 100644
4888--- a/bin/tests/system/allow-query/ns2/named33.conf.in
4889+++ b/bin/tests/system/allow-query/ns2/named33.conf.in
4890@@ -18,6 +18,7 @@ options {
4891 listen-on-v6 { none; };
4892 recursion no;
4893 allow-query { none; };
4894+ dnssec-validation no;
4895 };
4896
4897 include "controls.conf";
4898diff --git a/bin/tests/system/allow-query/ns2/named34.conf.in b/bin/tests/system/allow-query/ns2/named34.conf.in
4899index d35ac3e..165ff06 100644
4900--- a/bin/tests/system/allow-query/ns2/named34.conf.in
4901+++ b/bin/tests/system/allow-query/ns2/named34.conf.in
4902@@ -18,6 +18,7 @@ options {
4903 listen-on-v6 { none; };
4904 recursion no;
4905 allow-query { any; };
4906+ dnssec-validation no;
4907 };
4908
4909 include "controls.conf";
4910diff --git a/bin/tests/system/allow-query/ns2/named40.conf.in b/bin/tests/system/allow-query/ns2/named40.conf.in
4911index 364f94b..b7a8746 100644
4912--- a/bin/tests/system/allow-query/ns2/named40.conf.in
4913+++ b/bin/tests/system/allow-query/ns2/named40.conf.in
4914@@ -31,6 +31,7 @@ options {
4915 listen-on { 10.53.0.2; };
4916 listen-on-v6 { none; };
4917 recursion no;
4918+ dnssec-validation no;
4919 };
4920
4921 include "controls.conf";
4922diff --git a/bin/tests/system/allow-query/ns2/named53.conf.in b/bin/tests/system/allow-query/ns2/named53.conf.in
4923index 41ac6d3..bd0af28 100644
4924--- a/bin/tests/system/allow-query/ns2/named53.conf.in
4925+++ b/bin/tests/system/allow-query/ns2/named53.conf.in
4926@@ -18,6 +18,7 @@ options {
4927 listen-on-v6 { none; };
4928 recursion no;
4929 allow-query { none; };
4930+ dnssec-validation no;
4931 };
4932
4933 include "controls.conf";
4934diff --git a/bin/tests/system/allow-query/ns2/named54.conf.in b/bin/tests/system/allow-query/ns2/named54.conf.in
4935index 64a3f69..a6ca424 100644
4936--- a/bin/tests/system/allow-query/ns2/named54.conf.in
4937+++ b/bin/tests/system/allow-query/ns2/named54.conf.in
4938@@ -18,6 +18,7 @@ options {
4939 listen-on-v6 { none; };
4940 recursion no;
4941 allow-query { any; };
4942+ dnssec-validation no;
4943 };
4944
4945 include "controls.conf";
4946diff --git a/bin/tests/system/allow-query/ns2/named55.conf.in b/bin/tests/system/allow-query/ns2/named55.conf.in
4947index 642e4c9..6bcba07 100644
4948--- a/bin/tests/system/allow-query/ns2/named55.conf.in
4949+++ b/bin/tests/system/allow-query/ns2/named55.conf.in
4950@@ -17,6 +17,7 @@ options {
4951 listen-on { 10.53.0.2; };
4952 listen-on-v6 { none; };
4953 recursion no;
4954+ dnssec-validation no;
4955 };
4956
4957 include "controls.conf";
4958diff --git a/bin/tests/system/allow-query/ns2/named56.conf.in b/bin/tests/system/allow-query/ns2/named56.conf.in
4959index 187d697..d89a5fb 100644
4960--- a/bin/tests/system/allow-query/ns2/named56.conf.in
4961+++ b/bin/tests/system/allow-query/ns2/named56.conf.in
4962@@ -17,6 +17,7 @@ options {
4963 listen-on { 10.53.0.2; };
4964 listen-on-v6 { none; };
4965 recursion no;
4966+ dnssec-validation no;
4967 };
4968
4969 include "controls.conf";
4970diff --git a/bin/tests/system/allow-query/ns2/named57.conf.in b/bin/tests/system/allow-query/ns2/named57.conf.in
4971index 1502b12..bcc3a85 100644
4972--- a/bin/tests/system/allow-query/ns2/named57.conf.in
4973+++ b/bin/tests/system/allow-query/ns2/named57.conf.in
4974@@ -17,6 +17,7 @@ options {
4975 listen-on { 10.53.0.2; };
4976 listen-on-v6 { none; };
4977 recursion no;
4978+ dnssec-validation no;
4979 };
4980
4981 include "controls.conf";
4982diff --git a/bin/tests/system/allow-query/tests.sh b/bin/tests/system/allow-query/tests.sh
4983index 01a13cf..3a1b8b4 100644
4984--- a/bin/tests/system/allow-query/tests.sh
4985+++ b/bin/tests/system/allow-query/tests.sh
4986@@ -52,6 +52,8 @@
4987 # and querying as necessary.
4988 #
4989
4990+set -e
4991+
4992 . ../conf.sh
4993
4994 DIGOPTS="+tcp +nosea +nostat +nocmd +norec +noques +noauth +noadd +nostats +dnssec -p ${PORT}"
4995@@ -62,17 +64,17 @@ n=0
4996 nextpart ns2/named.run > /dev/null
4997
4998 # Test 1 - default, query allowed
4999-n=`expr $n + 1`
5000+n=$((n + 1))
The diff has been truncated for viewing.

Subscribers

People subscribed via source and target branches