bundy

Old BIND 10 trac ticket database

Below is a table created from the trac SQLite3 database containing the status from April 2014. The HTML table only contains the non-closed tickets, but the CSV-File contains the whole dataset.

We're manually migrating the open tickets over into the github ticket system. If you want to help with this work, please let us know on the mailing list.

CSV-Versions of the BIND 10 ticket database: bind10-201404-tickets.csv.gz

id

type

time

changetime

component

severity

priority

owner

reporter

cc

version

milestone

status

resolution

summary

description

keywords

56

enhancement

1267141993000000

1329823707585229

libdns++

low

UnAssigned

jinmei

assigned

revisit rdata::compareNames()

we may want to move rdata::compareNames() to the name module (name.{h.cc}), and may even want to make it a member function of the Name class. Opinions vary, but not critical, so we’ll revisit this as a post-year1 thing. see also http://bind10.isc.org/ticket/48

78

task

1268145199000000

1329304126421309

build system

low

jreed

jreed

assigned

use py-compile for the src/bin python programs

I am committing improvements for Makefile.am for the src/lib/python modules so they will use the py-compile. Get that by doing “autoreconf —install”. This makes it so the installation gets the compiled pyc and pyo optimized versions. Next part is to handle the src/bin/ python programs, but some go to libexec. I am opening this ticket as a reminder to do this sometime later.

81

enhancement

1268404649000000

1384857722783308

bind-ctl

low

jreed

new

non-interactive bindctl with commands on shell command line

Please extend bindctl to offer non-interactive support, such as shell command line: $ bindctl config Auth/databasefile path_to_file

102

enhancement

1268858126000000

1391267820368510

Unclassified

low

jreed

new

reporting versions

Make sure all executables report versions. And have bind10 report versions for all its managed components when running modules as daemons or justy to get versions without running serbices.

134

defect

1270562244000000

1394116188229075

Boss of BIND

low

UnAssigned

jreed

DNS Outstanding Tasks

assigned

Boss more careful shutdown

I had an b10-xfrout running since March 23 (with nothing else using it). I couldn’t kill it except with SIGKILL. Here is a bind10 shutdown (for a different xfrout): Sending SIGTERM to b10-xfrout (PID 1267). Sending SIGTERM to b10-cfgmgr (PID 15979). Process b10-cfgmgr (PID 15979) died. Sending SIGKILL to b10-xfrout (PID 1267). Process b10-xfrout (PID 1267) died. This ticket is opened to track down why b10-xfrout won’t exit on its own.

189

enhancement

1274278300000000

1330701629241613

Unclassified

low

jreed

jreed

assigned

install pkg-config .pc files for libdns, libexceptions, others

194

task

1274419118000000

1300972860628475

xfrin

medium

UnAssigned

jinmei

new

RR class for xfrin should be specifiable

Right now we can only specify the zone name via the command channel for xfrin. At least the RR class (whose default should be IN) should be able to be specified. If/when we support something like views, the view name should also be specifiable. See also trac #185 and r1889. I’ll keep this ticket in the backlog.

208

enhancement

1274910195000000

1300972860628475

Unclassified

low

jinmei

new

make b10 programs runnable standalone

For convenience of dvelopment we should: - allow individual b10-xxx programs in a stand alone mode - (to do this) add some kind of option to bypass the need for establishing a connection to msgq - (also to do this) if/when we develop a separate socket creator process, add some kind of option so that each b10-xxx program can directly open the necessary sockets (we should provide some abstraction to mimize the work at the client side and to avoid code duplication) A backlog item.

212

enhancement

1275285934000000

1394116215928464

Boss of BIND

low

shane

Common Outstanding Tasks

new

Move everything but main() and signal handling to separate file for BoB

At some point it was decided to move everything possible out of the Python .in file. I don’t remember the reason for this, but it is so. This may or may not be related to ticket #24.

230

enhancement

1275944895000000

1394116237014355

Boss of BIND

medium

larissas

Common Outstanding Tasks

new

BoB Sequenced Startup

BoB: do not start other processes until specific processes are started (sequenced startup) (3 days) (Task 93)

236

enhancement

1276134964000000

1329313637893391

xfrout

low

UnAssigned

zhanglikun

new

Rename UNIX_SOCKET_FILE and libxfr

This ticket derives from ticket #224. Following is Jelte’s comment. Only comment is that I think UNIX_SOCKET_FILE is a bad name, since this is specifically for libxfr (which is also a bad name imho). But that may be another ticket (and i want to get the python wrappers merged first, so I suggest we create a separate ticket for this). Oh and while we’re at it, should that be a configurable value or do we consider this ‘core and unchanging’?

237

task

1276617475000000

1276617475000000

bind-ctl

low

jreed

new

more unittests for bindctl

The following don’t appear to receive any testing: src/bin/bindctl/mycollections.py replacement for OrderedDict? src/bin/bindctl/bindctl-source.py (.in) This is the tool itself. I’d like to change the original source file name too.

239

task

1276617843000000

1392912273398470

loadzone

low

jreed

DNS Outstanding Tasks

new

need more unittests for loadzone

need tests for src/bin/loadzone/b10-loadzone.py and maybe also src/bin/loadzone/init.py

240

task

1276617887000000

1276617887000000

cmd-ctl

low

jreed

new

need tests for src/bin/usermgr/b10-cmdctl-usermgr.py

src/bin/usermgr/b10-cmdctl-usermgr.py needs unit tests

243

enhancement

1276766664000000

1364222734133948

configuration

low

UnAssigned

jelte

assigned

Put spec files together in source tree

Originally, the idea of the .spec file was to have one single thing that a new module could simply send to the configuration manager or other interested software pieces, that described what the module expects and can handle in terms of commands an configuration. The idea was that on startup, it reads in this file, sends it to ConfigurationManager, and all would be fine. However, we’re running into a few snags. One is that other modules might need a configuration value of another module (e.g. xfrin needs the location of the database_file from auth right now, this example may change in the future but there will probably be others). For that we have the add_remote_config() and get_remote_config_value() functions in CCSession. However, since the only real fixed pointer to what may be in the config is this spec file, the module wanting data from another must have access to it. Which isn’t necessarily a problem, but the location of the file might be when we run from source tree (in which case all spec files are in different locations, and we now end up with hardcoded src/bin/auth paths etc.). Another thing that arised is that we might need to change configuration of modules that aren’t running, and while we can do that now, there is no checking done on the values. If we wanted to do that, we’d have to hand-add all specfile locations or do some scary recursive directory search. Therefore I propose to put all spec files in the source tree in one specific directory (like they would be when installed), so the manager can simply read all of them out, and the modules only need to know the file name, not the location. This would also be a nice first step to have ‘offline’ access to these things (the API that loadzone would (perhaps indirectly) use for instance)

282

task

1278425871000000

1329397512026858

data source

medium

larissas

new

BDB style Datasource

Task #9 from Face to Face BDB style Datasource including the config file and tests

287

enhancement

1278701543000000

1330430993084351

Inter-module communication

medium

UnAssigned

jinmei

assigned

revisit cc::Session establish/disconnect mode

[background: a review comment in Trac #275: http://bind10.isc.org/ticket/275#comment:7] We may have to revist the C++ API of how to establish cc::Session: - we should clarify who is responsible for establishing the session, especially if the session object is passed to a different module - we may want to detect an attempot of doubly establishing a session - same for disconnect - same for other operations that require an established session: send/receive, etc. should we support automatic session establishment? Another planned refacotring with a generalized ASIO link may affect the design decision on these. A backlog item.

295

defect

1280254567000000

1392999357289824

data source

low

UnAssigned

jreed

DNS Outstanding Tasks

assigned

allow loadzone/datasrc to support different classes

The python code at src/lib/python/isc/datasrc/master.py has if rrclass.lower() != ‘in’: raise MasterFileError(“CH and HS zones not supported”) Even when commented out, b10-loadzone will load a CH zone as IN.

317

enhancement

1282609695000000

1300972860628475

libdns++

low

UnAssigned

jinmei

assigned

suggested cleanups for the python bindings of libdns++

- we should use stricter compiler warnings - we should use unnamed namespace instead of translation unit (.cc)specific static variables and functions some method functions can be more “constified”. for simple functions like those in these wrappers this may not be a big deal, but it’s generally a good idea.

318

defect

1282744988000000

1329406398663530

Unclassified

low

stephen

stephen

assigned

MSVC+ detected errors and warnings in libdns+

I’ve run the libdns+ code in revision 2798 of the trunk through the Microsoft Visual C+ compiler and it has thrown up a number of warnings and errors. Those that are relevant to the Unix version of BIND are listed below; the more Windows-specific erors (e.g. use of a function for which there is no equivalent in Windows) will be the subject of another ticket. ‘’’src/lib/dns/rdata/generic/dnskey_48.cc’‘’ ’‘DNSKEY::DNSKEY (!InputBuffer& buffer, size_t rdata_len)’‘ uint16_t protocol = buffer.readUint8(); uint16_t algorithm = buffer.readUint8(); The declarations should be uint8_t. These variables are passed to the constructor of DNSKEYImpl (which expects them as uint8_t) and the compiler warns about the conversion of a uint16_t to a uint8_t. ’‘DNSKEY::getTag()’‘ for (int i = 0; i < size; i ++) Compiler warns about a signed/unsigned comparison mismatch (size is declared as size_t). ’‘’src/lib/dns/rdata/generic/ds_43.cc’‘’ ’‘DS::DS (!InputBuffer& buffer, size_t rdata_len)’‘ uint16_t protocol = buffer.readUint8() uint16_t algorithm = buffer.readUint8() The declarations should be uint8_t. These variables are passed to the constructor of DSImpl (which expects them as uint8_t) and the compiler warns about the conversion of a uint16_t to a uint8_t. ’‘’src/lib/dns/rdata/generic/nsec3param_51.cc’‘’ ’‘NSEC3PARAM::NSEC3PARAM(const string& nsec3param_str)’‘ uint16_t hashalg, flags, iterations hashalg and flags should be declared uint8_t. These variables are passed to the constructor of NSEC3PARAMImpl (which expects them as uint8_t) and the compiler warns about the conversion of a uint16_t to a uint8_t. ’‘’src/lib/dns/rdata/generic/nsec3_50.cc’‘’ ’‘NSEC3::NSEC3(!InputBuffer& buffer, size_t rdata_len)’‘ for (int i = 0; i < typebits.size(); i += len) if (i + 2 > typebits.size()) Compiler warns about a signed/unsigned comparison mismatch. ’‘NSEC3::toText()’‘ for (int i = 0; i < impl->typebits.size(); i += len) assert(i + 2 <= impl->typebits.size()) Compiler warns about a signed/unsigned comparison mismatch. ’‘NSEC::NSEC (!InputBuffer& buffer, size_t rdata_len)’‘ for (int i = 0; i < rdata_len; i += len) if (i + 2 > rdata_len) and if (i + len > rdata_len) Compiler warns about a signed/unsigned comparison mismatch. ’‘NSEC::toText()’‘ for (int i = 0; i < impl->typebits.size(); i += len) assert(i + 2 <= impl->typebits.size()); Compiler warns about a signed/unsigned comparison mismatch. ’‘’src/lib/dns/rdata/generic/rrsig_46.cc’‘’ ’‘RRSIG::RRSIG (const string& rrsig_str)’‘ uint32_t timeexpire = timeFromText(expire_txt); uint32_t timeinception = timeFromText(inception_txt); timeFromText returns a time_t value. Under Windows, time_t is 64 bits, so the compiler is warning about a possible loss of data. (Suggestion: as the value of the inception and expiration times in an RRSIG are defined to be unsigned 32-bit values, altering the return type of the timeFromText() function would seem to be a better fix than changing the data types of timeexpire and timeexception.) ’‘’src/lib/dns/rdata/generic/txt_16.cc’‘’ ’‘TXT::TXT (!InputBuffer& buffer, size_t rdata_len)’‘ if (rdata_len < len + 1) Compiler warns about a signed/unsigned comparison mismatch. ’‘’src/lib/dns/rdata.cc’‘’ ’‘Generic::Generic(const string& rdata_string)’‘ while (!iss.eof() && data.size() < rdlen) Compiler warns about a signed/unsigned comparison mismatch. ’‘’src/lib/dns/name.cc’‘’ ’‘Name::toText(bool omit_final_dot)’‘ assert(np_end - np >= count); Compiler warns about a signed/unsigned comparison mismatch. ’‘’src/lib/dns/message.h’‘’ message.h forward declares !MessageImpl as a struct but message.c defines it as a class. The compiler warns about the mismatch. ’‘’src/lib/dns/message.cc’‘’ ’‘MessageImpl::parseQuestion(!InputBuffer& buffer)’’ for (unsigned int count = 0; count < counts; }} Compiler warns about a signed/unsigned comparison mismatch. ‘’MessageImpl::parseSection(const Section& section, !InputBuffer& buffer)’’ }} Compiler warns about a signed/unsigned comparison mismatch. ‘’’src/lib/dns/dnssectime.cc’‘’ ’‘timeFromText(const string& time_txt)’‘ for (int i = 0; i < time_txt.length(); ++i) Compiler warns about a signed/unsigned comparison mismatch. ’‘’src/lib/dns/messagerenderer.c’‘’ ’‘MessageRenderer::writeName(const Name& name, const bool compress)’’ }} This gives an error because notfound is declared as: }} … but nodeset.end() has type: std::set::const_iterator

321

defect

1282937323000000

1392811230882602

data source

medium

UnAssigned

jinmei

DNS Outstanding Tasks

assigned

b10-auth doesn’t handle mixture of DNAME and NS

See trac #70. Assume a b10-auth server has authority for the zone “jinmei.org”, which has the following RRs in its data source: sec.jinmei.org. 600 IN NS ns.sec.jinmei.org. 3600 IN DNAME example.com. (Note: this is an invalid zone configuration.) In this case, BIND 9 ignores the NS and exclusively use DNAME for names equal to or under sec.jinmei.org. BIND 10 still returns a NS referral if we ask for sec.jinmei.org/NS. There are several problems around this symptom: - naively accepting such a broken configuration at parse/load time may not be a good thing anyway (in this sense BIND 9 is also not really good) - but specifically for BIND 10, since the underlying data source may be non captive, the middle layer of the data source module cannot always assume the data stored in data sources is valid anyway. what should we do? - if we decide to accept this type of half-broken configuration, what should b10-auth return? We could add yet another if-block in the data source code to deal with this case, but, personally, I (jinmei) feel the data source code is already messed up with many such case-by-case fixes and has become to complicated to comprehensive and maintain. So I’d rather solve this issue by revisting the whole logic and refactoring the code cleanly (though I’m not sure if it’s a realistic path)

337

defect

1284522582000000

1392837346027656

Unclassified

medium

UnAssigned

zhanglikun

DNS Outstanding Tasks

assigned

Expired zone should not be served

Currently, when zonemgr expires one zone, auth/xfrout module doesn’t know it, so, the expired zone is still served. There should be one way to mark the zone.

339

defect

1284534918000000

1392917332918612

secondary manager

medium

zzchen_pku

DNS Outstanding Tasks

new

Provide one way to see the current data for each zone managed by zonemgr

There should be one way to see the current counters/timers and other data for each zone managed by zonemgr.

359

defect

1286199011000000

1286199011000000

msgq

low

jreed

new

msqg report component when problem

[b10-msgq] Closing socket fd 10 [b10-msgq] Receive error: EOF Please have msgq report what component(s) it has problems with.

360

defect

1286201348000000

1398197202330131

msgq

medium

UnAssigned

jreed

Sprint-20131001

reviewing

socket.error: AF_UNIX path too long

bash-3.00$ ./install/libexec/bind10-devel/b10-msgq —verbose [b10-msgq] MsgQ v20091030 (Paving the DNS Parking Lot) Traceback (most recent call last): File “./install/libexec/bind10-devel/b10-msgq”, line 436, in setup_result = msgq.setup() File “./install/libexec/bind10-devel/b10-msgq”, line 171, in setup self.setup_listener() File “./install/libexec/bind10-devel/b10-msgq”, line 157, in setup_listener raise e File “./install/libexec/bind10-devel/b10-msgq”, line 150, in setup_listener self.listen_socket.bind(self.socket_file) socket.error: AF_UNIX path too long (same with gcc or sunstudio build)

361

defect

1286202337000000

1286202337000000

msgq

low

jreed

new

msgq too noisy if missing directory for socket file

[bind10] Started b10-msgq (PID 20052) Traceback (most recent call last): File “/home/reed/opt/bind10/libexec/bind10-devel/b10-msgq”, line 436, in setup_result = msgq.setup() File “/home/reed/opt/bind10/libexec/bind10-devel/b10-msgq”, line 171, in setup self.setup_listener() File “/home/reed/opt/bind10/libexec/bind10-devel/b10-msgq”, line 157, in setup_listener raise e File “/home/reed/opt/bind10/libexec/bind10-devel/b10-msgq”, line 150, in setup_listener self.listen_socket.bind(self.socket_file) socket.error: [Errno 2] No such file or directory Traceback (most recent call last): File “/home/reed/opt/bind10/sbin/bind10”, line 766, in main() File “/home/reed/opt/bind10/sbin/bind10”, line 717, in main startup_result = boss_of_bind.startup() File “/home/reed/opt/bind10/sbin/bind10”, line 302, in startup c_channel.process.kill() File “/usr/pkg/lib/python3.1/subprocess.py”, line 1337, in kill self.send_signal(signal.SIGKILL) File “/usr/pkg/lib/python3.1/subprocess.py”, line 1327, in send_signal os.kill(self.pid, sig) OSError: [Errno 3] No such process Maybe msgq should create missing directory if needed. If that is the case maybe the socket file name should be separated into directory name and the basename.

379

task

1287428822000000

1295969570512122

configuration

medium

UnAssigned

jreed

assigned

item descriptions for module specs

Add item_description for self-documenting specification items. We already have command_description and module_description.

385

enhancement

1287776615000000

1287776615000000

bind-ctl

low

vorner

new

More convenient configuration interface

Currently, config show displays only one item, even if it has subitems. It would be more convenient if some kind of dump command produced a recursive representation of the whole item with descendants (for example in JOSN). Furthermore, setting up items one by one by commands is inconvenient as well. If there was a command that launched editor on the JOSN representation and let the user edit it. After exiting the editor, it could check syntax, if it was OK, store it, if not, ask him to edit it again.

391

enhancement

1288097361000000

1362157351512503

cmd-ctl

low

zhanglikun

new

Make it harder to do dictionary attacks for cmdctl.

This is the suggestion from Jerry Scharf. Add a 1-2 second delay before the response on a login failure. This makes it harder to do dictionary attacks.

392

defect

1288100826000000

1392917342653335

secondary manager

low

jinmei

DNS Outstanding Tasks

new

Xfrin.publish_xfrin_news is not tested explicitly

According to the coverage tool the case of xfr_result == XFRIN_OK isn’t tested. I also suspect the failure case just happens to be covered as a side effect of other test. We should test this method expliclty.

398

enhancement

1288221488000000

1300972860628475

Unclassified

low

jinmei

new

we should use more specific tests than EXPECT_TRUE

See http://bind10.isc.org/ticket/365#comment:8 In general, when we do EXPECT_TRUE(a b); it’s better to be changed to: EXPECT_(a, b); because when the test fails the latter will provide more detailed information (the values of a and b).

406

enhancement

1288921672000000

1392812405749819

xfrout

medium

UnAssigned

zzchen_pku

DNS Outstanding Tasks

assigned

Improve Xfrout unittest coverage

Add more unittest for Xfrout.

460

defect

1293580156000000

1394116778962443

b10-auth

low

jinmei

DNS Outstanding Tasks

new

constructors of b10-auth and b10-recurse are not exception safe

It should be obvious from the code. AuthSrv::AuthSrv(const bool use_cache, AbstractXfroutClient& xfrout_client) : impl), checkin(new ConfigChecker(this)), dns_lookup), dns_answer(new MessageAnswer(this)) {} Consider the case the allocation for checkin_ fails. Recursor::Recursor() has the same problem.

486

enhancement

1295044100521580

1392913290884624

resolver

low

shane

DNS Outstanding Tasks

new

De-duplication of client queries

490

enhancement

1295045246664093

1392913263487822

resolver

low

shane

DNS Outstanding Tasks

new

Handle packet errors from clients

Handle packet errors from clients

500

enhancement

1295047841160192

1392913236706074

resolver

low

shane

DNS Outstanding Tasks

new

Query tracing (design)

Query tracing * design (task V)

511

enhancement

1295272062607065

1379676478009811

statistics

medium

UnAssigned

stephen

assigned

Get list of authoritative domains

Part of the work required to instrument the authoritative server to collect per-zone data.

514

enhancement

1295364508294539

1394116250390967

Boss of BIND

low

jreed

DNS Outstanding Tasks

new

allow both the resolver and auth to run at same time

bind10 should allow both the resolver and auth to run at same time. For now they can listen on different address(es) or ports.

520

defect

1295544388306086

1396529218985091

xfrin

low

jinmei

DNS Outstanding Tasks

new

xfrin/zonemgr should handle command responses appropriately

This is a continuation of #516. We need to do a few more things on top of the urgent care fix: - We need more complete tests for the problem of #516. - xfrin and zonemgr should check the command response and take appropriate action, especially if the response indicates an error We should probably consider further extensions, too: - extend command spec to indicate whether it requests a response (see a review comment of #516) - making communication over CC channels asynchronous But these will even be beyond the scope of this follow up ticket.

525

enhancement

1295586131506860

1391488011554849

libdns++

medium

UnAssigned

jinmei

assigned

handle “singleton” RR types

Some types of RRs are “singleton”, i.e., only one RR of such type can exsit in the RRset for the tuple. It would be useful to provide an API that takes an RR type and returns if it’s singleton or not. It may also make sense to modify RRset::addRdata() so that it rejects adding more than one RDATA for single types of RRs. See also Trac #504.

528

enhancement

1295712778466636

1322007216658740

configuration

medium

UnAssigned

smann

assigned

getopt() c-lib function should be replaced with boost::program_options C++ function

Throughout the BIND 10 C++ code, getopt is used (probably because it is portable). But this raises an inconsistency in the command line options since getopt() cannot handle long options (e.g. —user=foo) while the python getopt() function can. Further, boost::program_options provides a fairly abstract mechanism for retrieving key/value pairs from either the command line or a file. See http://www.boost.org/doc/libs/1_45_0/doc/html/program_options.html for details.

531

defect

1295902288990249

1295902288990249

msgq

low

jreed

new

msgq not exiting

When cfgmgr couldn’t access config file, bind10 20101129 (BIND 10 20110120) [bind10] Checking for already running b10-msgq [bind10] Starting b10-msgq [bind10] Started b10-msgq (PID 26636) [bind10] Starting b10-cfgmgr [bind10] Started b10-cfgmgr (PID 8593) [b10-cfgmgr] Can’t read configuration file: [Errno 13] Permission denied: ‘/home/reed/opt/bind10/var/bind10-devel/b10-config.db’ [b10-msgq] Closing socket fd 5 [bind10] Starting ccsession … instead of waiting for this to timeout, I pressed Ctrl-C, resulting in: [b10-msgq] Receive error: EOF C[bind10] Received SIGINT. killing started processes: - b10-cfgmgr Traceback : File “/home/reed/opt/bind10/sbin/bind10”, line 544, in startup self.start_all_processes File “/home/reed/opt/bind10/sbin/bind10”, line 487, in start_all_processes self.start_ccsession File “/home/reed/opt/bind10/sbin/bind10”, line 378, in start_ccsession self.ccs.start File “/home/reed/opt/bind10/lib/python3.1/site-packages/isc/config/ccsession.py”, line 164, in start C[bind10] Received SIGINT. self.request_config File “/home/reed/opt/bind10/lib/python3.1/site-packages/isc/config/ccsession.py”, line 338, inrequest_config raise ModuleCCSessionError(“No answer from configuration manager”) isc.config.ccsession.ModuleCCSessionError: No answer from configuration manager During handling of the above exception, another exception occurred: Traceback (most recent call last): File “/home/reed/opt/bind10/sbin/bind10”, line 899, in main() File “/home/reed/opt/bind10/sbin/bind10”, line 838, in main startup_result = boss_of_bind.startup() File “/home/reed/opt/bind10/sbin/bind10”, line 546, in startup self.kill_started_processes() File “/home/reed/opt/bind10/sbin/bind10”, line 263, in kill_started_processes self.processes[pid].process.kill() File “/usr/pkg/lib/python3.1/subprocess.py”, line 1337, in kill self.send_signal(signal.SIGKILL) File “/usr/pkg/lib/python3.1/subprocess.py”, line 1327, in send_signal os.kill(self.pid, sig) OSError: [Errno 3] No such process t1:bind10$ [b10-msgq] Closing socket fd 4 [b10-msgq] Receive error: EOF [b10-msgq] Closing socket fd 5 [b10-msgq] Receive error: EOF What happened in the above is that everything was exited except msgq, it was left running so next time starting bind10 failed due to [bind10] Checking for already running b10-msgq [bind10] Error on startup: b10-msgq already running, or socket file not cleaned , cannot start If I do let it timeout on its own, bind10 just exit everything including b10-msgq. (Please ignore the permission denied in the above output; that is unrelated to my problem.) Also why SIGKILL?

532

enhancement

1295954356511535

1392913219301581

resolver

medium

jelte

DNS Outstanding Tasks

new

refactor resolver/asio interface

While probably not strictly necessary, I think this would be a good moment to make an actual resolver ‘library’, and move resolver-specific code out of asiolink. This may even be necessary for #494 (or at the very least very useful). See the thread at https://lists.isc.org/pipermail/bind10-dev/2011-January/001848.html Theoretically, this would mostly involve renaming and moving classes and methods, but there are inevitably going to be some hairy details around asio.

535

enhancement

1296066983705468

1392913526161945

resolver

low

stephen

DNS Outstanding Tasks

new

Aggregate NSAS HashTable and LruList classes

Both the NSAS and the main resolver cache use the NSAS LruList classes. In both cases, the hash table is used to store/locate objects and the LRU list used to track and remove expired objects. It would make sense to: * Create a single class that contains both the hash table and LRU list, and provide methods that do common processing, e.g. provide the hash table search function that automatically updates the position of the object in the LRU list if a match is found. (It also means that possible optimisations - such as using multiple LRU lists in multi-threaded applications - could be implemented without changing client code.) * Extract the code away from the NSAS into a separate library.

538

task

1296075787210206

1392825387586453

Unclassified

low

UnAssigned

vorner

DNS Outstanding Tasks

assigned

Make isc::dns::Name reside in continuous block of memory.

We have a lot operations with Names in the code, comparing names takes 16% of runtime, which is mostly caused by cache misses. The amount of cache misses could be lowered by factor of at last 3 if the whole Name and it’s data resides in one continuous block of memory (it will be either retrieved as a single cache line or at last predicted by CPU prediction heuristics). It can be accomplished for example by not using stl string and vector, but C strings and arrays. The memory can be allocated before calling the actual constructor, passing the pointer to memory both to new and using pointer arithmetics on this pointer in constructor to place the actual data behind it. The constructor should not be directly visible then and a wrapper function would have to be used to hide this, possibly error-prone, logic. As this is quite a lot of work, we should try handling the easier tasks first and see if it helps enough. Therefore I’m giving it a lower priority.

539

task

1296076487976341

1344438678460379

Unclassified

low

UnAssigned

vorner

assigned

Hash-based name compression

Name compression is expensive operation (isc::dns::MessageRenderer::writeName with it’s inlined functions takes 16% of our runtime (this includes NameCompare::operator() and NameCompare::nextPosition). The isc::dns::OutputBuffer::operator[] is used a lot inside these functions, which increases the cost of it even more). There’s idea to store positions of all already written names and suffixes of them to a hash table. When a new name is to be written, the hash table is queried first to see if it is already there. If yes, the address is taken and written. If not, the first label is written and noted into the hash table, then it is repeated with next label. It would be nice to get the hashes precomputed form the names. They can be provided by the datasource for example, or whenever the hash is needed, it is cached in the Name and if two names are compared and one does not have the cached hashes, while the other does, the ones for common parts are copied. This is a largish task, maybe we can put it off after we try the simpler ones.

540

task

1296077081317778

1330431286583890

Unclassified

medium

UnAssigned

vorner

assigned

Explore ways to eliminate extra shared_pointers in hot path

We spend 8% of runtime in boost::detail::shared_count::~shared_count(), which is related to shared pointers. Therefore it would be good to find the ones on the hot path (the one where normal processing happens and have the biggest impact on performance) which are not needed and eliminate them (or create additional tasks for each of them). Possible situations include: * It is completely unnecessary. * std::auto_ptr would be enough. * Candidate for using a memory pool idea. We have a block of memory. Each time we need a temporary variable, we just take it from the block. Once we finished a query, we „drop“ the whole block (reset the position where we take the memory from to the beginning). It is faster because: - We don’t need to call destructors at all. - We don’t need to care when we should run the destructors (counting references, etc). - The memory we use a lot is located close together, which is better for CPU caches and TLBs.

543

task

1296121589023721

1330115503339365

data source

medium

vorner

new

Chaining of CNAMEs in in-memory data-source.

Currently only the CNAME itself is returned to client if the in-memory datasource is used. The CNAME should be followed and the answer at the end returned as well if it is available in the same zone (or, in the datasource). Note that this could solve itself when we merge datasource APIs together.

546

enhancement

1296213153077274

1300972860628475

Unclassified

low

stephen

new

Support defined callouts to user-written code

This was discussed on bind10-dev in the thread starting at https://lists.isc.org/pipermail/bind10-dev/2011-January/001839.html. The idea is to define a set of points at which BIND-10 will call out to user-written code and provide a supported interface for it. For example, a user-written filter could be called when a query is received and accept or reject it according to logic based on business need. Ideally the code would load at run-time, avoiding the need for the user to edit BIND source code directly. Such a scheme would also open the way for upgrades to BIND-10 without the need to rebuild the user code.

556

enhancement

1296583817302371

1331038939391875

build system

medium

jreed

vorner

new

Request for feedback in ./configure

As we talked on todays call, it would be nice to have some request for feedback printed at the very end of the ./configure script. So people who try it out now probably use configure, and most probably run it manually and we need as much feedback as possible. I have no proposal for the exact wording, but something like to send any suggestions, ideas, what works for them, what doesn’t, why, and to drop an email or ticket or patch, what is best for them. It should be relatively easy to implement IMO.

557

enhancement

1296755443971648

1392913539618655

resolver

low

stephen

DNS Outstanding Tasks

new

Check additional data RRsets against rest of server response

See comments in #496, where the response scrubbing was introduced. In essence, the response scrubbing code should remove from the additional section anything that is not referenced in the rest of the message. This implies adding the ability to interpret the RDATA of RRs.

561

task

1297249810700581

1392825427624589

Unclassified

medium

stephen

DNS Outstanding Tasks

new

Functional testing of the resolver

This involves firing queries at different configurations and checking that the results are correct. We may be able to use the CNNIC test suite for this.

563

enhancement

1297261110546902

1392913580521380

resolver

medium

stephen

DNS Outstanding Tasks

new

Add command-line options to resolver

Problem: to enable resolver, the normal steps are: start bind10 (including auth server); use bindctl to configure bind10 to start resokver instead; stop bind10; start bind10 again (includes resolver); use bindctl to configure resolver to listen on correct interface/port, do forwarding, etc. (because couldn’t be configured before). Workaround: just like bind10 and b10-auth has a andp options for auth address and port, bind10 should have command-line options to choose address/port/forwarder and to enable the resolver too. b10-resolver could also have command line options for these too. Note that an early version of the resolver did have some command-line options. Now they are gone. This is inconsistent with b10-auth.

566

defect

1297373350141055

1392913592387515

resolver

medium

jreed

DNS Outstanding Tasks

new

forwarder and recursion desired not set

Using b10-resolver as a forwarder. When the incoming query does not have recursion desired (RD) bit set, the forwarder ignores this and will send on a query with RD now set and will return back its recursive results. The BIND 9 behaviour for forward only and RD not set is to not forward the query — it responds back with root-servers in the authority section (the only thing it knows).

567

enhancement

1297423851025095

1392999386258306

data source

low

UnAssigned

vorner

DNS Outstanding Tasks

assigned

RdataIterator::getCurrent() should throw if invalid.

When the RdataIterator points at the last entry and getCurrent is called, it should throw an exception. This way, we can just use the first Rdata in RRset and don’t need to care about empty RRsets (in case of DNAME, for example, empty DNAME rrset is wrong and the code makes no sense). After this is finished, the assert in CNAME synthesis code for DNAME in auth/query.cc should be removed (see #505).

568

enhancement

1297430406836414

1330097397847649

libdns++

low

UnAssigned

stephen

new

Extend RRset with copy constructor, assignment operator and comparison operator

A needs has arisen for these in the implementation of the resolver cache - see the comments on ticket #449.

570

defect

1297445683637748

1392913652570241

resolver

medium

jreed

DNS Outstanding Tasks

new

question duplicated results in servfail

First response is fine. But still has second query that has a servfail. See extra question added and multiple answers for same query: [b10-resolver] Got a DNS message [b10-resolver] received a message: ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 63665 ;; flags: rd ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;isc.org. IN A [b10-resolver] Processing normal query [b10-resolver] Sending upstream query (isc.org. IN A ) to 127.0.0.1 [b10-resolver] Sending ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 0 ;; flags: rd ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;isc.org. IN A to 127.0.0.1 [b10-resolver] Received response from 127.0.0.1 [b10-resolver] [XX] got an answer [b10-resolver] Adding question isc.org. to message [b10-resolver] sending a response (272bytes): ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 63665 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 1, AUTHORITY: 4, ADDITIONAL: 6 ;; QUESTION SECTION: ;isc.org. IN A ;; ANSWER SECTION: isc.org. 883 IN A 149.20.64.42 ;; AUTHORITY SECTION: isc.org. 28131 IN NS ord.sns-pb.isc.org. isc.org. 28131 IN NS ams.sns-pb.isc.org. isc.org. 28131 IN NS sfba.sns-pb.isc.org. isc.org. 28131 IN NS ns.isc.afilias-nst.info. ;; ADDITIONAL SECTION: ams.sns-pb.isc.org. 28131 IN A 199.6.1.30 ams.sns-pb.isc.org. 28131 IN AAAA 2001:500:60::30 ord.sns-pb.isc.org. 28131 IN A 199.6.0.30 ord.sns-pb.isc.org. 28131 IN AAAA 2001:500:71::30 sfba.sns-pb.isc.org. 28131 IN A 149.20.64.3 sfba.sns-pb.isc.org. 28131 IN AAAA 2001:4f8:0:2::19 [b10-resolver] [XX] got an answer [b10-resolver] [XX] got an answer [b10-resolver] Adding question isc.org. to message [b10-resolver] sending a response (31bytes): ;; >>HEADER<< opcode: QUERY, status: SERVFAIL, id: 63665 ;; flags: qr rd ra ; QUESTION: 2, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;isc.org. IN A ;isc.org. IN A 11:25:22.091100 IP 127.0.0.1.53645 > 127.0.0.1.53: 63665+ A? isc.org. (25) 0x0000: 4500 0035 0000 0000 4011 0000 7f00 0001 E..5…........<br> 0x0010: 7f00 0001 d18d 0035 0021 4791 f8b1 0100 .......5.!G.....<br> 0x0020: 0001 0000 0000 0000 0369 7363 036f 7267 .........isc.org<br> 0x0030: 0000 0100 01 .....<br>11:25:22.092289 IP 127.0.0.1.53 > 127.0.0.1.53645: 63665 1/4/6 A 149.20.64.42 (272)<br> 0x0000: 4500 012c 8f30 0000 4011 0000 7f00 0001 E..,.0..……. 0x0010: 7f00 0001 0035 d18d 0118 e507 f8b1 8180 …..5………. 0x0020: 0001 0001 0004 0006 0369 7363 036f 7267 ………isc.org 0x0030: 0000 0100 01c0 0c00 0100 0100 0003 7300 …………..s. 0x0040: 0495 1440 2ac0 0c00 0200 0100 006d e300 …*........m..<br> 0x0050: 0d03 6f72 6406 736e 732d 7062 ..ord.sns-pb<br>11:25:22.092601 IP 127.0.0.1.53 > 127.0.0.1.53645: 63665 ServFail [2q], 0/0/0 (31)<br> 0x0000: 4500 003b 0000 0000 4011 0000 7f00 0001 E..;....……. 0x0010: 7f00 0001 0035 d18d 0027 b841 f8b1 8182 …..5…’.A…. 0x0020: 0002 0000 0000 0000 0369 7363 036f 7267 ………isc.org 0x0030: 0000 0100 01c0 0c00 0100 01 ……….. This problem didn’t exist prior to Jan. 24. In this case the client (id 63665 or port 53645) was dig. It never displayed the additional response.

578

task

1297866808524022

1392999399550405

data source

low

UnAssigned

vorner

DNS Outstanding Tasks

assigned

Refactor of PARTIALMATCH in isc::datasrc::MemoryZone::MemoryZoneImpl::find.

It is getting rather long and unreadable. It would be nice to clean it up little bit, eg. by separating the PARTIALMATCH (which is the longest case label) into separate function.

579

task

1297933322527514

1392913205805053

resolver

medium

zhanglikun

DNS Outstanding Tasks

new

Add iterator interface to Hash Table

The iterator interface for Hash Table needs to be added, so that the content of it can be walked.

580

task

1297941415039838

1392914212200665

Unclassified

low

vorner

DNS Outstanding Tasks

new

More flexible isc::testutils::rrsetCheck

It would be handy if it could check only part of the equality (eg. only class, TTLs and data and ignore different names for example). The wildcard testcases in memory zone could be simplified by it.

581

task

1297952111140992

1392999421680956

data source

low

jreed

jreed

DNS Outstanding Tasks

assigned

src/lib/python/isc/datasrc/master.py source documentation

Convert existing comments in src/lib/python/isc/datasrc/master.py to doxygen style documentation. See http://git.bind10.isc.org/~jreed/pydoc/master.html for existing incomplete pydoc example. Also add more documentation for this. (Or maybe this code is going away?)

582

task

1297952294432839

1392837539252508

Unclassified

medium

jreed

DNS Outstanding Tasks

new

add more unit tests for src/lib/python/isc/datasrc/master.py

See http://bind10.isc.org/~tester/2011/02/20110217130443-57736fd/coverage-python-html/src_lib_python_isc_datasrc_master.html (only 9% coverage at this time). (Unrelated to this ticket, but why does it’s rrtypes set have RR types that libdns++ doesn’t know, including some obsolete that BIND 9 doesn’t even accept?)

585

task

1298043021255787

1300972860628475

data source

low

jreed

new

Make SQLIte3 dependency optional

Make the dependency on SQLite3 optional. ./configure should not fail if sqlite3 is not found. This also means that b10-auth, b10-xfrin, b10-xfrout, b10-loadzone, and b10-zonemgr need to use an abstracted data source backend. This depends on: #368, #374, #375, #376.

586

task

1298044224002248

1392913150462579

resolver

medium

jreed

DNS Outstanding Tasks

new

randomize source ports

Have an option so we can set our own source ports (instead of operating system). (For example, some operating systems use sequential source ports and not randomized.) (09:47:30) stephen: I’ve just had a look at the Boost documentation and it seems that we can create a native port, that ask Boost to use that for its I/O. So we should be able to control the port numbers ourselves.

596

task

1298382431550481

1317139349238781

Unclassified

medium

jreed

new

allow configurations without running services

Should be able to do configurations, especially for auth and resolver, without starting them first. This may mean being able to change configurations without running cmdctl too.

601

defect

1298448694146657

1392811406027717

libdns++

medium

UnAssigned

jinmei

DNS Outstanding Tasks

new

bug in handling out-of-range DNSSEC times

This is an (originally unintended) continuation of #174. According to Rob Austein our current implementation of DNSSEC time (which is actually compatible with BIND 9) isn’t correct: - we should allow pre-epoch time such as 19691231000000 as long as it’s in the valid 68-year range. - we should reject (in the 32-bit mode) out-of-range time format such as 21000101000000 In practice, these would be minor, but since we’ve recently completed #174, it would make sense to fix it using this opportunity.

619

task

1298497711930303

1330422593174356

cmd-ctl

low

jreed

new

pick a good default cmdctl port number

Decide on port for cmdctl; 8080 is too common?

628

defect

1298575416565604

1337691456593207

Unclassified

low

UnAssigned

jreed

assigned

switching from auth or resolver is too noisy

This was done with: > config diff {’Boss’: {’start_resolver’: True, ‘start_auth’: False}} > config commit See all this output: [b10-cmdctl] Begin send command ‘set_config’ to module ‘ConfigManager’ [bind10] Handling new configuration: {’start_resolver’: True, ‘start_auth’: False} [bind10] Starting b10-resolver [bind10] Started b10-resolver (PID 22058) [bind10] Asking b10-zonemgr to terminate [bind10] Asking b10-xfrin to terminate [bind10] Asking b10-xfrout to terminate [bind10] Asking b10-auth to terminate [b10-auth] Received ‘shutdown’ command [b10-msgq] Closing socket fd 8 [b10-msgq] Receive error: EOF [b10-msgq] Closing socket fd 9 [b10-msgq] Receive error: EOF 24-Feb-2011 14:19:32.111 Xfrout: INFO: Received shutdown command. [bind10] Process b10-auth (PID 22024) terminated, exit status = 0 [b10-msgq] Closing socket fd 7 [b10-msgq] Receive error: EOF [b10-cmdctl] Finish send command ‘set_config’ to module ‘ConfigManager’ [b10-cmdctl] Begin send command ‘get_config’ to module ‘ConfigManager’ [b10-resolver] Command line: b10-resolver -v [b10-resolver] Server created. [b10-resolver] IOService created. [b10-resolver] Configuration session channel created. [b10-cmdctl] Finish send command ‘get_config’ to module ‘ConfigManager’ [b10-resolver] Configuration channel established. [b10-resolver] Config loaded [b10-resolver] Server started. [bind10] Process b10-xfrin (PID 22026) terminated, exit status = 0 [b10-msgq] Closing socket fd 10 [b10-msgq] Receive error: EOF [b10-msgq] Closing socket fd 12 [b10-msgq] Receive error: EOF [bind10] Process b10-zonemgr (PID 22027) terminated, exit status = 0 [b10-msgq] Closing socket fd 14 [b10-msgq] Receive error: EOF [b10-msgq] Closing socket fd 15 [b10-msgq] Receive error: [bind10] Process b10-xfrout (PID 22025) terminated, exit status = 0 [b10-msgq] Closing socket fd 11 [b10-msgq] Receive error: While this is verbose, the many errors shouldn’t be there. This is not clean.

632

task

1298666735493161

1392913131851989

resolver

medium

jinmei

DNS Outstanding Tasks

new

“libcache” has too generic a name

As raised on jabber… I just noticed “cache” is too generic when I saw src/lib/cache (it also applies to the resulting library, libcache.{a,so}). Consider, e.g. the fact we already have the “hot spot cache” for data source. Also consider BIND 10 may not even specific to DNS. Even without taking these into account, “cache” still sounds too generic and can be quite ambiguous. So, IMO, it should have a more specific name. This is probably part of a larger packaging matter, though (e.g., whether we want to provide the cache library as a stand alone library that can be exclusively used by third party applications, or whether it’s intended to be used only as part of the resolver (library/server)). But I’m creating the ticket anyway so that we won’t forget it.

635

defect

1298980700682057

1330426424708472

build system

low

stephen

stephen

assigned

Presence of old version of BIND10 may cause new build to fail

Building from sources, if: * —prefix is specified on the ./configure command line * “make install” is run to install the software in the “prefix” directory … a subsequent build of a later version of BIND10 may fail. The set of commands that cause the build to fail on Ubuntu 10.04 are given in the attached file. Removing the “prefix” directory allows the subsequent build to succeed.

645

defect

1299072541726805

1330430795159535

Unclassified

low

vorner

new

Little errors hinted by valgrind

This is the rest of valgrind topics raised by #614. I believe this bunch is small and simple enough to handle them in one ticket. They are: - Invalid read in cc tests (the map there seems to be freed before the tests are done with it, but that’s only my guess) - There’s call to open with NULL pointer as the path in the dns tests, which probably shouldn’t happen. - Some memory leaks in auth tests. The two IOEndPoint ones are already topic covered by #644 (the same leak got to different tests), but there’s one more in changeUser. I think this one is minor, because the first two probably happen only in tests (but I’m not sure about it, that’s why I leave it here to examine), and the third one happens just once per run.

650

task

1299224653994828

1392812528597430

b10-auth

medium

jinmei

DNS Outstanding Tasks

new

port BIND 9’s dnssec system test

This is a continuation of #606. For the test scenario, see bind9/bin/tests/system/dnssec.

651

task

1299224711538630

1392812546628371

b10-auth

medium

jinmei

DNS Outstanding Tasks

new

port BIND 9’s masterfile system test

This is a continuation of #606. For the test scenario, see bind9/bin/tests/system/masterfile.

652

task

1299224751638636

1392812561419620

b10-auth

medium

jinmei

DNS Outstanding Tasks

new

port BIND 9’s notify system test

This is a continuation of #606. For the test scenario, see bind9/bin/tests/system/notify.

653

task

1299224794714962

1392812576738283

b10-auth

medium

jinmei

DNS Outstanding Tasks

new

port BIND 9’s xfer system test

This is a continuation of #606. For the test scenario, see bind9/bin/tests/system/xfer.

654

task

1299224832714631

1392812592156794

b10-auth

medium

jinmei

DNS Outstanding Tasks

new

port BIND 9’s unknown system test

This is a continuation of #606. For the test scenario, see bind9/bin/tests/system/unknown.

655

task

1299224906799160

1392812608264326

resolver

medium

jinmei

DNS Outstanding Tasks

new

port BIND 9’s resolver system test

This is a continuation of #606. For the test scenario, see bind9/bin/tests/system/resolver. I’m giving this ticket to R-team (as an initial assignment).

659

enhancement

1299234839233509

1392913106528658

resolver

medium

jelte

DNS Outstanding Tasks

new

resolver priming

Ticket #495 introduces the use of the NSAS, but it doesn’t correctly prime the resolver yet. We really need this (at least a simple version of it), it should probably be a method of RecursiveQuery (which is in essence the ‘resolver’ object right now), called once initialized, and later at a regular interval (either when the priming result appears to expire or once a day). This might also need a way to simply send out one query and get back the result, without the full recursive process. Depending on what we do in #658, this may already be possible.

660

enhancement

1299235088120650

1392913035779181

resolver

medium

jelte

DNS Outstanding Tasks

new

options and/or commands to control cache behaviour

Ticket #491 introduced the use of a cache, but at this moment we have no method of controlling it; some initial nice options would be: - set maximum cache size - set maxmimum lru size - flush cache - flush cache for specific names - flush cache for specific zones and everything below it (though i’m not sure this is possible with the current cache implementation)

662

defect

1299245065169497

1392811258123648

b10-auth

medium

UnAssigned

jreed

DNS Outstanding Tasks

assigned

b10-auth wrongly falls back to default listen_on

As I noted in #657, b10-auth now falls back to default listen_on (from spec?) if the b10-config.db version fails. [bind10] BIND 10 started Setting listen addresses: 0.0.0.0:53 127.0.0.1:5300 Initialize TCP server at 0.0.0.0:53 Unable to set new address: Failed to initialize network servers: Permission denied [b10-auth] error: Server configuration failed: Failed to initialize network servers: Permission denied [b10-auth] Configuration channel established. [b10-auth] Xfrin session channel created. [b10-auth] Xfrin session channel established. [b10-auth] Statistics session channel created. [b10-auth] Statistics session channel established. Setting listen addresses: ::1:5300 127.0.0.1:5300 Initialize TCP server at ::1:5300 Initialize UDP server at ::1:5300 Initialize TCP server at 127.0.0.1:5300 Initialize UDP server at 127.0.0.1:5300 [b10-auth] Set statistics timer to 60 seconds [b10-auth] Data source database file: /usr/home/jreed/opt/bind10/var/bind10-devel/zone.sqlite3 [b10-auth] Server started. I think the previous behaviour was for it to exit. bind10 (boss) would restart and the failure would continue looping. I don’t think that is good behaviour either. But using default values when a configuration is specifically defined is not correct. It may not be noticed and it may break some policies or other software (which wanted to use those). Maybe this will be fixed in #657, but I open this ticket just in case.

668

enhancement

1299497980496860

1299497980496860

Unclassified

low

stephen

new

Add formal randomness checking to unit tests of classes using random-number generators

We are currently using the Boost random number generators in classes where random numbers are required (e.g. QID generation). Although these should be random, we currently do not do formal testing of the randomness of generated values in our unit tests. This runs the risk of not noticing a loss of randomness if the implementation of such classes is changed. It is proposed that we formally check such cases using the NIST random number test suite [http://csrc.nist.gov/groups/ST/toolkit/rng/index.html]

674

defect

1299513343493610

1392912325412484

loadzone

low

jreed

DNS Outstanding Tasks

new

loadzone wrong RR count and percentage

From a couple tests, it looks like b10-loadzone RR count is one to many. For example it shows “2 RR (s) loaded” for a single line SOA only zone. Also sometimes the percentage shown is not 100% when completed. But that doesn’t match up to the count off by one.

677

defect

1299528731023605

1337591752864723

bind-ctl

low

jreed

new

bindctl doesn’t have readline/emacs-style editing

On some of my systems, bindctl doesn’t provide line editing (no arrow keys, no CTRL-A, CTRL-E, etc). Maybe the system is just missing some python module. The fix for this is probably just to document what is needed and/or where supported.

679

enhancement

1299599149442427

1344438138107723

Unclassified

medium

UnAssigned

vorner

assigned

More clever switching of listening addresses and ports

Currently, when user changes addresses and ports (listen_on), isc::server_common::portconfig::installAddresses is invoked. It closes all old sockets and create new ones. But if there are common sockets in old and new configuration, it is both unneeded and may cause a short break in service. So a more fancy way of switching them should be done. The idea is to open the new ports, then close the old ones and keep the same ones untouched. (In this order, we can check we can get the new ones without losing the old ones, so it is easier to rollback)

685

defect

1299688327340397

1392913014659093

resolver

medium

jreed

DNS Outstanding Tasks

new

resolver cached SERVFAIL becomes NOERROR

I had a DNAME that resulted in a synthesized CNAME that is too long. Using b10-resolver as a forwarder: on the first query the upstream sent back a SERVFAIL. On second query, the b10-resolver said “Message found in cache, returning that” and returned a status: NOERROR (ANSWER: 0). (I noticed this when researching #145.)

686

enhancement

1299761964159824

1389622076495221

build system

medium

jreed

jreed

assigned

set library version info

This was based on #635 issues. We need to set the version information (such as libtool’s current:revision:age) for each library that has changed. At the minimum we should do these at least for each tarball release. We will not use the BIND 10 release or individual module versions for the library versions. I will add more details to this ticket. This ticket should not be closed until a wiki page also documents our policy on this.

687

defect

1299797626444982

1394116289440406

Boss of BIND

low

jreed

Common Outstanding Tasks

new

suspend (stop) signal sent to boss doesn’t suspend children

I used to be able to suspend bind10 and it would suspend the children too. But now the parent is only suspended, children keep on running. I am doing this with Ctrl-Z from shell. This causes some confusion for me as I troubleshoot (especially if I am flooded with verbose output on same terminal).

692

defect

1300207928617670

1392999432267907

data source

medium

UnAssigned

jinmei

DNS Outstanding Tasks

assigned

response with NSEC3 for class ANY queries

This is a remaining task for #80. We first need to add tests about query logic (in general) for NSEC3 responses, and then make the same fix as the one we did for #80.

694

enhancement

1300229091452958

1300972799721442

msgq

low

jinmei

new

proposal: change timeout for SendNonblock (msg test) to 30sec

It’s currently 10sec def terminate_check(self, task, timeout = 10): (btw the space chars around = should be removed according to the style convention) Apparently this is too small for my personal slow server, and this test regularly fails. I propose changing this value to 30sec (yes, it’s an arbitrary choice that happens to work for that particular server). Normally the value shouldn’t affect testability; timeout doesn’t happen unless the test fails or for a very slow machine. So I think the change is acceptable.

702

defect

1300357203601211

1392912989810995

resolver

medium

jelte

DNS Outstanding Tasks

new

resolver/forwarder does not answer CH TXT version.bind and authors.bind

In fact, right now it crashes on such queries. Fixing the crash is trivial, but getting the right answers is not (they’re hidden in StaticDataSrc, and including that would imply including nearly everything that’s necessary for b10-auth). So I propose to move the actual creation of the ‘static’ data (i.e. the names and rrsets for authors.bind and version.bind) to a singleton in server_common, and use those from StaticDataSrc and bin/resolver.

705

enhancement

1300390542235100

1394116308396684

Boss of BIND

low

shane

Common Outstanding Tasks

new

Log more helpful status when process exits under the boss

Jeremy reported something exited with status 139. It turns out that the status value is as follows: a 16-bit number, whose low byte is the signal number that killed the process, and whose high byte is the exit status (if the signal number is zero); the high bit of the low byte is set if a core file was produced That is from the Python documentation here: http://docs.python.org/py3k/library/os.html#os.wait So, deciphering it we see that it is < 256, which means it is a signal. The high bit is set - meaning we have core. We can remove that by subtracting 128 and discover that this is signal 11 (SEGV). It would be nice if the boss process did this work and reported exactly what happened to the child process.

707

defect

1300391188623803

1392825456361357

Unclassified

medium

jreed

DNS Outstanding Tasks

new

b10-resolver (as forwarder) exit with SEGV

Not sure what caused this b10-resolver to exit with SEGV. I am confused why question generates different upstream questions and one question results in multiple responses. Is this an error too? Here is the closest lines in verbose output: [b10-resolver] Got a DNS message [b10-resolver] received a message: ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 21919 ;; flags: rd ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;external.ak.fbcdn.net. IN A [b10-resolver] Processing normal query [b10-resolver] Try out cache first (started by incoming event) [b10-resolver] Message not found in cache, starting recursive query [b10-resolver] doLookup: try cache [b10-resolver] Sending upstream query (external.ak.fbcdn.net. IN A ) to 127.0.0.1 [b10-resolver] Timeout, resending query [b10-resolver] Sending upstream query (profile.ak.fbcdn.net. IN A ) to 127.0.0.1 [b10-resolver] Timeout, resending query [b10-resolver] Sending upstream query (photos-e.ak.fbcdn.net. IN A ) to 127.0.0.1 [b10-resolver] Timeout, resending query [b10-resolver] Sending upstream query (external.ak.fbcdn.net. IN A ) to 127.0.0.1 [b10-resolver] sending a response (442bytes): ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 3781 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 11, AUTHORITY: 9, ADDITIONAL: 0 ;; QUESTION SECTION: ;photos-e.ak.fbcdn.net. IN A ;; ANSWER SECTION: photos-e.ak.fbcdn.net. 895 IN CNAME photos-a.ak.facebook.com.edgesuite.net. photos-a.ak.facebook.com.edgesuite.net. 4798 IN CNAME a995.mm1.akamai.net. a995.mm1.akamai.net. 20 IN A 69.31.72.194 a995.mm1.akamai.net. 20 IN A 69.31.72.139 a995.mm1.akamai.net. 20 IN A 69.31.72.145 a995.mm1.akamai.net. 20 IN A 69.31.72.147 a995.mm1.akamai.net. 20 IN A 69.31.72.169 a995.mm1.akamai.net. 20 IN A 69.31.72.176 a995.mm1.akamai.net. 20 IN A 69.31.72.178 a995.mm1.akamai.net. 20 IN A 69.31.72.184 a995.mm1.akamai.net. 20 IN A 69.31.72.193 ;; AUTHORITY SECTION: mm1.akamai.net. 1798 IN NS n7mm1.akamai.net. mm1.akamai.net. 1798 IN NS n4mm1.akamai.net. mm1.akamai.net. 1798 IN NS n3mm1.akamai.net. mm1.akamai.net. 1798 IN NS n2mm1.akamai.net. mm1.akamai.net. 1798 IN NS n5mm1.akamai.net. mm1.akamai.net. 1798 IN NS n0mm1.akamai.net. mm1.akamai.net. 1798 IN NS n6mm1.akamai.net. mm1.akamai.net. 1798 IN NS a0mm1.akamai.net. mm1.akamai.net. 1798 IN NS n1mm1.akamai.net. [b10-resolver] Timeout, resending query [b10-resolver] Sending upstream query (profile.ak.fbcdn.net. IN A ) to 127.0.0.1 [b10-resolver] sending a response (308bytes): ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 21919 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 4, AUTHORITY: 9, ADDITIONAL: 0 ;; QUESTION SECTION: ;external.ak.fbcdn.net. IN A ;; ANSWER SECTION: external.ak.fbcdn.net. 2472 IN CNAME external.ak.fbcdn.net.edgesuite.net. external.ak.fbcdn.net.edgesuite.net. 4798 IN CNAME a1920.g.akamai.net. a1920.g.akamai.net. 20 IN A 63.80.138.48 a1920.g.akamai.net. 20 IN A 63.80.138.67 ;; AUTHORITY SECTION: g.akamai.net. 1799 IN NS n4g.akamai.net. g.akamai.net. 1799 IN NS n7g.akamai.net. g.akamai.net. 1799 IN NS n6g.akamai.net. g.akamai.net. 1799 IN NS a0g.akamai.net. g.akamai.net. 1799 IN NS n5g.akamai.net. g.akamai.net. 1799 IN NS n3g.akamai.net. g.akamai.net. 1799 IN NS n0g.akamai.net. g.akamai.net. 1799 IN NS n1g.akamai.net. g.akamai.net. 1799 IN NS n2g.akamai.net. [b10-resolver] sending a response (38bytes): ;; >>HEADER<< opcode: QUERY, status: SERVFAIL, id: 24087 ;; flags: qr rd ra ; QUESTION: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;profile.ak.fbcdn.net. IN A [bind10] Process b10-resolver (PID 16152) terminated, exit status = 139

709

enhancement

1300396709121370

1392914161716876

resolver

low

UnAssigned

shane

stephen@isc.org

DNS Outstanding Tasks

assigned

Improve RTT message from recursive resolver by using decimal

Stephen noted that the RTT: debug output would possibly be nicer with outputing using decimals. Stephen: We could change that to output it to three decimal places.

715

defect

1300452454216757

1301321712247554

configuration

low

jreed

new

cfgmgr errors need a new line or separator

I made a mistake: > config set Auth/datasources [{file “/Local/Users/jreed/J”, origin config commit Error: Error in config validation: Unknown item fileUnknown item origin Configuration not committed It is unknown because I forgot to use “zones” for this list. The problem is the error messages got merged together.

717

defect

1300453300858334

1300453300858334

bind-ctl

low

jreed

new

config diff output uses single quotes

config diff output uses single quotes. But bindctl and cfgmgr require double quotes. So if you attempt to copy and paste it will fail.

718

defect

1300453366384540

1377867759038750

bind-ctl

low

jreed

new

Don’t need to say “Exit from bindctl” when bindctl doesn’t have a tty.

Don’t need to say “Exit from bindctl” when bindctl doesn’t have a tty (such as piping in a command to it).

732

task

1300982884532984

1308086219578281

bind-ctl

medium

jreed

new

add more unittests for bindctl components

Get all of bindctl to at least 75 unit test code coverage. See: http://bind10.isc.org/~tester/LATEST_PYTHON_UNITTEST_COVERAGE/

734

task

1300983182591938

1308086254849558

Unclassified

medium

jreed

new

add more unit tests for lib/xfr

Add more unit tests for lib/xfr to get it to atleast 75% code coverage. See: http://bind10.isc.org/~tester/LATEST_UNITTEST_COVERAGE/xfr/index.html

748

enhancement

1301048430011042

1303288185742206

resolver

low

stephen

new

Remove coroutines from IOFetch

Remove the coroutine code from io_fetch.{cc,h}. This involves removing the inheritance from the “coroutine” objects and breaking down the operator() method into a number of separate methods corresponding to each phase of the I/O. (This may involve the use of boost::bind to specify the asynchronous I/O callbacks.)

750

enhancement

1301049551821677

1330704341390354

Unclassified

low

stephen

new

Remove coroutines from UDP server and TCP server

The work involved in this is similar to that in ticket #748, but is applied to the TCP and UDP server code.

752

enhancement

1301050626523132

1303288206489049

Unclassified

low

stephen

new

IOService Refactoring

Several points in the code access the boost ASIO “post” function through IOService by calling IOService::get_io_service().post(). Ideally IOService should supply a post() method itself. Owing to the use of templates, this may require removing the “pimpl” structure.

757

enhancement

1301163841383808

1330702682035017

logging

low

stephen

stephen

assigned

Python logging - understand configuration

The logging configuration is being defined in ticket #736, although the scope of that ticket is C++. This ticket involves producing Python code that understands the logging configuration and sets the options in the BIND-10 Python logging module accordingly,

776

enhancement

1301410070349491

1392999528377870

Unclassified

medium

stephen

DNS Outstanding Tasks

new

IXFR out: Share UDP Address/Port with b10-auth and xfrout

In many cases, different functions of BIND 10 should use the same address and port to receive communications. This task - which is also involved with using UDP in general - makes this possible.

778

enhancement

1301466559425504

1301466559425504

xfrout

medium

stephen

new

IXFR out: limit number of concurrent XFRs

Configuration of a wide limit on the number of concurrent transfers and implementation of the code to keep a track of the transfers and refuse a request that would cause this limit to be exceeded.

779

enhancement

1301466669718474

1301466738839037

xfrout

medium

stephen

new

IXFR out: cleanup configuration

Add configuration parameters to specify how many versions of the zone should be kept and how long the history should be kept for.

780

task

1301466900488102

1301466900488102

xfrout

medium

stephen

new

IXFR out: add housekeeping to clean up old history

Based on the configuration specified in #779, some form of housekeeping task is required to periodically clean up history.

785

task

1301484331910045

1301484331910045

Unclassified

medium

stephen

new

DNSSEC: read, document and understand BIND 9 handling of DNSSEC

Possibly the precursor to all DNSSEC related tasks, this is to make sure that we don’t lose knowledge of what BIND 9 has done with DNSSEC. The person doing this task should make sure that they interact with the BIND 9 programme manager, as the output will be a useful addition to the BIND 9 documentation set.

789

defect

1301503700873539

1394116322264037

Boss of BIND

medium

stephen

Common Outstanding Tasks

new

Make “shutdown” a hidden command for non-Boss processes

At the moment it is possible to shutdown components individually. Unfortunately, the Boss immediately restarts them because it does not know that they have been requested to terminate. This change removes the component shutdown command and ensures that they can only be shutdown through Boss - which, because it knows about the shutdown will not restart them.

791

enhancement

1301503869663869

1394116339620628

Boss of BIND

medium

stephen

Common Outstanding Tasks

new

Add command to Boss to see component configuration

Should be able to execute a command to see a list of running process and any relevant configuration information.

795

enhancement

1301504172842902

1394116356863046

Boss of BIND

medium

stephen

Common Outstanding Tasks

new

Stop/force-stop/restart/start a component (temporarily)

Sometimes a component will not shutdown. The cmdctl interface should allow the user to: * Stop a component (i.e. request it to shut down normally) * Force-stop (i.e. kill it) * Restart (i.e. shut down normally and get it to restart automatically) * Start (i.e. start a component that is currently not running)

803

enhancement

1301557630304648

1394116372443015

Boss of BIND

medium

stephen

Common Outstanding Tasks

new

Command to list currently used sockets

(Related to #802.)

804

enhancement

1301557671331241

1394116387627774

Boss of BIND

medium

stephen

Common Outstanding Tasks

reopened

Client side code to request new sockets (Python)

808

task

1301558082457798

1301558082457798

Unclassified

low

stephen

new

Research alternate strategy of using a lexer/parser to define record types

Rather than explicitly creating a class for each record type, is there some way that we can define the characteristics of a RR and automatically generate the code?

822

enhancement

1301560581841591

1301560581841591

data source

medium

stephen

new

Use first match data source

Modify so that first match instead of best match is used from multiple data sources

824

enhancement

1301560817541807

1317990348048159

data source

medium

stephen

new

Improve configuration of data sources

826

task

1301817156175350

1340899583918649

Unclassified

medium

fdupont

fdupont

assigned

Windows support

Windows support: - OS >= Vista/Windows Server 2008 - Visual Studio >= 2008 (aka 9.0) - google test (for validation) Individual item: - HOWTO (needed software and tools) - DLL exports - solution and projects (for VS 2008) others will be added

837

defect

1302099452093934

1392811598022391

Unclassified

medium

fdupont

DNS Outstanding Tasks

new

multiple include of initialized static constant members

In edns.h: class EDNS { /// } Each time the edns.h file is included this gives a new EDNS::SUPPORTED_VERSION symbol so linking raises “multiple defined” errors. There are two ways to fix it: - play with an #ifdef so only the initializing form in included in edns.cc - move the initialization to edns.cc I prefer the second way but there are still some choices: - keep the value in .h in a comment - what to do for this line is edns_unittest.cc: const uint8_t EDNS::SUPPORTED_VERSION; (I’d like to remove it)?

840

defect

1302140837373042

1304377436907887

Unclassified

medium

fdupont

new

Windows support for libcc

No chance: current libcc relies on asio::local which is not supported on Windows. Note the ASIO_HAS_LOCAL_SOCKETS flag should help according to the ASIO doc… Got a !WinSock.h double include error too (to be fixed in config.h for Windows). What is the plan? Add local TCP as an option?

841

task

1302162674129589

1305213407580130

Unclassified

medium

jelte

new

remove generated .py files

We have a number of python scripts that are generated from .in files at configure time. We also have a file src/lib/python/bind10_config.py[.in] that is supposed to act like the config.h file in cpp; we should put configure-time substitutions in this file instead of in all the generated .py files. ps. when we do this, it’ll cause a lot of git checkout ‘problems’ (files that were generated in one branch but are in the repository of another), we might want to add a small script that deletes them as an interim workaround until we have no old branches left after this is done.

842

defect

1302166140879988

1394114735280370

Unclassified

medium

zzchen_pku

Common Outstanding Tasks

new

Do range check within C++ class

Some of the long int variables can be a plain int: Message_init, Message_clear, MessageRenderer_setCompressMode. (although being long is not necessarily incorrect; it just consumes more (stack) space unnecessarily). Actually, in these cases it make more sense to do this check within the corresponding C++ class (Message, MessageRenderer?, etc) and delegate the check to it.

854

enhancement

1303204287914456

1305289926802818

Unclassified

low

stephen

new

Extend the badpacket generator

The “badpacket” generator is a program that generates (potentially) bad DNS packets for sending to a nameserver and testing its response. It is meant to be used as a testing tool for the BIND 10. Currently, the generator can: * Set any combination of flags in the DNS message header. * Vary the size of the DNS message (by truncating or extending with random data) * Set the DNS message section counts (independently of what is in the section). This ticket is for enhancements to the program to: * Actually insert data into the various message sections. * Modify the data in the message sections (e.g. by corrupting the label length fields). * Add a set of options for testing (bad) EDNS0 data.

856

task

1303252448822559

1304496626188282

libdns++

medium

UnAssigned

jinmei

assigned

add ability to send TSIG’ed query to src/bin/host

Unless I’m mistaken this is an additional task for the May03 sprint so that it will have one “user-visible feature”. What I meant is to add a small change to src/bin/host so that it accepts a new “-f ” option just like BIND 9 dig, and uses that information with the libdns++ API introduced in #812 to send TSIG signed queries. Should be pretty easy.

858

enhancement

1303293435055645

1305291723225946

Unclassified

low

fdupont

new

silent MSVC warnings on libdns++

I’ll collect MSVC warnings in VS2005/2008/2010 and try to address them. Some are spurious (as a warning for {} while(0) in macros) and should be avoided with a pragma, some are real (mainly incompatible integer operations) and should be fixed (for instance by a cast). As far as I know none is critical so I put this ticket in enhancements. Note at least a common one is related to C++: VS2010 complains about missing and impossible to generate copy operation in class definition…

860

task

1303452541864048

1392999445167461

data source

medium

UnAssigned

jinmei

DNS Outstanding Tasks

assigned

sqlite3 data source should separate DONE and other errors

See #851 (espeically its initial description). Conceptually, this means instead of doing this: rc = sqlite3_step(dbparameters>q_zone_); const int i = ? sqlite3_column_int :1; we should do it this way: rc = sqlite3_step(dbparameters>q_zone_); if const int i = ? sqlite3_column_int :1; It’s basically straightforward, but since a naive approach would result in the same patter repeated in various places, we’ll probably also need some kind of refactoring.

861

enhancement

1303453310640018

1305214361342052

Unclassified

medium

zhanglikun

new

Check max udp packet size(buffer size) carried by edns0 message

When resolver geting a query with DO bit from a client, the max udp packet size should be checked. Once the size of answer message is bigger the max size, tcp query should be triggered. Currently the simplest forwarder doesn’t check, always treate the max udp packet size of query client is 4096.(see more in ticket#598)

862

task

1303460875383770

1344438559841280

Unclassified

medium

UnAssigned

vorner

assigned

Properly encapsulate the output buffer in AbstractMessageRenderer

As discussed in #404, we shouldn’t expose the output buffer to descendants of `AbstractMessageRenderer` trough `getBuffer()`. The most problematic place that uses it is name compression in `MessageRenderer`, which needs some small refactoring. The rest should be trivial to replace.

864

task

1303815711705987

1392912967341617

resolver

low

vorner

DNS Outstanding Tasks

new

Simplification of ResponseScrubber::scrubSection

As noted in comment:5:ticket:847, the method would use some simplification (the suggestion about `nomatch` is already implemented).

874

task

1304087689458972

1305223378939417

Unclassified

medium

shane

new

Create tests for src/bin/host

We need tests for src/bin/host.

887

task

1304280532725770

1305270004460967

Unclassified

medium

shane

new

review code for undocumented functionality

Also meant as input for #884, but we probably need to break this down into smaller tasks.

891

enhancement

1304402768405000

1392912898819529

resolver

medium

zhanglikun

DNS Outstanding Tasks

new

Retry forward query over TCP when getting a truncated response.

Currently, the forward query doesn’t have the ability to retry over TCP when getting a truncated response. It should add the support for it. Following is the comments in ticket# 598 given by vorner. “What should the forwarder do with TCP anyway? Ask over UDP if the request come over UDP and use TCP if it comes over TCP? Is it possible with our current framework?”

892

enhancement

1304404513391522

1389749466423194

build system

medium

UnAssigned

jinmei

assigned

move generic test utils from lib/dns/tests to lib/util/unittests

As I commented in #813, I propose: - move things except DNS specific things (matchName and createRequestMessage) in lib/dns/tests/unittest_util to lib/util/unittests/ - unify addDataPath and (part of) readWireData with lib/util/unittests/testdata. basically I’d keep the latter and remove the duplicate functionality from the former. - in addition I’d change the interface of matchWireData() so that expected data is given before the actual data in the parameter list to be more comatible with other gtest interfaces (and variable names should be renamed to actual/expect, etc)

895

enhancement

1304444293674245

1307052968960904

build system

medium

UnAssigned

jinmei

assigned

“null” crypto module

It will help if we add an internal backend crypto module (used from libcryptolink) for environments where Botan is not available. It will also be helpful for users who don’t need any crypto related DNS operations (no TSIG, no DNSSEC) and don’t want to install Botan just to compile BIND 10. This should be configurable in configure.ac and should be disabled by default. It was also suggested that if the null module is enabled a warning message (that no TSIG or DNSSEC will be usable) be shown. Note also that when the null module is enabled some unit tests will fail. We’ll need to work around it in some way.

896

defect

1304446501946920

1305292100972925

bind-ctl

low

jreed

new

bindctl command history shows username and user name attempts

Username:fhdsjkdfshjk Password: [“user doesn’t exist”] Username:root Password: [“login success”] > fhdsjkdfshjk The above shows attempts and then command history. Command history also showed the real username. I think this is misleading to have the username in command history.

909

task

1304717919353537

1396529228792699

xfrin

medium

jreed

DNS Outstanding Tasks

new

Move command “retransfer” from Xfrin to zonemgr.

Move command “retransfer” from Xfrin to zonemgr. For background see https://lists.isc.org/pipermail/bind10-dev/2011-May/002235.html This is related to #908.

911

enhancement

1304754703435921

1341252007825965

Unclassified

low

fdupont

new

time64 & Y2038

Some systems (at least HPUX and Windows) provide a “time64” version of time_t, time(), etc, which will still work after 2038. I suggest 3 things: - use the 64 bit variant when it is available (e.g., twist a #define config.h and don’t forget to include it) - make the code compiling without warnings with the 64 bit variant - at low priority provide a 64 variant on systems which don’t have it. Even we have ~20 years to solve this issue it should be fine to not wait so long…

918

task

1305116578867933

1317139338430339

configuration

medium

vorner

new

Non-dict top-level configuration

Currently a module configuration must be a dict and with names hardcoded in the spec file (eg. we say that we’ll have module.a, module.b and that’s it). These items can have any type then. But for process-less configurations, it makes sense to have a different type for the whole module. An example would be tsig_keys configuration section, which would be shared between multiple processes. It would make sense for it to be just list of strings, each representing one TSIG key in the keyring. Current workaround in #875 is to put there one more level, but it’s inconvenient for the user. (I’m putting it to core, as the configuration is shared)

919

enhancement

1305140148511611

1317990940778622

libdns++

medium

UnAssigned

jinmei

assigned

define a header file for DNS protocol constants

See the discussion for the background: http://bind10.isc.org/ticket/893#comment:11 (around the paragraph beginning with “OK, although…”) The idea is to create a new header file, say, protocol_constants.h, in lib/dns to centrailze the definition of (mainly numeric) protocol constants such as the max wire length of domain names. We should begin with the discussion about whether this is a good idea in the first place, and, if so, which constants should be defined in that file.

920

enhancement

1305140328886955

1308058627479306

libdns++

medium

UnAssigned

jinmei

assigned

extension to TSIG: support truncated signature

This is a remaining task (for relatively minor cases) of #893 as noted in http://bind10.isc.org/ticket/893#comment:3 We need to support truncated signature in TSIGContext::verify() (and perhaps also in sign() - BIND 9 does something about this in its verify implementation. we need to check). We then need to revert the short term hack (and temporarily disabled tests) made in libcryptolink in #893 and #954.

921

enhancement

1305140551409948

1305295195674457

libdns++

low

jinmei

jinmei

new

extension to TSIG: support signed but no TSIG message over TCP

This is a remaining task (and covering a very minor case) of #893 as noted in http://bind10.isc.org/ticket/893#comment:3 This could probably have a very low priority. There’s probably no implementation of the sender side that does this. If so, the only meaning of implementating this is to be feature complete as a reference implementation of the protocol.

923

enhancement

1305226590899704

1305272688701612

logging

medium

vorner

new

Create a cross-breed between isc_throw and LOG_ERROR macro.

We often need to log an error message and throw an exception at the same place. We also generate similar message for them. So the proposal is to create a macro that creates the message like for logging (with the message ID and formatting), logs it and then throws an exception with the same message as one command.

932

defect

1305617161312654

1339226208051796

libdns++

medium

UnAssigned

jinmei

assigned

overall cleanups (including real bug fixes) for pydnspp

As I pointed out in #905, the current implementation of pydnspp seems to be fragile and contains some real bugs like memory leak or propagating C++ exceptions. I’d suggest applying overall cleanup using tools in src/lib/util/python to make the code more robust.

933

enhancement

1305617411892712

1344438451664443

documentation

medium

jreed

jinmei

assigned

introduce a framework to convert from doxygen to pydoc

I’d propose introducing a tool to convert XML output from doxygen to a template of embedded documentation string for our python bindings. This will help improve documentation of the python binding (specifically pydnspp) to the quality of pretty close to that of the original C++ doxygen doc. I’ve written a mostly complete python script to this job. So this ticket will be just to complete the work and get it reviewed and merged.

934

enhancement

1305617767636295

1306402982030665

libdns++

medium

UnAssigned

jinmei

assigned

use real constants (instead of proxy factory) in pydnspp

I noticed that pydnspp uses many proxy factory functions for constant objects like RRType.AAAA (), RRClass.IN(). In Python we don’t have to do that because there’s no worry for static initialization fiasco (which is the reason why we use the proxy functions in C++). We can simply define RRType.AAAA, etc, as class constant in initialization and use it throughout our applications. That will be more intuitive, and will be a bit more efficient (a call to a proxy function always involve an allocation of PyObject and subsequent deallocation; real constants are created only once in initialization). I’d propose making this change in the entire pydnspp. It will require changes to the applications (xfrin.py, etc), but the changes should be pretty straightforward.

935

enhancement

1305618161576064

1306403137199231

documentation

medium

jinmei

new

improve pydnspp documentation

Once #933 is completed and merged, we can use it to improve the actual documentation of our python bindings. I’d propose to create a task for improving pydnspp. Using the auto-generated template, the rest of the work should be a quite straightforward and small set of editorial changes.

941

enhancement

1305796792290507

1331638684393979

Inter-module communication

medium

jelte

new

‘internal’ commands in .spec/modules

There is the need to have ‘internal’ commands; i.e. commands that modules accept, but only from other modules, and not from an administrator. For instance, Xfrin currently has a ‘notify’ command, that is sent from zonemgr. This command is only used on incoming notifies, and for that reason is not in the specfile. However, this means that we have no way to automatically validate the arguments. The proposal is to extend the specification format with a ‘internal’ value for commands, and if this is true, it will not be exported to bindctl etc, but we can add argument validation to moduleccsession.

942

defect

1305796961573817

1306403320569133

Unclassified

medium

jelte

new

filling in default values for command arguments

ModuleCCSession currently offers support for getting the default values of configuration options, should they not be configured explicitely. We need the same for command arguments.

944

task

1305802004391137

1306403386613441

Unclassified

medium

jelte

new

some generalized checks

we don’t really have a python util afaik, but we could use some general set of checks (for instance that an integer is a valid port number, that a string represent a valid domain name, etc.); from #811: “this makes me think that maybe we do need a set of generalized check-calls like is_valid_port_number, etc. Preferably ones that do not raise, but do convert to specific type if necessary (and do provide the error if they can’t)” having a good place to put these and a somewhat general interface for this is more important than providing a complete set of specific checks, we can add them as we encounter the need for them later

948

defect

1305825426209235

1331645709045791

configuration

medium

jreed

new

old Xfrin/master_addr configuration is in the way

This is related to #945. zone-related info is in xfrin, not zonemgr. master_addr is not directly in xfrin anymore, but one of the values of Xfrin/zones. If you have old configuration in place, it gets in the way: > config show Xfrin Xfrin/transfers_in 10 integer (default) Xfrin/zones [] list (default) > config show_json Xfrin {master_addr “192.168.1.1”} I think something should loudly complain. And now bindctl is showing two different sets of values and doesn’t tell me which is real. jelte says I think we should have per-module config version numbers. Here is an example of problem: > config show_json Xfrin {master_addr “192.168.1.1”} > config add Xfrin/zones > config set Xfrin/zones[0]/name foo > config set Xfrin/zones[0]/master_addr 192.168.1.1 > config diff {’Xfrin’: {’zones’: [{’name’: ‘foo’, ‘master_addr’: ‘192.168.1.1’}]}} > config commit Error: unknown item master_addr Configuration not committed > config show_json Xfrin {zones [{name “foo”, master_addr “192.168.1.1”}]} > config diff {’Xfrin’: {’zones’: [{’name’: ‘foo’, ‘master_addr’: ‘192.168.1.1’}]}} Looks like “show_json” shows what is not committed yet. It does complain, only way too late. Jelte said “afraid the only quick workaround is to stop bind10 and manually remove that original master_addr from b10-config.db”. So that is what I did. Manually editing the config database is not what we want to do so I am opening ticket.

949

defect

1305839394492086

1331646600577714

build system

low

jreed

shane

new

./configure —prefix change requires “make clean” before “make install”

If I run: ./configure —prefix=OLD make ./configure —prefix=NEW make make install Then the install fails. I can fix it via “make clean” before the second make, but that costs a lot of time and indicates some problem with some dependency.

952

defect

1305896769953683

1394114699762318

Unclassified

medium

UnAssigned

jelte

Common Outstanding Tasks

assigned

msgq/cc multiple reads problem (and bad_alloc in b10-auth upon notify)

in ticket #931, Michal discovered that there is a problem with multiple reads in cc/session. A (partial?) fix was proposed, and a different workaround was counterproposed (see that ticket). However, I also see problems that look like they are caused by the same or a very similar issue; upon notify, sometimes b10-auth aborts with a bad_alloc. The bad_alloc is caused by it trying to create a buffer for a message of which the length was incorrectly read. I think we should have locks around the different reads in session.cc

958

defect

1306144810660046

1306404268369401

Unclassified

low

stephen

new

Provide more information on failing test if exception is thrown

Give more information in a failing test if an isc::Exception-derived exception is thrown. See https://lists.isc.org/pipermail/bind10-dev/2011-January/001891.html for more details.

959

enhancement

1306244936958027

1396529237609820

xfrin

medium

shane

DNS Outstanding Tasks

new

Allow multiple masters for a slave zone

Right now we can only have a single master for a zone. We need to be able to define more than one.

961

enhancement

1306245275716716

1306404102447876

configuration

medium

shane

new

Should be a way to see how to configure something

“help” does not help me to create a secondary zone: > config show Xfrin Xfrin/transfers_in 10 integer (default) Xfrin/zones/ list What is supposed to go in zones? Jelte has a workaround, which is to add a zone then look: > config help Xfrin/zones Error! Unknown parameter ‘Xfrin/zones’ to command ‘help’ of module ‘config’ Command help (Get help for module.) help (Get help for command) No parameters for the command > config add Xfrin/zones > config show Xfrin/zones Xfrin/zones[0]/name “” string (default) Xfrin/zones[0]/class “IN” string (default) Xfrin/zones[0]/master_addr “” string (default) Xfrin/zones[0]/master_port 53 integer (default) Xfrin/zones[0]/tsig_key null string This works okay, but it not ideal. :)

965

defect

1306328078086645

1318411518734941

xfrout

medium

shane

new

Xfrout should not notify itself

I have a machine that gets errors sending notifies to itself: 25-May-2011 12:52:44.878 Xfrout: INFO: sending notify to 78.47.15.240#53 25-May-2011 12:52:44.879 Xfrout: INFO: sending notify to 78.47.15.240#53 25-May-2011 12:52:44.880 Xfrout: INFO: sending notify to 78.47.15.240#53 25-May-2011 12:52:44.881 Xfrout: INFO: sending notify to 78.47.15.240#53 25-May-2011 12:52:44.882 Xfrout: INFO: sending notify to 78.47.15.240#53 25-May-2011 12:52:44.882 Xfrout: INFO: notify to 78.47.15.240#53: retried exceeded The server should be smart enough not to notify itself.

966

enhancement

1306328544150372

1306404156394645

xfrout

medium

shane

new

Notify should be configurable

We should be able to configure notify behavior, both on a server and per-zone level. It should be possible to set explicit IP:port values, as well as something like “figure out from NS RRSET” as a special target. Xfrout/default_notify [ { type } ] Xfrout/zones[0]/notify [ { type, IP, port } ] Xfrout/zones[1]/notify [] Here the default behavior would be to figure out who to notify from the NS RRSET, while the first zone would have only an explicit notify, and the second zone would not send any notifies at all.

968

task

1306332590204165

1331646546535527

build system

low

jreed

shane

new

separate configure.ac into specific .m4 files

From ticket #35: Should we consider moving our specific configure functions into a included m4 file? (at Labs we used a shared acx_nlnetlabs.m4 file, for two reasons, one might not be relevant for us and that is that we shared a lot of functions between different projects, but the other was to keep the main configure.ac more readable).

969

defect

1306336569652746

1306404309122532

bind-ctl

low

jreed

new

non-intuitive bindctl configuration for Auth/listen_on

This is a few problems. I want to be able to just change one default. Testing as non-root. Defaults have port 53 for :: and 127.0.0.1. For testing, I change one to 5300, but commit fails since the other “default” port 53 still does not work: > config set Auth/listen_on[0]/port 5300 > config commit Setting listen addresses: :::5300 0.0.0.0:53 Initialize TCP server at :::5300 Initialize UDP server at :::5300 Initialize TCP server at 0.0.0.0:53 Unable to set new address: Failed to initialize network servers: Permission denied [b10-auth] error: Server configuration failed: Failed to initialize network servers: Permission denied Error: Server configuration failed: Failed to initialize network servers: Permission denied Configuration not committed It seems like if I change one configuration, then that one configuration should be used. Second problem (starting with my custom config removed so just defaults again): > config remove Auth/listen_on[0] > config diff {’Auth’: {’listen_on’: [{’port’: 53, ‘address’: ‘0.0.0.0’}]}} > config set Auth/listen_on[1]/port 5300 > config diff {’Auth’: {’listen_on[1]‘: {’port’: 5300}, ‘listen_on’: [{’port’: 53, ‘address’: ‘0.0.0.0’}]}} > config commit Error: Error in config validation: Unknown item listen_on[1] Configuration not committed I did not immediately realize that listen_on[1] became listen_on[0] Comments from jabber follow: (09:55:07) vorner: jreed: actually, it created new item called listen_on[0], which is a dict and didn’t touch the list in listen_on. And yes, you confused the poor tool. (09:55:56) jelte: well, in this specific case it’s not not intuitive, it’s plain buggy handling that command for an element that doesn’t exist

972

defect

1306350840779360

1392912875881081

resolver

medium

jinmei

DNS Outstanding Tasks

new

Resolver class is not exception safe

As I looked at the code for #971, I noticed another problem in the Resolver class: Its constructor is not exception safe: Resolver::Resolver() : impl), dnss(NULL), checkin), dns_lookup(new MessageLookup(this)), dns_answer, nsas(NULL), cache, configured(false) {} If, for example, “new ConfigCheck” fails, the allocated resource for impl_ will leak. It also looks quite awkward that it has specific member variables even if it adopts the pimpl idiom (although there may be a specific reason that can only be understood via deep understanding of the implementation details). Furthermore, due to the fact that dnss_/nsas_/cache_ are not set (to a non NULL value) at the construction time this class is quite fragile because some methods naively assumes they are non NULL. Example: void Resolver::setForwardAddresses(const AddressList& addresses) { impl_->setForwardAddresses(addresses, dnss_); } I’d suggest heavy refactoring and cleanup for this class so that it will be cleaner and safer.

973

enhancement

1306501010362252

1308579624913495

configuration

low

vorner

new

Separate methods for addRemoteConfig

Currently, there’s one method and it takes a name and a bool parameter. The parameter specifies if the name is filename or modulename (so the spec is loaded from config manager). This design isn’t exactly clean, so it was suggested this might be better separated into two methods (or, alternatively, some other solution might be thought of).

974

enhancement

1306501301050171

1394116792119803

b10-auth

low

vorner

DNS Outstanding Tasks

reopened

Pointer to shared pointer in `Auth::setTSIGKeyRing` is awkward and error prone

As discussed in #931, the design isn’t clean. We should come up with some solution that is simple and elegant.

975

defect

1306501611597398

1392811651433463

Unclassified

medium

vorner

DNS Outstanding Tasks

new

Non-primitive static object `server_common::keyring` is candidate for intialization problems

As noted in #931, this might be problematic if one non-primitive static object uses another one for it’s initialization, as the second one might be yet unitialized. This should be replaced by some function returning the instance or something to prevent such problems.

982

task

1306772645217077

1308064433369781

Unclassified

medium

vorner

new

Named ACL objects

It should be possible for the loader (#978) to remember the ACLs it loaded under a name. It could then either provide them directly or use them for sub-expression loading when the name is used in specification. Note that this needs a cycle protection (see notes at [wiki:AclSyntax]).

984

enhancement

1306828146083423

1308576861650272

Unclassified

medium

shane

new

Get list of zone timers from zonemgr

It would be nice for debugging to get a list of the timers from zonemgr, along with perhaps any other information being tracked (although I think that is it).

986

defect

1306830870989501

1314221339732657

bind-ctl

medium

shane

new

bindctl crash when removing unknown item

I was using a BIND 10 server with an old (pre-2011-05-17) configuration. It has a “master_addr” for all of Xfrin, instead of per-zone. I was unable to commit my database changes because of that: > config commit Error: unknown item master_addr Configuration not committed Here is the old configuration: shane@madras:/opt/bind10/var/bind10-devel$ cat b10-config.db {Xfrin {master_addr “85.17.60.159”}, version 2, Auth {listen_on [ { address “85.17.60.232”, port 53 } ]}} So I decided to remove the offending legacy configuration, with these results: > config unset Xfrin/master_addr Traceback (most recent call last): File “/usr/lib/python3.1/cmd.py”, line 213, in onecmd func = getattr(self, ‘do’ + cmd) AttributeError: ’BindCmdInterpreter’ object has no attribute ’do_config’ During handling of the above exception, another exception occurred: Traceback : File “/opt/bind10/bin/bindctl”, line 138, in tool.run File “/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 128, in run self.cmdloop File “/usr/lib/python3.1/cmd.py”, line 139, in cmdloop stop = self.onecmd File “/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 450, in onecmd Cmd.onecmd File “/usr/lib/python3.1/cmd.py”, line 215, in onecmd return self.default File “/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 416, in default self.parse_cmd(line) File “/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 554, in parse_cmd self.handle_cmd(cmd) File “/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 396, in _handle_cmd self.apply_config_cmd(cmd) File “/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 673, in apply_config_cmd self.config_data.unset(identifier) AttributeError: ’UIModuleCCSession’ object has no attribute ‘unset’

995

enhancement

1306963399183164

1308059157201126

build system

medium

UnAssigned

jinmei

assigned

use “convenience libraries” to share .cc in multiple targets

Currently we compile some .cc files multiple times, once for a main target (such as b10-auth), and in other cases for tests and benchmarks. The additional compilation is simply redundant and (though maybe relatively marginal) contribute to increasing the already large build time of BIND 10. I propose we use the “convenience library” feature of automake to avoid the duplicate compilation. See this link for convenience libraries: http://sourceware.org/autobook/autobook/autobook_92.html (At least in theory) this should be a beneficial (and mostly trivial) change at no risk of regression. Both b10-auth and b10-recurse should be able to benefit from this, and there may be some others.

996

enhancement

1307102047876400

1392912857860556

resolver

medium

jelte

DNS Outstanding Tasks

new

keep track of nameserver ‘capabilities’ in nsas

We should keep track of capabilities of any nameserver in the NSAS. The first thing that comes to mind is whether it supports ENDS0, but also DNSSEC lameness, and path MTU to said server. This would also include either some form of probing if things seem off (while the resolver continues its resolving with another NS), or a direct fallback algorithm in the resolver.

1000

defect

1307560236025600

1392811723634386

Unclassified

medium

jinmei

DNS Outstanding Tasks

new

tools/query_cmp is IPv4 only

We should be ashamed we’re shipping an IPv4-only program even after the world IPv6 day:-)

1002

defect

1307579062301691

1321984100262904

xfrout

medium

jinmei

new

various glitches in notify_out

As I worked on #964 I found various glitches in the notify_out.py implementation. I suspect we’ll soon need fundamentally rewrite of it (even if done incrementally) due to its current overall quality of the code, but here are some specific points as a placeholder: - port number 53 is hardcoded - creating separate sockets for separate notify transaction seems to be a waste - a related note: it’s not clear whether the limit of concurrent of notifies (30) is reasonable. if not, and if we allow a larger number notifies at the same time, the second point will be severer. - it’s so heavily dependent on details of sqlite3 specific code (although not really the problem of notify_out itself) - it cannot send notifies to out-of-zone NSes.

1005

defect

1307630899261306

1310489785238739

logging

medium

jelte

new

check logger names in cfgmgr

You can configure any logger, but if you mistype the name, it will happily create a logger for a module that does not exist, and the ones that do will use defaults. So the plugin config checker should really check the name and see if it makes sense. However, there are a few problems; - right now the way those python checking scripts are called they have no knowledge of what modules there are, so they can’t really check the names of the loggers. - even if they could, you would only be able to configure logging for modules that are running (which is another symptom of the bigger ‘can’t configure non-running modules’) so right now, i think we should modify the calling design so you can actually check, but not error on a ‘wrong’ name, only log an error (yes that sounds weird, in effect this error log message would go to the ‘previous’ config, or the default if nothing has been configured yet).

1007

enhancement

1307670650283458

1308578603334225

Unclassified

medium

zzchen_pku

new

create a higher granularity of exceptions for xfrin/xfrout

See Jinmei’s comments below: xfrin and xfrout use the same single exception in so many places, obscuring the accuracy of test results. When we do self.assertRaises(XfrinException?, xxx), we cannot really be sure if the exception is really triggered at where it should be triggered. We could check the exception error message , but since the error message tends to be modified it will be unstable. I guess we’ll need a higher granularity of exceptions (or sub types of them) for these apps.

1015

task

1308092664999753

1392912833304993

resolver

medium

jinmei

DNS Outstanding Tasks

new

unify configuration/command code for auth and resolver

Looking at the (b10) resolver configuration code, I start feeling we should unify the server configuration code for both b10-auth and b10-resolver (and, probably the DHCP servers eventually). The current implementation for b10-resolver is a big single method that is responsible for everything: parsing config parameters, building internal configuration data from the passed param, and doing this for all parameters in the single function. Clearly this approach won’t scale as we add more parameters. My suggestion is to use the auth/auth_config.{h,cc} and auth/command.{h,cc} by moving them to lib/server_common (and rename them appropriately), adjusting them if necessary so that they can work with the resolver, and have the resolver use it. We should perhaps also consider making the hardcoded factory logic in auth_config.cc:createAuthConfigParser() more generic using this opportunity.

1019

defect

1308243218084975

1310770768972289

Unclassified

medium

jreed

new

catch specific exception types for logging

Continuation from closed #1018… We decided long ago to have unique log IDs. This log ID with “RESOLVER_FAILED”, “resolver failed, reason: %1” generated by src/bin/resolver/main.cc } catch (const std::exception& ex) { LOG_FATAL(resolver_logger, RESOLVER_FAILED).arg(ex.what()); is not unique. From jabber: (11:03:21) jelte: but i agree that the way we handle those catchalls leaves room for improvement, we should catch more specific exception types if we know they can happen

1042

enhancement

1308788003613420

1331739219688546

configuration

medium

cas

new

default value for sysconfdir

sysconfdir is currently set to /usr/local/etc by default. On some installations, the /usr filesystem is mounted read-only having sysconfdir set to /etc by default would align with the standards of other Unix daemons (such as BIND9)

1043

enhancement

1308788231160066

1309434361596028

bind-ctl

medium

cas

new

‘?’ as shortcut for ‘help’

it would be nice if bindctl would support ‘?’ as a shortcut for ‘help’ in the commandline. so ‘config ?’ would be the same as ‘config help’

1046

enhancement

1308789271340013

1332168519954869

bind-ctl

medium

cas

new

command completion/short commands in bindctl

it would be nice to have command completion (tab completion) on the bindctl commandline. shortened commands (similar to the cisco CLI) woudl also be useful: “co s” for “config set” the CLI commands should be selected so that the first chars of each level don’t overlap (‘show’ and ‘show-json’ are colliding, ‘json-show’ would be better, or ‘show-json’>‘show json’ and ‘show’>‘show config’ ), or short ‘s j’ and ‘s c’)

1047

task

1308833593778712

1309442615297978

logging

medium

jelte

new

introspection of current logging settings

When doing #1004, it occurred to me that to efficiently test it, i need to be able to see what the currently set loggers and outputoptions are. This is actually also needed for error recovery (if a new logger setup fails for some reason). The current implementation backend (log4cplus) does allow a list of current loggers to be requested. So we need to (names may be different): - create getCurrentLoggerSpecifications() that reads that out and puts them in a vector (of type LoggerSpecification, including the internal list of OutputOptions) - add equality operators to LoggerSpecification and OutputOptions - add equality for vectors of both (presumably by also adding an ordering to the classes) Then we can add real tests for default_logconfig_update, and make it recover the previous settings if it fails

1049

defect

1308838274465464

1394116412988143

Boss of BIND

medium

jreed

Common Outstanding Tasks

new

Processes not shutting down cleanly

I don’t think bind10 (boss) should fallback to SIGKILL. I see it often on multiple systems. Processes aren’t dieing with SIGTERM. So we brute force them to close. (General a “shutdown” sent over a command channel does work though.) I understand it is useful so everything dies, but it hides problems — why aren’t the processes closing correctly? We shouldn’t ever have real data loss on abrupt shutdown (because we should never respond about success until data has written and synced to final storage. But we do have data loss potential in log messages output. If we SIGKILL we may lose debugging output that may be useful. If the SIGKILL is still desired, please: - don’t do the SIGKILL only .1 second after SIGTERM. Wait much longer. Even check if children are still alive first and then wait a few seconds. - allow option to turn this off. I think that developers should never use SIGKILL or we won’t fix real exit problems.

1054

enhancement

1308919730033434

1394116425521908

Boss of BIND

low

shane

Common Outstanding Tasks

new

Replace get_signame() with errno.errorcode[]

The boss program has a routine to convert a signal number (like 2) into a symbolic name (like ENOENT). This is actually part of the standard errno module in Python, as the errorcode[] array. That should be used instead. http://stackoverflow.com/questions/1546882/how-to-convert-errno-in-unix-to-corresponding-string/1546901#1546901

1055

enhancement

1308925053836560

1330541957376270

logging

medium

shane

new

Utility for logging message maintenance

It would be useful to have a utility to manage our logging messages. It should have the following functionality: * Check that any defined message is actually used somewhere * Check that each message used is defined (a possible problem for Python) * Check that message IDs are not reused

1059

defect

1309224632889037

1309443785624850

xfrout

medium

zzchen_pku

new

notify-out shouldn’t look for slaves directly in the database

jelte’s comments: It is noted by TODO that it shouldn’t look for slaves directly in the database. Certainly true, and I think we might not want the code in notify to look for it at all (but rather have it passed by xfrout, which also has a better chance to discover which slaves it should not send to. I’m mainly thinking of the problem i have right now that my bind10 is sending notifies to itself)

1070

defect

1309258226594693

1309445219733443

logging

low

stephen

new

Automatically update logging test scripts when switching branches

There is another slightly annoying issue, in that the test /src/lib/log/tests/destination_test.sh keeps failing when you switch branches but don’t regenerate them by hand. The same goes for local_file_test.sh and severity_test.sh. Not sure if there is an easy automake target to let config.status update it, but if there is we might want to add that. Certainly not a showstopper though.

1073

defect

1309337746784812

1392912811893692

resolver

low

zhangcuiling

DNS Outstanding Tasks

new

root_addresses settings doesn’t work for resolver

use bind10 updated at this point: Date: Wed Jun 29 01:18:59 2011 +0000 what ip addresses are used by resolver? output of bindctl: > config show Resolver/listen_on Resolver/listen_on[0]/address “10.53.0.8” string Resolver/listen_on[0]/port 53 integer > config set Resolver/root_addresses [{ address “10.53.0.1”, port 53 }] > config commit output of bind10 2011-06-29 16:41:29.896 INFO [b10-resolver.resolver] RESOLVER_SET_ROOT_ADDRESS setting root address 10.53.0.1(53) results of ‘dig’ # dig nocmdnostat 10.53.0.8 example ns -b 127.0.0.1 <br>;; QUESTION SECTION:<br>;example. IN NS<br><br>;; AUTHORITY SECTION:<br>. 86400 IN SOA a.root-servers.net. nstld.verisign-grs.com. 2011062801 1800 900 604800 86400<br><br><br># dig +nocmd +nostat 10.53.0.1 example ns b 127.0.0.1 ;; Got answer: ;;>>HEADER<<- opcode: QUERY, status: NOERROR, id: 40302 ;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;example. IN NS ;; AUTHORITY SECTION: example. 300 IN NS ns2.example. ;; ADDITIONAL SECTION: ns2.example. 300 IN A 10.53.0.2 # dig nocmdnostat @10.53.0.2 example ns b 127.0.0.1 ;; Got answer: ;;>>HEADER<<- opcode: QUERY, status: NOERROR, id: 56793 ;; flags: qr aa rd; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2 ;; WARNING: recursion requested but not available ;; QUESTION SECTION: ;example. IN NS ;; ANSWER SECTION: example. 300 IN NS ns2.example. example. 300 IN NS ns3.example. ;; ADDITIONAL SECTION: ns2.example. 300 IN A 10.53.0.2 ns3.example. 300 IN A 10.53.0.3

1076

defect

1309340449496557

1361802259331247

bind-ctl

very low

zhangcuiling

new

bindctl exit because of input in wrong format

use bind10 updated at this point: Date: Wed Jun 29 01:18:59 2011 +0000 > config show Resolver// Traceback (most recent call last): File “/usr/lib/python3.1/cmd.py”, line 213, in onecmd func = getattr(self, ’do‘+ cmd) AttributeError: ’BindCmdInterpreter’ object has no attribute ‘do_config’ During handling of the above exception, another exception occurred: Traceback : File “./bindctl”, line 138, in tool.run File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 128, in run self.cmdloop File “/usr/lib/python3.1/cmd.py”, line 139, in cmdloop stop = self.onecmd File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 450, in onecmd Cmd.onecmd File “/usr/lib/python3.1/cmd.py”, line 215, in onecmd return self.default File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 416, in default self.parse_cmd(line) File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 554, in parse_cmd self.handle_cmd(cmd) File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 396, in handle_cmd self.apply_config_cmd File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 626, in apply_config_cmd values = self.config_data.get_value_maps File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/isc/config/config_data.py”, line 555, in get_value_maps spec_part = find_spec_part, id) File “/home/zcl/software/bind10/20110629/lib/python3.1/site-packages/isc/config/config_data.py”, line 174, in find_spec_part cur_el =find_spec_part_single(cur_el, id_parts[–1]) IndexError: list index out of range

1079

defect

1309358894148235

1317201814572258

configuration

medium

jelte

new

bindctl ‘config add ’ should be a bit more lenient

‘config add’ takes a list and a value to add to the list, and the value is optional; if left out it’ll add an item with only defaults It should be a bit more lenient; ‘config add foo/bar[index]’ should also work, possibly checking if ‘index’ is indeed the next available index. This currently fails with a cryptic error message. There is a second problem that ‘config add’ does not work twice in a row (only if you commit in between)

1082

defect

1309386010377587

1332174338040267

logging

medium

jinmei

new

log file isn’t created when running bind10 with -u

If I started BIND10 with ’u bind’ with logging configuration for dumping logs to file: }} The file was not created and I saw this message from liblog4cplus: }} . Even though the directory is writable for the user of bind 2 jinmei bind 512 Jun 29 15:01 /home/jinmei/opt/var/log If I started BIND 10 withoutu bind 10 and with root permission, it created the bind10.log file. If I then changed the owner of the file to “bind”, this file is updated with new logs. These are very strange and inconvenient.

1083

defect

1309386261801153

1332174550140402

logging

medium

jinmei

new

log “destination” is seemingly ignored for some logs

With the logging (to file) setting I showed in #1082, I still see some messages on the console: 2011-06-29 15:07:15.461 INFO [b10-auth.datasrc] DATASRC_CACHE_ENABLE enabling the cache 2011-06-29 15:07:15.883 INFO [b10-auth.auth] AUTH_SERVER_CREATED server created 2011-06-29 15:07:17.206 INFO [b10-auth.auth] AUTH_SERVER_STARTED server stated It’s counter intuive and noisy.

1085

task

1309451005371033

1313508590357376

Unclassified

medium

vorner

new

Document ACLs

We need a user documentation on how they can be specified and used, with some semi-formal definition, examples and list of what can be checked. It probably should be part of the big shipped documentation or a man page for just the ACLs. It should be specific to the DNS ACLs (the library is templated to support quite anything, but that would confuse users).

1087

defect

1309501752485300

1392912787015717

resolver

medium

zhangcuiling

DNS Outstanding Tasks

new

Resolver SERVFAIL when qtype is any

bind10 Resolver SERVFAIL # dig 10.53.0.8 www.google.com any -b 127.0.0.1 <br><br>; <<>> DiG 9.7.3 <<>> 10.53.0.8 www.google.com any b 127.0.0.1 ; ;; global options: +cmd ;; Got answer: ;;>>HEADER<<- opcode: QUERY, status: SERVFAIL, id: 53505 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN ANY ;; Query time: 61 msec ;; SERVER: 10.53.0.8#53(10.53.0.8) ;; WHEN: Fri Jul 1 14:13:31 2011 ;; MSG SIZE rcvd: 32 actually, it should give several RRs # dig 8.8.8.8 www.google.com any<br><br>; <<>> DiG 9.7.3 <<>> 8.8.8.8 www.google.com any ; (1 server found) ;; global options: +cmd ;; Got answer: ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 47961 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN ANY ;; ANSWER SECTION: www.google.com. 86399 IN CNAME www.l.google.com. www.l.google.com. 299 IN A 74.125.71.104 www.l.google.com. 299 IN A 74.125.71.147 www.l.google.com. 299 IN A 74.125.71.105 www.l.google.com. 299 IN A 74.125.71.99 www.l.google.com. 299 IN A 74.125.71.106 www.l.google.com. 299 IN A 74.125.71.103 ;; Query time: 70 msec ;; SERVER: 8.8.8.8#53(8.8.8.8) ;; WHEN: Fri Jul 1 14:13:40 2011 ;; MSG SIZE rcvd: 148 it’s ok when qtype is A # dig 10.53.0.8 www.google.com a -b 127.0.0.1<br><br>; <<>> DiG 9.7.3 <<>> 10.53.0.8 www.google.com a b 218.241.111.236 ; ;; global options: +cmd ;; Got answer: ;;>>HEADER<<- opcode: QUERY, status: NOERROR, id: 40138 ;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 604658 IN CNAME www.l.google.com. www.l.google.com. 158 IN A 74.125.71.147 www.l.google.com. 158 IN A 74.125.71.99 www.l.google.com. 158 IN A 74.125.71.104 www.l.google.com. 158 IN A 74.125.71.105 www.l.google.com. 158 IN A 74.125.71.103 www.l.google.com. 158 IN A 74.125.71.106 ;; Query time: 0 msec ;; SERVER: 10.53.0.8#53(10.53.0.8) ;; WHEN: Fri Jul 1 14:13:54 2011 ;; MSG SIZE rcvd: 148

1088

task

1309517678383962

1394116491409821

Boss of BIND

medium

jelte

Common Outstanding Tasks

new

test(s) for bind10.py’s main loop

ticket #758 changed the behaviour of bind10.py’s main loop a little bit (actually stop if the msgq socket disappears), but there’s no test for that, and bind10.py needs a bit of refactoring in order to reach that part. We should pull the actual loop out of the current function and add tests for it

1089

defect

1309872492881989

1392912764692526

resolver

low

jreed

DNS Outstanding Tasks

new

RESOLVER_NO_ROOT_ADDRESS log message in forwarding mode

I don’t think the RESOLVER_NO_ROOT_ADDRESS log warning makes sense in forwarding mode. But since it is a “WARNING” it should be looked at by the admin.

1092

defect

1309886155365208

1361955325493727

Unclassified

medium

UnAssigned

jreed

assigned

NSAS_INVALID_RESPONSE is internal error?

My resolver logs are full of entries like the following: 2011-07-05 15:58:30.997 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for l.gtld-servers.net. but got invalid response 2011-07-05 15:58:31.000 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for aloe.arin.net. but got invalid response 2011-07-05 15:58:31.001 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for y.arin.net. but got invalid response 2011-07-05 15:58:31.019 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for e2.nstld.com. but got invalid response … 2011-07-05 16:34:07.448 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for ns1.pbi.NET. but got invalid response 2011-07-05 16:34:07.451 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for NS2.SWBELL.NET. but got invalid response 2011-07-05 16:34:07.451 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for NS1.SWBELL.NET. but got invalid response 2011-07-05 16:34:07.534 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for NS3.SBCGLOBAL.NET. but got invalid response I looked in log messages guide since this error was too vague to be useful to me. The messages guide says “This message indicates an internal error in the NSAS. Please raise a bug report.” So here is the report :)

1094

defect

1309950570517250

1392912750970695

resolver

low

stephen

DNS Outstanding Tasks

new

Separate programmer error from user error when processing configuration message

In the resolver (resolver.cc), the message RESOLVER_CONFIG_ERROR is output when an exception is caught during a configuration update. The exception may be the result of an error in the configuration message itself or an incorrect value that has been caught by a range check. Different messages should be output in the two cases as the corrective action for each is different.

1095

defect

1309952707175066

1392912730782253

resolver

low

stephen

DNS Outstanding Tasks

new

Log sender of NOTIFY queries to resolver

Specifically this is aimed at the resolver and the RESOLVER_NOTIFY_RECEIVED debug message. The message should include the IP address of the sender of the NOTIFY. (see #1078)

1098

defect

1309988686279777

1394116802333132

b10-auth

low

shane

DNS Outstanding Tasks

new

AuthCommandTest.loadUnreadableZone succeeds when run as root

I had the following test fail: [ RUN ] AuthCommandTest.loadUnreadableZone command_unittest.cc:58: Failure Value of: rcode Actual: 0 Expected: expected_code Which is: 1 [ FAILED ] AuthCommandTest.loadUnreadableZone (25 ms) This happens if the tests run as root, because the test creates a file with 000 permissions, which root can read anyway. Jinmei suggests just giving a non-existent file may be a better way that doesn’t depend on any particular permissions.

1103

defect

1310402021665576

1311341770675316

Unclassified

medium

jelte

new

catching import error in python libs

In some of the libraries, import errors (mainly for pydnspp, but also for a few others) are caught, at which point an error is printed. While converting to the new logging system we encountered a problem (see the comments in #763); the logging system is most likely not initialized More generally, we shouldn’t just log an error, as this is a fatal problem (it’ll crash the moment it needs said library anyway), so we should let it fail immediately anyway. src/lib/python/isc/notify/notify_out.py has a comment here now, but the rest of the libraries need to be checked as well.

1105

enhancement

1310473722839822

1310474454221938

libdns++

very low

UnAssigned

shane

assigned

RR type implementation: MD

Implement the obsolete MD type, from RFC 1035. See ticket #809 for more discussion.

1106

enhancement

1310473785333211

1313582676381837

libdns++

very low

UnAssigned

shane

new

RR type implementation: MF

Implement the obsolete MF type, from RFC 1035. See ticket #809 for more discussion.

1107

enhancement

1310473853848925

1313582681893664

libdns++

very low

UnAssigned

shane

new

RR type implementation: MB

Implement the experimental MB type, from RFC 1035. See ticket #809 for more discussion.

1108

enhancement

1310473955423418

1313582686292099

libdns++

very low

UnAssigned

shane

new

RR type implementation: MG

Implement the experimental MG type, from RFC 1035. See ticket #809 for more discussion.

1109

enhancement

1310474201832276

1313582691197308

libdns++

very low

UnAssigned

shane

new

RR type implementation: MR

Implement the experimental MR type, from RFC 1035. See ticket #809 for more discussion.

1110

enhancement

1310474284398978

1313582695437207

libdns++

very low

UnAssigned

shane

new

RR type implementation: NULL

Implement the experimental NULL type, from RFC 1035. See ticket #809 for more discussion.

1111

enhancement

1310474403634561

1313582537504788

libdns++

low

UnAssigned

shane

new

RR type implementation: WKS

Implement the obsolete WKS type, from RFC 1035. See ticket #809 for more discussion.

1115

enhancement

1310474824660331

1313582557711430

libdns++

low

UnAssigned

shane

new

RR type implementation: X25

Implement the X25 type, from RFC 1183. See ticket #809 for more discussion.

1116

enhancement

1310474895547774

1313582562531717

libdns++

low

UnAssigned

shane

new

RR type implementation: ISDN

Implement the ISDN type, from RFC 1183. See ticket #809 for more discussion.

1117

enhancement

1310474945010499

1313582567266142

libdns++

low

UnAssigned

shane

new

RR type implementation: RT

Implement the obsolete RT type, from RFC 1183. See ticket #809 for more discussion.

1118

enhancement

1310474993156733

1313582700717027

libdns++

very low

UnAssigned

shane

new

RR type implementation: NSAP

Implement the NSAP type, from RFC 1706. See ticket #809 for more discussion.

1119

enhancement

1310475065968108

1313582704985366

libdns++

very low

UnAssigned

shane

new

RR type implementation: NSAP-PTR

Implement the obsolete NSAP-PTR type, from RFC 1348. See ticket #809 for more discussion.

1120

enhancement

1310475159294084

1313582575283701

libdns++

low

UnAssigned

shane

new

RR type implementation: SIG

Implement the SIG type, from RFC 4034, RFC 3755, and RFC 2535. See ticket #809 for more discussion.

1121

enhancement

1310475443187757

1313582580513220

libdns++

low

UnAssigned

shane

new

RR type implementation: KEY

Implement the obsolete KEY type, from RFC 4034, RFC 3755, and RFC 2535. See ticket #809 for more discussion.

1122

enhancement

1310475517598220

1313582585337682

libdns++

low

UnAssigned

shane

new

RR type implementation: PX

Implement the PX type, from RFC 2163. See ticket #809 for more discussion.

1123

enhancement

1310475767183953

1313582590248389

libdns++

low

UnAssigned

shane

new

RR type implementation: GPOS

Implement the GPOS type, from RFC 1712. See ticket #809 for more discussion.

1124

enhancement

1310475871076257

1313582594865796

libdns++

low

UnAssigned

shane

new

RR type implementation: LOC

Implement the obsolete LOC type, from RFC 1876. See ticket #809 for more discussion.

1125

enhancement

1310475920791835

1313582709246387

libdns++

very low

UnAssigned

shane

new

RR type implementation: NXT

Implement the obsolete NXT type, from RFC 3755 and RFC 2535. See ticket #809 for more discussion.

1126

enhancement

1310476004246675

1313582713481903

libdns++

very low

UnAssigned

shane

new

RR type implementation: EID

Implement the proposed EID type. I think this is the document that describes it: http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt See ticket #809 for more discussion.

1127

enhancement

1310476068410202

1313517185584957

libdns++

very low

UnAssigned

shane

new

RR type implementation: NIMLOC

Implement the proposed NIMLOC type. I think this is the document that describes it: http://ana-3.lcs.mit.edu/~jnc/nimrod/dns.txt See ticket #809 for more discussion.

1129

enhancement

1310476252872049

1313582618639231

libdns++

low

UnAssigned

shane

new

RR type implementation: ATMA

Implement the ATMA type, described here: http://broadband-forum.org/ftp/pub/approved-specs/af-saa-0069.000.pdf See ticket #809 for more discussion.

1131

enhancement

1310476401657054

1313582624301884

libdns++

low

UnAssigned

shane

new

RR type implementation: KX

Implement the KX type, from RFC 2230. See ticket #809 for more discussion.

1132

enhancement

1310476477176274

1313582628590271

libdns++

low

UnAssigned

shane

new

RR type implementation: CERT

Implement the CERT type, from RFC 4398. See ticket #809 for more discussion.

1133

enhancement

1310476544073758

1313517163948594

libdns++

very low

UnAssigned

shane

new

RR type implementation: A6

Implement the experimental A6 type, from RFC 3226 RFC 2874. See ticket #809 for more discussion.

1134

enhancement

1310476695279842

1313517007876097

libdns++

very low

UnAssigned

shane

new

RR type implementation: SINK

Implement the proposed SINK type. I think this describes it: http://tools.ietf.org/html/draft-eastlake-kitchen-sink-02 See ticket #809 for more discussion.

1135

enhancement

1310476782132668

1313582633294354

libdns++

low

UnAssigned

shane

new

RR type implementation: APL

Implement the APL type, from RFC 3123. See ticket #809 for more discussion.

1137

enhancement

1310476893334020

1313582642428401

libdns++

low

UnAssigned

shane

new

RR type implementation: IPSECKEY

Implement the IPSECKEY type, from RFC 4025. See ticket #809 for more discussion.

1139

enhancement

1310477088100786

1313582646855862

libdns++

low

UnAssigned

shane

new

RR type implementation: HIP

Implement the HIP type, from RFC 5205. See ticket #809 for more discussion.

1141

enhancement

1310478266979453

1313582651581469

libdns++

low

UnAssigned

shane

new

RR type implementation: TKEY

Implement the TKEY type, from RFC 2930. See ticket #809 for more discussion.

1142

enhancement

1310478398223087

1313516994898133

libdns++

very low

UnAssigned

shane

new

RR type implementation: MAILB

Implement the obsolete MAILB type, from RFC 1035. See ticket #809 for more discussion.

1143

enhancement

1310478470861172

1313516980715064

libdns++

very low

UnAssigned

shane

new

RR type implementation: MAILA

Implement the obsolete MAILA type, from RFC 1035. See ticket #809 for more discussion.

1146

defect

1310504783125117

1311345305995875

xfrout

low

vorner

new

Stop hiding errors in XfrOut

There’s this statement in the `xfrout.py.in` file: #!python try: from libutil_io_python import from pydnspp import except ImportError as e: # C++ loadable module may not be installed; even so the xfrout process # must keep running, so we warn about it and move forward. log.error(XFROUT_IMPORT, str(e)) This makes sure the process is started even if the DNS library can not be loaded. In such case, the process will be useless, because it won’t understand any requests and this exceptions only masks the real problem (the library is not properly installed or the installation is corrupt), pretending everything is OK and just not answering the queries. Besides having these bad properties, hiding errors in code kind of smells. As noted in the https://lists.isc.org/pipermail/bind10-dev/2011-July/002477.html email discussion, this is here because if there’s a problem, the boss keeps restarting it, which is annoying. But I believe this is problem of Boss, not every program that has a fatal unrecoverable problem. So I suggest we remove this thing and make XfrOut crash if it can’t perform its goal as every well behaved program.

1147

defect

1310505448222589

1394116504566314

Boss of BIND

low

vorner

Common Outstanding Tasks

new

Boss should give up after n unsuccessful attempts to start a module

If a module has a fatal problem and can not be started (eg. it crashes right after being started), boss keeps restarting it and is „jumping“. This isn’t a serious problem, but it eats resources unnecessarily and is annoying, because it fills logs. This sometimes leads to workarounds like the one in #1146. I suggest that if the started process dies in 10s from being started, we count it as an unsuccessful attempt to start it. If we do 5 of them in a row (without a successful one), we give up more attempts to start it, since it’s hopeless (for some value of 10 and 5). Then we would add a command an admin could use to ask boss to try again (after the admin thinks the problem was fixed) ‒ reset the count of unsuccessful attempts to 0 again.

1151

enhancement

1310765542268192

1310765542268192

xfrout

medium

jinmei

new

xfrout log should better include remote addresses

Currently xfrout’s log doesn’t show the remote address of xfr: 2011-07-15 02:36:05.649 INFO [b10-xfrout.xfrout] XFROUT_AXFR_TRANSFER_STARTED transfer of zone jinmei.org./IN has started 2011-07-15 02:36:05.835 INFO [b10-xfrout.xfrout] XFROUT_AXFR_TRANSFER_DONE transfer of jinmei.org./IN complete it is inconvenient. Once we merge #772, we can easily get access to the information of the remote address, so I propose including this information in logs wherever possible (not only for the above cases).

1156

enhancement

1311251670908353

1311345273476582

build system

medium

UnAssigned

shane

new

Script like ./configure which checks for libraries needed by BIND 10

We should make a script which works roughly like ./configure, but does not exit when it discovers a missing dependency. Instead it should report all missing dependencies. See the discussion here: http://bind10.isc.org/wiki/WeeklyMinutes20110719#DependencyManagementfromJinmei And the e-mail here: https://lists.isc.org/pipermail/bind10-dev/2011-July/002527.html For more information.

1158

defect

1311618412847778

1331918709253972

build system

medium

UnAssigned

jinmei

new

suggestion: avoid OS-specific switch in configure.ac

I noticed that in #1155 the following change was introduced to configure.ac: *solaris*) # In Solaris, IN6ADDR_ANY_INIT and IN6ADDR_LOOPBACK_INIT needWno-missing-braces B10_CXXFLAGS=“$B10_CXXFLAGS Wno-missing-braces" ;; I have a few concerns with this approach: In general, such OS specific switch is discouraged in autoconf. And, in fact, not all Solaris versions/installments have this problem as some of our buildbot showed. For such”cleaner" Solaris, this setting weakens compiler warning unnecessarily. A better test is to use AC_TRY_COMPILE with using the offending IN6ADDR_ macros and specify Wno-xxx only when it’s necessary. If I understand it correctly, this problem happens only where ASIO headers are directly included (mainly in libasiolink and libasiodns, with (inappropriate) a couple of possible exceptions). We should limit the place of weakening the warning to where it’s absolutely necessary.

1159

enhancement

1311861739400418

1312308273961656

data source

low

vorner

new

Make InMemoryClient::addZone take only InMemoryZoneFinder

Currently whatever zone finder can be stored there, which isn’t logical. But currently some tests (eg. for auth/query.cc) uses this to put mock zones in there. The tests should be changed to use mock client as well. See ticket #1060, comment 9 at the bottom.

1164

enhancement

1312323618366572

1392837303705767

ACL

medium

jinmei

DNS Outstanding Tasks

new

TSIG ACL should avoid matching TSIG key without validation

This is an open issue carried over from #1104. See the discussion at around http://bind10.isc.org/ticket/1104#comment:10 (look for “possilbe open issue”) and its follow ups. We should resolve this to make the operation safer. It may require some modifications to libdns++ TSIG APIs.

1169

defect

1313068383649776

1318437718131465

Unclassified

medium

jreed

new

some processes not exiting

I killed msgq… a little later bind10 parent exited. Some child processes were still left running: root 1791 0.0 0.3 15724 3348 ttyp4 Il Fri08AM 0:17.10 /usr/pkg/bin/python3.1 /home/reed/work/isc/bind10-install/libexec/bind10-devel/b10-zonemgr root 3985 0.0 0.3 23188 3300 ttyp4 Il Fri08AM 0:00.40 /usr/pkg/bin/python3.1 /home/reed/work/isc/bind10-install/libexec/bind10-devel/b10-xfrout root 4343 0.0 0.0 22268 3436 ttyp4 IWl Fri08AM 0:01.01 /usr/pkg/bin/python3.1 /home/reed/work/isc/bind10-install/libexec/bind10-devel/b10-cmdctl root 15861 0.0 0.0 3856 4 ttyp4 IW Fri08AM 0:00.01 b10-sockcreator A SIGTERM killed sockcreator and cmdctl for me. I used SIGKILL to kill the zonemgr and xfrout. I did a ktrace but didn’t get any output. If anyone can share ideas on how to see where it is hanging (this is NetBSD), I can reproduce and provide more details.

1170

defect

1313072726548271

1392912709545070

resolver

low

shane

DNS Outstanding Tasks

new

TTL checks in resolver tests may be too restrictive

Jeremy pointed out a recent test failure: http://git.bind10.isc.org/~tester/builder//BIND10-systest/20110811124500-MacOS/logs/unittests.out Looked at the tests, and it seems like all of the values for TTL are based on whole second values. This means that if a test happens to run near the end of a given second, that the second may change during that second, and the TTL should go down by 1, as we see there. Note that this theory may be based on my poor understanding of how TTLs are tracked!

1173

defect

1313113829125671

1339225960135291

data source

medium

jinmei

new

DatabaseClientTest should also check best match for findZone

For example, the mock abstraction (or accessor) should support both “org” and “example.org”, and there should be a test checking findZone(“example.org”) should return a finder for “example.org”, not “org”. Same for “sub.example.org” to check it’s not only the case for an exact match. It should be quite easily be fixed. I consider it a kind of defect in that it’s a missing test case.

1185

defect

1313590040885055

1392912692217191

resolver

low

jreed

DNS Outstanding Tasks

new

Resolver/listen_on should not require a port

Port 53 should be a default and should not be required, for example this shows the problem: > config add Resolver/listen_on > config set Resolver/listen_on[2]/address “149.20.57.219” > config commit Error: Address must contain both the IPaddress and port Configuration not committed > config set Resolver/listen_on[2]/port 5301 > config commit

1188

enhancement

1314011547203507

1314258898983642

data source

medium

jelte

new

performance consideration in getRecords()/getAllRecords()

(this came out of discussion in #1083) Currently, in the refactored data source code, the sqlite version creates individual sqlite3_stmt structures for each call to getRecords() and getAllRecords(). This is pretty clean (as they are also finalized on the same level), and allows for multiple iterators over the data at the same time. However, should we not need that property, it is not necessary to prepare() the query for each statement, so we may want to reconsider this if we are looking for performance improvements.

1189

defect

1314023743154128

1327506596492553

logging

low

jreed

new

log output to console buffering

I was capturing stderr and stdout (tee’d into a file). After I enabled debug 100. And then did a tail of my output, no change. Then I did the dig resulting in a SERVFAIL and then my output suddenly had all the output over the past 5+ hours. Also sometimes log output wasn’t complete (like no newline). So some buffering problems when outputting to stdout or stderr. The following is from jabber: (05:48:33) stephen: I’ve had a very quick look at the log4cplus code and it appears logging output to the console ultimately ends up as a standard C+ call, something along the lines of “cerr << text”. stephen: So if there are problems with flushing buffers and the like, it points to a problem in the C+ library on that system. What operating system did these problems occur on? (05:49:43) jreed: I am surprised I needed to set flush to true. Not useful default for this. (05:49:58) jreed: This is on Debian Linux. (git.bind10.isc.org) (05:50:21) stephen: Hmm… (05:50:59) stephen: AFAIK, when logging to stderr you should not have to flush after each write, it is done for you. (05:51:34) jreed: The default is stdout. (05:51:59) jreed: If changing that fixes it, then that is fine. But too many things to change already. (05:52:14) stephen: Perhaps we ought to make stderr the default.

1191

defect

1314027258905447

1377700979401284

logging

low

jreed

new

logging needs “name”

> config add Logging/loggers > config set Logging/loggers[0]/severity DEBUG > config show Logging/loggers Logging/loggers[0]/name “” string (default) Logging/loggers[0]/severity “DEBUG” string (modified) Logging/loggers[0]/debuglevel 0 integer (default) Logging/loggers[0]/additive false boolean (default) Logging/loggers[0]/output_options [] list (default) > config set Logging/loggers[0]/debuglevel 100 > config show Logging/loggers[0]/output_options Logging/loggers[0]/output_options [] list (default) > config show Logging/loggers[0]/output_options/ Logging/loggers[0]/output_options/ [] list (default) > config commit Error: Exception: ‘name’ Configuration not committed Fixed with: > config set Logging/loggers[0]/name * > config commit In jabber, jelte said: (11:46:04) jelte: that’s an uncaught exception somewhere (and hence no decent error) (11:47:04) jelte: from the fix i gather the error should be “name must be set” :) I think it should just use some default for name (if not defined).

1196

defect

1314223320252340

1336072586386422

Unclassified

medium

jreed

new

respond using same source address

$ dig 2001:04f8:3:d::95 bind10.isc.org <br>;; reply from unexpected source: 2001:4f8:3:d::80#53, expected 2001:4f8:3:d::95#53<br><br><br><br>or<br><br><br><br>$ dig 149.20.48.80 bind10.isc.org ;; reply from unexpected source: 149.20.48.59#53, expected 149.20.48.80#53 ;; reply from unexpected source: 149.20.48.59#53, expected 149.20.48.80#53 I will copy some from jabber: (12:43:11) jinmei: in general, a DNS server implementation must either listen on a specific address or use the IPv6 pkthdr API to ensure query dest addr = response src addr. … (12:54:48) shane: Yes, I agree. Probably we can use the work of the DHCP team to give us interfaces and we can bind to them. (12:55:49) vorner: Can we add and remove them (eg. get notified of addition and removal) of interface at runtime? Because when I instruct it to bind to , I mean even future. (12:56:03) shane: Yes, that’s the idea. (12:56:36) shane: BIND 9 works that way; apparently IPv6 in Linux is a lot faster if you bind to specific interfaces instead of the wildcard. (12:56:46) shane: At least, it was in the past… not sure about now. … (13:04:45) jinmei: the solutions may be different for IPv4 and IPv6: for IPv6 we could use the help of API (with possible performance implication as Shane noted); for IPv4 there’s a similar API but it’s not so commonly available, we should probably need to introduce interface (address) scanning mechanism and listen-on every one of them as we find a new one. (13:05:57) jinmei: FYI: this is what BIND9 does. (13:06:57) shane: The DHCP code in BIND 10 already uses the technique, if you are interested to see how it works. (13:07:03) shane: (It’s DHCPv6 only right now.) (13:07:28) vorner: The scanning of IPv4 could be directly borrowed from bind9, no? (13:10:31) jinmei: in its essence, yes, I think so.

1203

defect

1314714317047834

1315225670073954

bind-ctl

medium

jreed

new

bindctl crash when setting a list item (under another list item) without using a index number

I can reproduce with: config set Logging/loggers[0]/output_options/flush true (assumimg the Logging/loggers[0] was already added. Note I forgot to add [0] for output_options[0] here. > config set Logging/loggers[0]/output_options flush Error: flush is not a list > config add Logging/loggers[0]/output_options > config show Logging/loggers[0]/output_options Logging/loggers[0]/output_options[0]/destination “console” string (default) Logging/loggers[0]/output_options[0]/output “stdout” string (default) Logging/loggers[0]/output_options[0]/flush false boolean (default) Logging/loggers[0]/output_options[0]/maxsize 0 integer (default) Logging/loggers[0]/output_options[0]/maxver 0 integer (default) > config set Logging/loggers[0]/output_options/flush true Traceback (most recent call last): File “/usr/pkg/lib/python3.1/cmd.py”, line 213, in onecmd func = getattr(self, ’do‘+ cmd) AttributeError: ’BindCmdInterpreter’ object has no attribute ‘do_config’ During handling of the above exception, another exception occurred: Traceback : File “work/isc/bind10-install/bin/bindctl”, line 149, in tool.run File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 128, in run self.cmdloop File “/usr/pkg/lib/python3.1/cmd.py”, line 139, in cmdloop stop = self.onecmd File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 452, in onecmd Cmd.onecmd File “/usr/pkg/lib/python3.1/cmd.py”, line 215, in onecmd return self.default File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 418, in default self.parse_cmd(line) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 556, in parse_cmd self.handle_cmd(cmd) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 396, in _handle_cmd self.apply_config_cmd(cmd) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 680, in apply_config_cmd self.config_data.set_value(identifier, parsed_value) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/config/config_data.py”, line 671, in set_value isc.cc.data.set(self._local_changes, identifier, value) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/cc/data.py”, line 214, in set cur_el[id] = value TypeError: list indices must be integers, not str

1204

task

1314775155328362

1315225703396808

xfrout

low

jreed

new

setup a IXFR-only testing

Use BIND 9 to do IXFR only back and forth with our b10-xfrout and b10-xfrin. Automate this for new BIND 10 code.

1205

task

1314780064053048

1318350741680172

configuration

low

jreed

new

Import and export configurations from/to different JSON file

Create commands to import and export configurations from/to different JSON file. Or single command to set the filename. This would be done via bindctl and used by cfgmgr. In tandem with this, we will need a “check” function. Possibly each module would have its own check function. Need to be able to check even if process (module) is not running.

1211

task

1315387617660619

1396529246918315

xfrin

medium

stephen

DNS Outstanding Tasks

new

AXFR system test specification

Review [http://tools.ietf.org/html/rfc5936 RFC 5936] (the description of AXFR) and produce the specification for a set of system tests to check the implementation of AXFR-in and AXFR-out.

1214

task

1315389768523232

1318350619573428

Unclassified

medium

stephen

new

Implement AXFR system tests

This depends on #1211. It may be possible to re-use the BIND 9 tests for AXFR.

1219

defect

1315486600770106

1394116513993003

Boss of BIND

medium

jreed

Common Outstanding Tasks

new

ccsession error from boss when cfgmgr can’t parse its configuration

When the cfgmgr can’t parse its configuration, boss will kill all its processes which are sockcreator, msgq, and cfgmgr. But then it complains: 2011-09-07 17:16:45.476 FATAL [b10-boss.boss] BIND10_STARTUP_ERROR error during startup: Unable to start ccsession: No answer from ConfigManager when asking about Remote module Logging This error is confusing. I don’t think it should happen.

1221

enhancement

1315492060598643

1392912675752174

resolver

very low

jreed

DNS Outstanding Tasks

new

log when changing / adding address

I had no default logging when I did: > config set Resolver/listen_on[1]/address “0.0.0.0” > config commit (sockstat and dig showed me it worked.)

1222

defect

1315493252698584

1392812456460100

resolver

high

jreed

DNS Outstanding Tasks

new

resolver problems with IPv6

I often have SERVFAILs when some nameservers are AAAA. But sometime later queries are successful. For example: $ time dig 127.0.0.1 bind10.isc.org<br><br>; <<>> DiG 9.5.0-P2 <<>> 127.0.0.1 bind10.isc.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; >>HEADER<< opcode: QUERY, status: SERVFAIL, id: 18552 ;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;bind10.isc.org. IN A ;; Query time: 4023 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Sep 8 09:41:12 2011 ;; MSG SIZE rcvd: 32 4.04s real 0.01s user 0.00s system $ time dig 127.0.0.1 bind10.isc.org<br><br>; <<>> DiG 9.5.0-P2 <<>> 127.0.0.1 bind10.isc.org ; (1 server found) ;; global options: printcmd ;; Got answer: ;; >>HEADER<< opcode: QUERY, status: NOERROR, id: 12394 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 8, ADDITIONAL: 13 ;; QUESTION SECTION: ;bind10.isc.org. IN A ;; ANSWER SECTION: bind10.isc.org. 3600 IN A 149.20.48.40 ;; AUTHORITY SECTION: isc.org. 86396 IN NS sfba.sns-pb.isc.org. isc.org. 86396 IN NS ns.isc.afilias-nst.info. isc.org. 86396 IN NS ams.sns-pb.isc.org. isc.org. 86396 IN NS ord.sns-pb.isc.org. bind10.isc.org. 3600 IN NS ord.sns-pb.isc.org. bind10.isc.org. 3600 IN NS n10.isc.org. bind10.isc.org. 3600 IN NS ams.sns-pb.isc.org. bind10.isc.org. 3600 IN NS sfba.sns-pb.isc.org. ;; ADDITIONAL SECTION: ams.sns-pb.isc.org. 86396 IN A 199.6.1.30 ams.sns-pb.isc.org. 86396 IN AAAA 2001:500:60::30 ord.sns-pb.isc.org. 86396 IN A 199.6.0.30 ord.sns-pb.isc.org. 86396 IN AAAA 2001:500:71::30 sfba.sns-pb.isc.org. 86396 IN A 149.20.64.3 sfba.sns-pb.isc.org. 86396 IN AAAA 2001:4f8:0:2::19 ams.sns-pb.isc.org. 7200 IN A 199.6.1.30 ams.sns-pb.isc.org. 7200 IN AAAA 2001:500:60::30 n10.isc.org. 7200 IN A 149.20.48.59 ord.sns-pb.isc.org. 7200 IN A 199.6.0.30 ord.sns-pb.isc.org. 7200 IN AAAA 2001:500:71::30 sfba.sns-pb.isc.org. 7200 IN A 149.20.64.3 sfba.sns-pb.isc.org. 7200 IN AAAA 2001:4f8:0:2::19 ;; Query time: 2151 msec ;; SERVER: 127.0.0.1#53(127.0.0.1) ;; WHEN: Thu Sep 8 09:41:14 2011 ;; MSG SIZE rcvd: 487 2.17s real 0.00s user 0.00s system And the logging: 2011-09-08 09:41:00.019 INFO [b10-boss.boss] BIND10_STARTING starting BIND10: bind10 20110223 (BIND 10 20110809) 2011-09-08 09:41:00.025 INFO [b10-boss.boss] BIND10_SOCKCREATOR_INIT initializing socket creator parser 2011-09-08 09:41:00.031 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-msgq 2011-09-08 09:41:00.258 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-cfgmgr 2011-09-08 09:41:01.267 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process ccsession 2011-09-08 09:41:01.296 INFO [b10-boss.boss] BIND10_READING_BOSS_CONFIGURATION reading boss configuration 2011-09-08 09:41:01.296 INFO [b10-boss.boss] BIND10_CONFIGURATION_START_AUTH start authoritative server: False 2011-09-08 09:41:01.296 INFO [b10-boss.boss] BIND10_CONFIGURATION_START_RESOLVER start resolver: True 2011-09-08 09:41:01.297 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-resolver 2011-09-08 09:41:01.304 2011-09-08 09:41:01.345INFO INFO [ b10-boss.boss [] b10-resolver.resolverBIND10_STARTING_PROCESS starting process b10-stats] RESOLVER_STARTING starting resolver with command line ‘b10-resolver -v’ 2011-09-08 09:41:01.3532011-09-08 09:41:01.354 INFODEBUG [ [b10-resolver.resolverb10-boss.boss] ] RESOLVER_CREATED main resolver object createdBIND10_STARTING_PROCESS starting process b10-stats-httpd 2011-09-08 09:41:01.449 2011-09-08 09:41:01.455DEBUG [INFOb10-resolver.cache ] CACHE_RESOLVER_INIT initializing resolver cache for class IN [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-cmdctl 2011-09-08 09:41:01.532 DEBUG [b10-resolver.cache] CACHE_RRSET_INIT initializing RRset cache for 20000 RRsets of class IN 2011-09-08 09:41:01.533 DEBUG [b10-resolver.cache] CACHE_RRSET_INIT initializing RRset cache for 10000 RRsets of class IN 2011-09-08 09:41:01.534 DEBUG [b10-resolver.cache] CACHE_MESSAGES_INIT initialized message cache for 10000 messages of class IN 2011-09-08 09:41:01.537 DEBUG [b10-resolver.cache] CACHE_RESOLVER_UPDATE_MSG updating message for ./NS/IN 2011-09-08 09:41:01.537 DEBUG [b10-resolver.cache] CACHE_MESSAGES_UPDATE updating message entry ./NS/IN 2011-09-08 09:41:01.538 DEBUG [b10-resolver.cache] CACHE_RRSET_UPDATE updating RRset ./NS/IN in the cache 2011-09-08 09:41:01.539 DEBUG [b10-resolver.cache] CACHE_RRSET_LOOKUP looking up ./NS/IN in RRset cache 2011-09-08 09:41:01.540 DEBUG [b10-resolver.cache] CACHE_RRSET_NOT_FOUND no RRset found for ./NS/IN in cache 2011-09-08 09:41:01.540 DEBUG [b10-resolver.cache] CACHE_RRSET_UPDATE updating RRset l.root-servers.net./A/IN in the cache 2011-09-08 09:41:01.540 DEBUG [b10-resolver.cache] CACHE_RRSET_LOOKUP looking up l.root-servers.net./A/IN in RRset cache 2011-09-08 09:41:01.540 DEBUG [b10-resolver.cache] CACHE_RRSET_NOT_FOUND no RRset found for l.root-servers.net./A/IN in cache 2011-09-08 09:41:01.541 DEBUG [b10-resolver.cache] CACHE_RRSET_UPDATE updating RRset l.root-servers.net./AAAA/IN in the cache 2011-09-08 09:41:01.541 DEBUG [b10-resolver.cache] CACHE_RRSET_LOOKUP looking up l.root-servers.net./AAAA/IN in RRset cache 2011-09-08 09:41:01.541 DEBUG [b10-resolver.cache] CACHE_RRSET_NOT_FOUND no RRset found for l.root-servers.net./AAAA/IN in cache 2011-09-08 09:41:01.541 DEBUG [b10-resolver.cache] CACHE_RESOLVER_UPDATE_RRSET updating RRset for ./NS/IN 2011-09-08 09:41:01.542 DEBUG [b10-resolver.cache] CACHE_LOCALZONE_UPDATE updating local zone element at key .2 2011-09-08 09:41:01.542 DEBUG [b10-resolver.cache] CACHE_RRSET_UPDATE updating RRset ./NS/IN in the cache 2011-09-08 09:41:01.542 DEBUG [b10-resolver.cache] CACHE_RRSET_LOOKUP looking up ./NS/IN in RRset cache 2011-09-08 09:41:01.542 DEBUG [b10-resolver.cache] CACHE_RRSET_REMOVE_OLD removing old RRset for ./NS/IN to make space for new one 2011-09-08 09:41:01.544 DEBUG [b10-resolver.cache] CACHE_RESOLVER_UPDATE_RRSET updating RRset for l.root-servers.net./A/IN 2011-09-08 09:41:01.544 DEBUG [b10-resolver.cache] CACHE_LOCALZONE_UPDATE updating local zone element at key l.root-servers.net.1 2011-09-08 09:41:01.544 DEBUG [b10-resolver.cache] CACHE_RRSET_UPDATE updating RRset l.root-servers.net./A/IN in the cache 2011-09-08 09:41:01.544 DEBUG [b10-resolver.cache] CACHE_RRSET_LOOKUP looking up l.root-servers.net./A/IN in RRset cache 2011-09-08 09:41:01.544 DEBUG [b10-resolver.cache] CACHE_RRSET_REMOVE_OLD removing old RRset for l.root-servers.net./A/IN to make space for new one 2011-09-08 09:41:01.545 INFO [b10-boss.boss] BIND10_STARTUP_COMPLETE BIND 10 started 2011-09-08 09:41:01.546 DEBUG [b10-resolver.cache] CACHE_RESOLVER_UPDATE_RRSET updating RRset for l.root-servers.net./AAAA/IN 2011-09-08 09:41:01.546 DEBUG [b10-resolver.cache] CACHE_LOCALZONE_UPDATE updating local zone element at key l.root-servers.net.28 2011-09-08 09:41:01.546 DEBUG [b10-resolver.cache] CACHE_RRSET_UPDATE updating RRset l.root-servers.net./AAAA/IN in the cache 2011-09-08 09:41:01.546 DEBUG [b10-resolver.cache] CACHE_RRSET_LOOKUP looking up l.root-servers.net./AAAA/IN in RRset cache 2011-09-08 09:41:01.546 DEBUG [b10-resolver.cache] CACHE_RRSET_REMOVE_OLD removing old RRset for l.root-servers.net./AAAA/IN to make space for new one 2011-09-08 09:41:01.546 DEBUG [b10-resolver.resolver] RESOLVER_SERVICE_CREATED service object created 2011-09-08 09:41:01.548 DEBUG [b10-resolver.cc] CC_ESTABLISH trying to establish connection with message queue daemon at /home/reed/work/isc/bind10-install/var/bind10-devel/msgq_socket 2011-09-08 09:41:01.606 DEBUG [b10-resolver.cc] CC_ESTABLISHED successfully connected to message queue daemon 2011-09-08 09:41:01.616 DEBUG [b10-resolver.cc] CC_SUBSCRIBE subscribing to communication group Resolver 2011-09-08 09:41:01.616 DEBUG [b10-resolver.cc] CC_GROUP_SEND sending message ‘{ command [ “module_spec”, { commands [ { command_args [ ], command_description “Shut down recursive DNS server”, command_name “shutdown” } ], config_data [ { item_default 2000, item_name “timeout_query”, item_optional false, item_type “integer” }, { item_default 4000, item_name “timeout_client”, item_optional false, item_type “integer” }, { item_default 30000, item_name “timeout_lookup”, item_optional false, item_type “integer” }, { item_default 3, item_name “retries”, item_optional false, item_type “integer” }, { item_default [ ], item_name “forward_addresses”, item_optional true, item_type “list”, list_item_spec { item_default { }, item_name “address”, item_optional false, item_type “map”, map_item_spec [ { item_default “::1”, item_name “address”, item_optional false, item_type “string” }, { item_default 53, item_name “port”, item_optional false, item_type “integer” } ] } }, { item_default [ ], item_name “root_addresses”, item_optional true, item_type “list”, list_item_spec { item_default { }, item_name “address”, item_optional false, item_type “map”, map_item_spec [ { item_default “::1”, item_name “address”, item_optional false, item_type “string” }, { item_default 53, item_name “port”, item_optional false, item_type “integer” } ] } }, { item_default [ { address “::1”, port 53 }, { address “127.0.0.1”, port 53 } ], item_name “listen_on”, item_optional false, item_type “list”, list_item_spec { item_default { }, item_name “address”, item_optional false, item_type “map”, map_item_spec [ { item_default “::1”, item_name “address”, item_optional false, item_type “string” }, { item_default 53, item_name “port”, item_optional false, item_type “integer” } ] } }, { item_default [ { action “ACCEPT”, from “127.0.0.1” }, { action “ACCEPT”, from “::1” } ], item_name “query_acl”, item_optional false, item_type “list”, list_item_spec { item_default { }, item_name “rule”, item_optional false, item_type “map”, map_item_spec [ { item_default “,”item_name “action”, item_optional false, item_type “string” }, { item_default “,”item_name “from”, item_optional false, item_type “string” } ] } } ], module_description “Recursive service”, module_name “Resolver” } ] }’ to group ‘ConfigManager’ 2011-09-08 09:41:01.616 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVE trying to receive a message 2011-09-08 09:41:01.712 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVED message arrived (‘{ from “4e68d3fc_2@new-host-3”, group “ConfigManager”, instance “*”, reply 0, seq 8, to “4e68d3fd_4@new-host-3”, type “send” }’, ‘{ result [ 0 ] }’) 2011-09-08 09:41:01.712 DEBUG [b10-resolver.cc] CC_GROUP_SEND sending message ‘{ command [ “get_config”, { module_name “Resolver” } ] }’ to group ‘ConfigManager’ 2011-09-08 09:41:01.712 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVE trying to receive a message 2011-09-08 09:41:01.717 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVED message arrived (‘{ from “4e68d3fc_2@new-host-3”, group “ConfigManager”, instance “*”, reply 1, seq 9, to “4e68d3fd_4@new-host-3”, type “send” }’, ‘{ result [ 0, { listen_on [ { address “::1”, port 53 }, { address “0.0.0.0”, port 53 } ], query_acl [ { action “ACCEPT”, from “any4” }, { action “ACCEPT”, from “::1” } ] } ] }’) 2011-09-08 09:41:01.717 DEBUG [b10-resolver.resolver] RESOLVER_CONFIG_UPDATED configuration updated: { listen_on [ { address “::1”, port 53 }, { address “0.0.0.0”, port 53 } ], query_acl [ { action “ACCEPT”, from “any4” }, { action “ACCEPT”, from “::1” } ] } 2011-09-08 09:41:01.718 DEBUG [b10-resolver.server_common] SRVCOMM_SET_LISTEN setting addresses to listen to 2011-09-08 09:41:01.718 DEBUG [b10-resolver.server_common] SRVCOMM_ADDRESS_VALUE address to set: ::1#53 2011-09-08 09:41:01.718 DEBUG [b10-resolver.server_common] SRVCOMM_ADDRESS_VALUE address to set: 0.0.0.0#53 2011-09-08 09:41:01.719 INFO [b10-resolver.resolver] RESOLVER_SET_QUERY_ACL query ACL is configured 2011-09-08 09:41:01.719 DEBUG [b10-resolver.resolver] RESOLVER_QUERY_SETUP query setup 2011-09-08 09:41:01.719 DEBUG [b10-resolver.cc] CC_GROUP_SEND sending message ‘{ command [ “get_module_spec”, { module_name “Logging” } ] }’ to group ‘ConfigManager’ 2011-09-08 09:41:01.719 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVE trying to receive a message 2011-09-08 09:41:01.725 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVED message arrived (‘{ from “4e68d3fc_2@new-host-3”, group “ConfigManager”, instance “*”, reply 2, seq 10, to “4e68d3fd_4@new-host-3”, type “send” }’, ‘{ result [ 0, { commands [ ], config_data [ { item_default [ ], item_name “loggers”, item_optional false, item_type “list”, list_item_spec { item_default { }, item_name “logger”, item_optional false, item_type “map”, map_item_spec [ { item_default “,”item_name “name”, item_optional false, item_type “string” }, { item_default “INFO”, item_name “severity”, item_optional false, item_type “string” }, { item_default 0, item_name “debuglevel”, item_optional false, item_type “integer” }, { item_default false, item_name “additive”, item_optional false, item_type “boolean” }, { item_default [ ], item_name “output_options”, item_optional false, item_type “list”, list_item_spec { item_default { }, item_name “output_option”, item_optional false, item_type “map”, map_item_spec [ { item_default “console”, item_name “destination”, item_optional false, item_type “string” }, { item_default “stdout”, item_name “output”, item_optional false, item_type “string” }, { item_default false, item_name “flush”, item_optional false, item_type “boolean” }, { item_default 0, item_name “maxsize”, item_optional false, item_type “integer” }, { item_default 0, item_name “maxver”, item_optional false, item_type “integer” } ] } } ] } } ], module_description “Logging options”, module_name “Logging” } ] }’) 2011-09-08 09:41:01.725 DEBUG [b10-resolver.cc] CC_GROUP_SEND sending message ‘{ command [ “get_config”, { module_name “Logging” } ] }’ to group ‘ConfigManager’ 2011-09-08 09:41:01.725 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVE trying to receive a message 2011-09-08 09:41:01.727 DEBUG [b10-resolver.cc] CC_GROUP_RECEIVED message arrived (‘{ from “4e68d3fc_2@new-host-3”, group “ConfigManager”, instance “*”, reply 3, seq 11, to “4e68d3fd_4@new-host-3”, type “send” }’, ‘{ result [ 0, { loggers [ { debuglevel 99, name “,”output_options [ { flush true } ] } ] } ] }’) 2011-09-08 09:41:01.728 INFO [b10-resolver.resolver] RESOLVER_RECURSIVE running in recursive mode 2011-09-08 09:41:01.728 WARN [b10-resolver.resolver] RESOLVER_NO_ROOT_ADDRESS no root addresses available 2011-09-08 09:41:01.728 INFO [b10-resolver.resolver] RESOLVER_SET_QUERY_ACL query ACL is configured 2011-09-08 09:41:01.728 INFO [b10-resolver.resolver] RESOLVER_STARTED resolver started 2011-09-08 09:41:01.908 DEBUG [b10-stats-httpd.stats-httpd] STATHTTPD_STARTING_CC_SESSION starting cc session 2011-09-08 09:41:02.028 INFO [b10-stats-httpd.stats-httpd] STATHTTPD_STARTED listening on 127.0.0.1#8000 2011-09-08 09:41:02.034 INFO [b10-stats-httpd.stats-httpd] STATHTTPD_CLOSING closing 127.0.0.1#8000 2011-09-08 09:41:02.036 INFO [b10-stats-httpd.stats-httpd] STATHTTPD_STARTED listening on 127.0.0.1#8000 2011-09-08 09:41:08.850 ERROR [b10-resolver.asiolink] ASIODNS_SEND_DATA error 65 sending data using UDP to 2001:500:71::30(53) 2011-09-08 09:41:10.853 ERROR [b10-resolver.asiolink] ASIODNS_SEND_DATA error 65 sending data using UDP to 2001:500:3::42(53) 2011-09-08 09:41:10.853 ERROR [b10-resolver.asiolink] ASIODNS_SEND_DATA error 65 sending data using UDP to 2001:500:3::42(53) 2011-09-08 09:41:10.853 ERROR [b10-resolver.asiolink] ASIODNS_SEND_DATA error 65 sending data using UDP to 2001:500:71::30(53) 2011-09-08 09:41:12.793 ERROR [b10-resolver.asiolink] ASIODNS_SEND_DATA error 65 sending data using UDP to 2001:4f8:0:2::19(53) 2011-09-08 09:41:12.958 ERROR [b10-resolver.asiolink] ASIODNS_SEND_DATA error 65 sending data using UDP to 2001:500:6::79(53) 2011-09-08 09:41:12.961 ERROR [b10-resolver.asiolink] ASIODNS_SEND_DATA error 65 sending data using UDP to 2001:500:a::79(53) 2011-09-08 09:41:14.864 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for ns.isc.afilias-nst.info. but got invalid response 2011-09-08 09:41:14.864 ERROR [b10-resolver.nsas] NSAS_INVALID_RESPONSE queried for ns.isc.afilias-nst.info. but got invalid response (By the way, I thought at debuglevel 99 it would show my query also.)

1242

defect

1315512398960305

1317283148039437

Unclassified

low

jreed

new

removing zone entry from Zonemgr/secondary_zones and Xfrin/zones does not remove it from sqlite3 database

> config remove Zonemgr/secondary_zones[0] > config remove Xfrin/zones[0] > config commit > config show Zonemgr/secondary_zones Zonemgr/secondary_zones [] list > config show Xfrin/zones Xfrin/zones [] list I remove my single zone as above, but sqlite3 database still has it and it still can be served. I guess this is a technique to convert a slave to a master zone. But this should be documented. And maybe a warning should be logged about it too.

1249

enhancement

1317106857327061

1324150829912888

build system

medium

UnAssigned

jinmei

new

separate unittests with timeouts

As we discussed in f2f, it would be helpful if we can separate unittest cases that involves timeouts (at least for C++ google tests). What I’d do is - rename these tests so that they ca be distinguished by a gtest filter. (e.g. TIMEOUT_test_Something) - tweak Makefile.am’s so that if we do just ‘make check’ TIMEOUT tests will be excluded, and if we do something like ‘make check-all’ they will be included (this is an example idea. as long as the goal of the ticket is achieved how to do that doesn’t matter)

1250

task

1317107440290380

1317201824638530

xfrout

medium

jinmei

new

add system tests for xfrout ACL and update bind10-guide

This is a follow-up task of #1165. Adding a base of system tests will also help for further development of xfrout (revise AXFR using new data source API, supporting IXFR, etc)

1254

enhancement

1317131238268370

1317282481995621

Unclassified

medium

jelte

new

define LIBRARY_PATH_PLACEHOLDER more centrally

I just had to update nearly every test makefile because the placeholder for the library paths needed another value. Since these are nearly the same almost everywhere, I think we could better define it in configure.ac or somewhere up there (similar to COMMON_PYTHON_PATH)

1255

task

1317141818325243

1318411519335286

Unclassified

medium

jelte

new

Document how to add an RR type

What steps to take, what examples to steal from, what utility functions are available, and perhaps most important, what pitfalls to watch out for. anything to get someone started, etc

1256

defect

1317204574323066

1392912202997929

b10-auth

very low

shane

DNS Outstanding Tasks

new

Minor error in getopt() processing

According to the getopt() man page: If getopt() finds an option character in argv that was not included in optstring, or if it detects a missing option argument, it returns ‘?’ and sets the external variable optopt to the actual option character. If the first character (following any optional ‘+’ or ‘-’ described above) of optstring is a colon (‘:’), then getopt() returns ‘:’ instead of ‘?’ to indicate a missing option argument. If an error was detected, and the first character of optstring is not a colon, and the external variable opterr is nonzero (which is the default), getopt() prints an error message. We use the leading colon sometimes, I think in an effort to avoid the pre-defined error messages, which are ugly and not helpful. However, we then check for ‘?’ in our while() loop, which is an error. It doesn’t actually show up, since we then follow with the default: statement, however a restructuring of the code could break this. It’s a one-line fix.

1257

defect

1317215987760513

1318411523404056

Unclassified

low

jreed

new

configure require at least sqlite3 3.3.9 for sqlite3_prepare_v2 API

The error is: ImportError: /home/jreed/builder/work/BIND10/20110928074701-CentOS5-x86_64-GCC/build/src/lib/datasrc/.libs/libdatasrc.so.0: undefined symbol: sqlite3_prepare_v2 That sqlite3_prepare_v2 API was added in sqlite3 3.3.9 (2007 January 4) and the CentOS version was sqlite-3.3.6-5.

1269

defect

1317316653413624

1318411519920776

Unclassified

medium

jreed

new

NameError: global name ‘EINTR’ is not defined (via Ctrl-C)

Pressing Ctrl-C caused Traceback: [b10-msgq] Receive error: EOF 2011-09-29 15:35:04.152 INFO [b10-boss.boss] BIND10_SEND_SIGTERM sending SIGTERM to b10-msgq (PID 62572) 2011-09-29 15:35:04.154 INFO [b10-boss.boss] BIND10_SEND_SIGTERM sending SIGTERM to b10-xfrout (PID 62575) Exception in thread Thread-1: Traceback (most recent call last): File “/usr/local/lib/python3.1/site-packages/isc/util/socketserver_mixin.py”, line 71, in serve_forever r, w, e = select.select([self, self.read_sock], ) select.error: During handling of the above exception, another exception occurred: Traceback : File “/usr/local/lib/python3.1/threading.py”, line 516, inbootstrap_inner self.run File “/usr/local/lib/python3.1/threading.py”, line 469, in run self.target(*self.args, **self.kwargs) File “/usr/local/lib/python3.1/site-packages/isc/util/socketserver_mixin.py”, line 73, in serve_forever if err.args[0] == EINTR: NameError: global name ‘EINTR’ is not defined This is August release and I didn’t test latest. This is on FreeBSD 8.2-RELEASE on amd64. I did see similar bugs, but not the same.

1270

defect

1317316885754664

1318411520449707

data source

medium

jreed

new

Failed to set up schema … sqlite3.OperationalError: no such table: zones

Note this was from running bind10 as installed using a FreeBSD ports package which was built with CONFIGURE_ARGS= —localstatedir=/var Notice that the xfrout traceback got interspersed with real b10-auth logging output: 2011-09-29 15:34:59.696 ERROR [b10-auth.auth] AUTH_CONFIG_UPDATE_FAIL update of configuration failed: Failed to set up schema CREATE TABLE zones (id INTEGER PRIMARY KEY, name STRING NOT NULL COLLATE NOCASE, rdclass STRING NOT NULL COLLATE NOCASE DEFAULT ‘IN’, dnssec BOOLEAN NOT NULL DEFAULT 0) Traceback (most recent call last): File “/usr/local/libexec/bind10-devel/b10-xfrout”, line 723, in xfrout_server = XfroutServer() File “/usr/local/libexec/bind10-devel/b10-xfrout”, line 616, in init self.start_notifier File “/usr/local/libexec/bind10-devel/b10-xfrout”, line 628, instart_notifier self.notifier = notify_out.NotifyOut File “/usr/local/lib/python3.1/site-packages/isc/notify/notify_out.py”, line 120, ininit 2011-09-29 15:34:59.731 INFO AUTH_SERVER_STARTED server started self.init_notify_out(datasrc_file) File “/usr/local/lib/python3.1/site-packages/isc/notify/notify_out.py”, line 132, in _init_notify_out for zone_name, zone_class in sqlite3_ds.get_zones_info(datasrc_file): File “/usr/local/lib/python3.1/site-packages/isc/datasrc/sqlite3_ds.py”, line 161, in get_zones_info cur.execute(“SELECT name, rdclass FROM zones”) sqlite3.OperationalError: no such table: zones sqlite3 shows: freebsd8-64-4# sqlite3 /var/bind10-devel/zone.sqlite3 SQLite version 3.7.4 Enter “.help” for instructions Enter SQL statements terminated with a “;” sqlite> .tables schema_version Maybe different components are using different path to the database? Some suggestions: - log output give more information like the path to the database. - sqlite3_ds.py check before using - xfrout fail cleanly on failures (no traceback) The problem is in both components.

1284

defect

1318067328550878

1337188385146694

Unclassified

low

erickom

new

Debian SID: Missing file liblog.so.0 library

Hello, I configured and compiled Bind10 successfully on Debian Sid. but during starting precess of bind10, I received the error mentioned below: root@kom:/bind10# /usr/local/sbin/bind10 Traceback : File “/usr/local/sbin/bind10”, line 65, in import isc.cc File “/usr/local/lib/python3/dist-packages/isc/init.py”, line 6, in import isc.config File “/usr/local/lib/python3/dist-packages/isc/config/init.py”, line 1, in from isc.config.ccsession import * File “/usr/local/lib/python3/dist-packages/isc/config/ccsession.py”, line 44, in from isc.log import log_config_update ImportError: liblog.so.0: cannot open shared object file: No such file or directory root@kom:/bind10# ps auxww

grep bind10 root 26107 0.0 0.2 3476 752 pts/0 S+ 11:49 0:00 grep bind10 root@kom:~/bind10# the python package dependency mentioned above is present; please how to ignore the error message?

liblog.so.0

1291

defect

1318362589493900

1331918477360839

Unclassified

medium

jreed

new

bad config database results in unclean shutdown

I made a mistake in my config database (removed starting brace). This resulted in: 2011-10-11 14:44:14.197 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-cfgmgr 2011-10-11 14:44:14.698 FATAL [b10-cfgmgr.cfgmgr] CFGMGR_DATA_READ_ERROR error reading configuration database from disk: Configuration file out of date or corrupt, please update or remove /home/reed/work/isc/bind10-install/var/bind10-devel/b10-config.db 2011-10-11 14:44:14.725 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process ccsession 2011-10-11 14:44:18.767 INFO [b10-boss.boss] BIND10_KILLING_ALL_PROCESSES killing all started processes 2011-10-11 14:44:18.768 WARN [b10-boss.boss] BIND10_SOCKCREATOR_KILL killing the socket creator 2011-10-11 14:44:18.769 INFO [b10-boss.boss] BIND10_KILL_PROCESS killing process b10-cfgmgr Traceback (most recent call last): File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/cc/session.py”, line 203, in receive_full_buffer self.receive_len_data() File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/cc/session.py”, line 163, in receive_len_data new_data = self.receive_bytes(self.recv_len_size) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/cc/session.py”, line 149, inreceive_bytes data = self.socket.recv socket.timeout: timed out During handling of the above exception, another exception occurred: Traceback : File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/config/ccsession.py”, line 322, in add_remote_config answer, env = self.session.group_recvmsg(False, seq) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/cc/session.py”, line 266, in group_recvmsg env, msg = self.recvmsg(nonblock, seq) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/cc/session.py”, line 121, in recvmsg data = self.receive_full_buffer File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/cc/session.py”, line 218, inreceive_full_buffer raise SessionTimeout(“recv() on cc session timed out”) isc.cc.session.SessionTimeout: recv() on cc session timed out During handling of the above exception, another exception occurred: Traceback (most recent call last): File “./sbin/bind10”, line 682, in startup self.start_all_processes() File “./sbin/bind10”, line 618, in start_all_processes self.start_ccsession(c_channel_env) File “./sbin/bind10”, line 501, in start_ccsession self.command_handler) File “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/config/ccsession.py”, line 188, in init default_logconfig_handler) ile “/home/reed/work/isc/bind10-install/lib/python3.1/site-packages/isc/config/ccsession.py”, line 326, in add_remote_config module_name) isc.config.ccsession.ModuleCCSessionError: No answer from ConfigManager when asking about Remote module Logging During handling of the above exception, another exception occurred: Traceback (most recent call last): File “./sbin/bind10”, line 1087, in main() File “./sbin/bind10”, line 1036, in main startup_result = boss_of_bind.startup() File “./sbin/bind10”, line 684, in startup self.kill_started_processes() File “./sbin/bind10”, line 382, in kill_started_processes self.processes[pid].process.kill() File “/usr/pkg/lib/python3.1/subprocess.py”, line 1337, in kill self.send_signal(signal.SIGKILL) File “/usr/pkg/lib/python3.1/subprocess.py”, line 1327, in send_signal os.kill(self.pid, sig) OSError: [Errno 3] No such process Also left running: root 13671 0.0 1.2 22568 12100 ttyp7 S 2:44PM 0:00.49 /usr/pkg/bin/python3.1 /home/reed/work/isc/bind10-install/libexec/bind10-devel/b10-msgq

1296

enhancement

1318406506891556

1318587118159926

dhcp

very low

UnAssigned

tomek

DHCP Outstanding Tasks

new

Kea: Pkt an Option should provide interators besides of getOption()

Pkt6 and Option classes currently provide getOption() methods. They should also provide iterator for option container. This required a bit of thought as such iterator may become invalid if option is modified in the meantime.

1297

enhancement

1318409947165927

1318497930789309

Unclassified

low

UnAssigned

tomek

DHCP Outstanding Tasks

new

Kea: Methods for printing out option content

Currently toText() in all option classes print out all info about option (type, length, number of addresses etc.). That is useful for debugging to print out content of the whole message. However, that is less useful for casual logging. toText() should return short version of the content (e.g. space separated addresses). A new set of methods (toTextDetailed?) should be added.

1302

defect

1318516112811014

1319112489945206

documentation

medium

jreed

new

add bindctl configuration examples to guide

The README previously had usage examples of using bindctl with “config”. Put these into the guide.

1304

defect

1318545078673702

1396529256167943

xfrin

medium

jinmei

DNS Outstanding Tasks

new

xfrin test should retrieve config defaults from the spec file

Right now, it’s hardcording some default values, which just happen to be consistent with the spec file: class MockCC(): def get_default_value(self, identifier): # The returned values should be identical to the spec file # XXX: these should be retrieved from the spec file # (see MyCCSession of xfrout_test.py.in) if identifier "zones/master_port":<br> return TEST_MASTER_PORT<br> if identifier zones/class return TEST_RRCLASS_STR if identifier == zones/use_ixfr return False Obviously it’s ugly and more difficult to maintain. As commented the mock class should retrieve the defaults from the spec file. We should also have some tests to check whether the default values are really used in other cases (such as “max transfer in”).

1312

task

1318591339707868

1364499059808920

dhcp

low

tomek

DHCP Outstanding Tasks

new

Kea: Pkt6 and OutputBuffer merge should be investigated

DHCP component uses Pkt6 class. There is OutputBuffer that is used in DNS that provides covenient way of writing to a buffer that automatically expands as needed. Pkt6, Pkt6::data_ replacement to OutputBuffer or other unification should be investigated.

1315

task

1318932830445413

1396529291116443

xfrin

medium

stephen

DNS Outstanding Tasks

new

IXFR system test - SOA Expiry

#1213 started the process of producing system tests for IXFR-in. At the time, the generation of an IXFR request by a slave server when the zone expired was not supported, and so the production of a system test for this functionality has been deferred to this ticket. (The specification for the IXFR system tests can be found [wiki:IxfrSystemTests here].)

1316

task

1318932997247028

1396529300004921

xfrin

medium

stephen

DNS Outstanding Tasks

new

IXFR-in System Test - UDP transfers

#1213 started the process of producing system tests for IXFR-in. At the time, handling IXFRs over UDP was not supported, and so the production of a system test for this functionality has been deferred to this ticket. (The [wiki:IxfrSystemTests specification] for the IXFR system tests can be found here.)

1317

task

1318933248158868

1396529309298751

xfrin

medium

stephen

DNS Outstanding Tasks

new

IXFR-in System Test - special cases

#1213 started the process of producing system tests for IXFR. Not included in that ticket were tests for two cases: * Interruption of an IXFR transfer over TCP aborts the update to the zone. * Checking that additions and deletions are applied in the right order. … as special code is required to create the abnormal conditions to test them. (Details of these cases can be found in the comments to #1213.) This ticket requires the creation of the appropriate test framework.

1319

defect

1318958440950029

1320940878874911

Unclassified

low

jreed

new

systest can’t find stop.pl on failure

(Note: I don’t think this issue is specific to ixfr nor ixfr/in-2.) If a b10-config.db file has a syntax problem it will cause fatal issues when starting up bind10. I saw within ixfr/in-2 (when I introduced the error), it attempted to stop: I:starting server nsx2 I:Couldn’t start server nsx2 R:FAIL Can’t open perl script /b/work/BIND10-systest/20111018144505-MacOS/build/tests/system/ixfr/stop.pl No such file or directory stop.pl is located in directory below that. I think it is because it is referenced from $topdir instead of $SYSTEMTOP.

1335

enhancement

1319188850845259

1319188850845259

dhcp

low

stephen

DHCP Outstanding Tasks

new

Extend DHCP benchmarking to ramp up packet send rate

The DHCP benchmarking tool should be extended to allow the rate at which packets are sent to be ramped up over a period of time. This will allow the maximum packet rate the DHCP server can handle to be determined.

1337

enhancement

1319192543738139

1319201872095106

dhcp

low

stephen

DHCP Outstanding Tasks

new

DHCP benchmarking - enhanced reply verification

From a [ticket:1263#comment:2 a comment 2 in ticket 1263]: It would be useful to elaborate on reply verification. V4 server responding with NACK is ok or not? What about v6 server sending REPLY with status-code=no-addrs-avail? That is another thing we could eventually add as a feature. In some scenarios negative response as considered a proper one (test passed) and in others it is not (test failed). Make sure that the verification could be tuneable. For now it can be simple, but it will be more complex later.

1338

enhancement

1319200506808850

1324552147778802

dhcp

low

tomek

DHCP Outstanding Tasks

new

perfdhcp should have the ability to dump sent/received traffic to file

Even though we will work on making this tool as smart as possible, there always be cases when manual investigation is required. Traffic should be dumped in pcap (tcpdump) format. Ideally, it would use some existing library to write traffic in proper format. Due to time constraints, I don’t think we will be able to do this in the November 2011 milestone. We could consider temporary solution that could work, though: Before test: fork() + system(“tcpdump -i eth0 dhcp”) Run tests as usual After test: kill tcpdump

1339

enhancement

1319200820485863

1319200820485863

dhcp

low

tomek

DHCP Outstanding Tasks

new

perfdhcp should warn if there are any DHCP clients running

A small, but useful feature. If there are any clients running, we should warn about this. This may save us from having strange statistics, like receiving more responses than we sent queries.

1348

defect

1319534720783127

1321962568946624

build system

low

UnAssigned

tomek

new

make check fails on a fresh tree

The likely problem is with dependencies. datasrc test includes isc.log that is not built yet. A simple workaround is to do “make” before “make check”. Error message: lib/python:/home/thomson/devel/bind10-libdhcp4/src/lib/python:/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/log:/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/datasrc/.libs:/home/thomson/devel/bind10-libdhcp4/src/lib/dns/python/.libs br> TESTDATA_PATH=/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/datasrc/tests/testdata br> TESTDATA_WRITE_PATH=/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/datasrc/tests br> /usr/bin/python3.1 /home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/datasrc/tests/$pytest

exit ; br> done Running test: datasrc_test.py Traceback (most recent call last): File “/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/datasrc/tests/datasrc_test.py”, line 16, in import isc.log File “/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/init.py”, line 6, in import isc.config File “/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/config/init.py”, line 1, in from isc.config.ccsession import File “/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/config/ccsession.py”, line 44, in from isc.log import log_config_update File “/home/thomson/devel/bind10-libdhcp4/src/lib/python/isc/log/init.py”, line 33, in from log import ImportError: No module named log

1352

defect

1319706995872430

1321962564467197

bind-ctl

medium

vorner

new

Config go allows setting unusable path

It is possible to enter invalid place in the configuration by config go. The following error message when used makes sense after small thinking what happens inside, but users shouldn’t need to care about that. What happened to me was this: /Logging/loggers> config go [0] /Logging/loggers[0]> config show Logging/loggers[0]/name “‘*’” string (modified) Logging/loggers[0]/severity “DEBUG” string (modified) Logging/loggers[0]/debuglevel 100 integer (modified) Logging/loggers[0]/additive false boolean (default) Logging/loggers[0]/output_options/ list (modified) /Logging/loggers[0]> config show output_options Error: Bad format in identifier (extra ]): loggers[0]output_options Eg. it does show me local values, but it does not add the slash when needed. The config go should probably add one (eg. go directly to loggers[0]/) just like cd in shell does.

1353

defect

1319707427373568

1396529317167555

xfrin

low

vorner

DNS Outstanding Tasks

new

Wrong reason for transfer failure logged when TSIG fails

This log message appears whenever validation of TSIG fails for some reason: 2011-10-26 12:35:52.460 ERROR [b10-xfrin.xfrin] XFRIN_XFR_TRANSFER_FAILURE AXFR transfer of zone example.com./IN failed: TSIG verify fail: FORMERR However, the FORMERR is misleading. In this exact case, the signature was missing completely (because it was a servfail), but AFAIK it happened at other situations as well. It should tell more details.

1355

defect

1319707819418639

1396529324975048

xfrin

low

vorner

DNS Outstanding Tasks

new

Xfrin mistakes EOF with timeout

When the remote shuts down a connection prematurely (for example it crashes attempting to serve the transfer), Xfrin detects this and reports an error right away. However, it logs it was a timeout (which it wasn’t, as the transfer failed in less than 1 second). This may lead the administrator to look for wrong errors.

1373

defect

1320472719592176

1339225194377791

data source

medium

jinmei

new

DataSourceClient::getIterator should differentiate no-such-zone case

Currently it throws a generic DataSourceError exception (and the python version raises isc.datasrc.Error). Since this can be thrown for other reasons than the case where the specified zone doesn’t exisit, xfrout cannot decide whether it should return NOTAUTH or other Rcode. The bottom line is we should differentiate this case with other errors. Possibilities include a separate error code with NULL/None (like find()) and a dedicated exception. I personally prefer the former especially for C++, but that’s debatable.

1374

task

1320473299432823

1322985171982419

data source

medium

jinmei

new

implement “ZoneTableIterator”

To completely replace the old data source API, we need some more interfaces to manage “zone tables”. One of them is the “ZoneTableIterator” (tentaively named) class. It would be created via DataSourceClient, and provides an interface to iterate over all stored zones in the data source. (maybe we should divide this task into a few sub tasks).

1375

task

1320473352815196

1320769939143599

data source

medium

jinmei

new

implement “ZoneTableUpdater”

To completely replace the old data source API, we need some more interfaces to manage “zone tables”. One of them is the “ZoneTableUpdater” (tentaively named) class. It would be created via DataSourceClient, and provides an interface to add or delete a zone to/from the data source. (maybe we should divide this task into a few sub tasks).

1379

enhancement

1320599686548510

1320769939542694

Unclassified

low

jelte

new

move zone/address formatters for logging to some util lib

When done, #1298 introduced two functions to format zone/class and ipaddress/port information for easier use when logging or printing them. These functions should be moved to a separate library (and for the address one, we should consider what argument type(s) it should get), like src/lib/python/isc/util/format.py or something. When done, the logging calls in other modules should be checked and modified to use these functions so we have a consistency in our logging output. We may need to add these in c++ as well.

1380

task

1320599810674309

1320769940073753

Unclassified

medium

jelte

new

move ixfr system tests to lettuce

#1290 introduces a lettuce framework for system tests. If that one has been done, we should try and convert the current IXFR system tests to that framework, as a base for the rest of the IXFR system tests.

1382

enhancement

1320657651881930

1320940411224675

data source

medium

jelte

new

datasource interface for signaling capabilities

We do not expect every data source implementation to support every type of action; some will be ‘read-only’, and hence will not support things like updating etc. We can (and do) already throw NotImplemented exceptions if these functions are called, but we should really not call them in the first place if the implementation is not able to do it anyway. So the proposal is to add a method that returns what the datasource can and cannot do (iteration, updating, journaling, perhaps more) so any callers can more cleanly handle cases where these are not supported.

1385

defect

1320988192785322

1321962565560548

data source

medium

kevin_tes

new

Sqlite3ClientBadConfig unit test fail

‘’’make check:’‘’ make[7]: Entering directory `/home/xiejiagui/bind10/src/lib/datasrc/tests’ [] Running 313 tests from 19 test cases.<br>[----------] Global test environment set-up.<br>[----------] 3 tests from FactoryTest<br>[ RUN ] FactoryTest.sqlite3ClientBadConfig<br>factory_unittest.cc:84: Failure<br>Value of: result1.code<br> Actual: 2<br>Expected: result::SUCCESS<br>Which is: 0<br>/bin/bash: line 5: 26559 Segmentation fault ${dir}$tst<br>FAIL: run_unittests<br>= 1 of 1 test failed Please report to bind10-dev@isc.org =<br><br>'''gdb:'''<br>.......<br>Starting program: /home/xiejiagui/bind10/src/lib/datasrc/tests/.libs/run_unittests <br>[Thread debugging using libthread_db enabled]<br>[] Running 313 tests from 19 test cases. [———-] Global test environment set-up. [———-] 3 tests from FactoryTest [ RUN ] FactoryTest.sqlite3ClientBadConfig [New Thread 0x7ffff4086700 (LWP 24771)] [Thread 0x7ffff4086700 (LWP 24771) exited] factory_unittest.cc:84: Failure Value of: result1.code Actual: 2 Expected: result::SUCCESS Which is: 0 Program received signal SIGSEGV, Segmentation fault. 0x00007ffff795254d in sqlite3_finalize () from /usr/lib/libsqlite3.so.0 my computer: ubuntu-10.0.4, 64bit

1391

defect

1321817047238332

1321962567921516

configuration

medium

jinmei

new

“config add” for a list doesn’t always work

For example, this is okay: > config add Xfrout/zone_config (zone_config[0] will be created) but this doesn’t work: > config add Xfrout/zone_config[0]/transfer_acl Error: No value given and no default for /Xfrout/zone_config[0]/transfer_acl and this doesn’t work either: > config add Xfrout/zone_config[0]/transfer_acl {action “ACCEPT”} Traceback (most recent call last): File “/opt/local/Library/Frameworks/Python.framework/Versions/3.1/lib/python3.1/cmd.py”, line 213, in onecmd func = getattr(self, ‘do’ + cmd) AttributeError: ’BindCmdInterpreter’ object has no attribute ’do_config’ During handling of the above exception, another exception occurred: Traceback : File “/Users/jinmei/opt/bin/bindctl”, line 149, in result = tool.run File “/Users/jinmei/opt/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 138, in run self.cmdloop File “/opt/local/Library/Frameworks/Python.framework/Versions/3.1/lib/python3.1/cmd.py”, line 139, in cmdloop stop = self.onecmd File “/Users/jinmei/opt/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 466, in onecmd Cmd.onecmd File “/opt/local/Library/Frameworks/Python.framework/Versions/3.1/lib/python3.1/cmd.py”, line 215, in onecmd return self.default File “/Users/jinmei/opt/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 432, in default self.parse_cmd(line) File “/Users/jinmei/opt/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 569, in parse_cmd self.handle_cmd(cmd) File “/Users/jinmei/opt/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 410, in handle_cmd self.apply_config_cmd File “/Users/jinmei/opt/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 677, in apply_config_cmd cmd.params.get) File “/Users/jinmei/opt/lib/python3.1/site-packages/isc/config/ccsession.py”, line 503, in add_value self.add_value_to_list(identifier, value, module_spec) File “/Users/jinmei/opt/lib/python3.1/site-packages/isc/config/ccsession.py”, line 456, in _add_value_to_list + identifier) TypeError: unsupported operand type(s) for +: ’dict’ and ‘str’

1393

enhancement

1321817734588585

1339829049552844

logging

medium

jinmei

new

reduce overhead in python logging

See this: https://bind10.isc.org/ticket/1359#comment:11 On a related note, it would be better to pass the original object to logger rather than passing a string based on the object whenever possible. Then we can avoid the expensive conversion if the specified level of logging is disabled. Example: do this isc.dns.Name name(‘example.com’) logger.debug(VERY_MINOR, SOME_NOISY_LOG, name) instead of isc.dns.Name name(‘example.com’) logger.debug(VERY_MINOR, SOME_NOISY_LOG, name.to_text()) Another related note is that we should generally try to provide str() for Python classes defined in BIND 10.

1394

enhancement

1321818244235633

1339259969883910

logging

medium

jinmei

new

unify format_zone_str and format_addrinfo

These were introduced in xfrin and subsequently copied to xfrout and notify_out. They should be moved to some utility library and applications should refer to it. Also, in the sense of a note in #1393, I’d suggest making this classes: #!python class ZoneFormatter: def init(self, zone_name, zone_class): self.zone_name = zone_name self.zone_class = zone_class def str(self): return self.__zone_name.to_text(True) + ‘/’ + str(self.__zone_class) And the applicaton pass Formatter objects to logger: logger.debug(VERY_MINOR, SOME_NOISY_LOG, ZoneFormatter(zname, zclass)) ddns.logger.py defines `ClientFormatter` and `ZoneFormatter`. These should be unified, too.

1395

defect

1321818672626016

1322756346092314

logging

medium

jinmei

new

python isc.datasrc should be usable without logging

See src/bin/xfrout/tests/testdata/creatediff.py of trac1371 (or master when merged). If we don’t import isc.org or call isc.log.init(), it fails: Traceback (most recent call last): File “creatediff.py”, line 58, in ‘{ database_file “test.sqlite3” }’) isc.datasrc.Error: Failed to create DataSourceClient of type sqlite3:Unknown uncaught exception from sqlite3 createInstance: Error creating sqlite3 datasource: attempt to access logging function before logging has been initialized even though this script doesn’t use any logging in it. This is incovenient. I believe generic BIND 10 libraries should be usable without logging setup. I’m not sure if it’s specific to isc.datasrc or common for other cases such as isc.acl (not tested). But if it’s the latter, the same comment applies to them, too.

1400

task

1321820450438137

1328631164980120

statistics

medium

UnAssigned

jinmei

assigned

auth per qtype statistics

1402

task

1321820484571629

1321962575882605

statistics

medium

jinmei

new

auth query statistics (referral, nxdomain, etc)

1403

task

1321820501164239

1321962576500971

statistics

medium

jinmei

new

auth TSIG/EDNS related statistics

1406

defect

1321913575345053

1394116525914230

Boss of BIND

low

jreed

Common Outstanding Tasks

new

boss show_processes format

Currently we have for example: > Boss show_processes [ [ 3722, “b10-xfrin” ], [ 6802, “msgq” ], … We should be consistent with formats as much as we can. This should probably be JSON. Here is an idea: { boss_processes { pid 3722, name “b10-xfrin” }, { pid 6802, name “msgq” } ….

1408

task

1321962730068690

1394116540316153

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

Configurable parameters for components

Currently, the configuration on Boss/components allows setting the command line parameters. But these are ignored by boss, they need to be propagated through the isc.bind10.Component to the started process.

1409

defect

1321964195762413

1394116552403378

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

Better checks of Boss/components configuration validity

Currently, the boss doesn’t perform any checks on the configuration, it just uses it. It should at last validate it against the spec file and the isc.bind10.Component check it makes sense and throw some better exceptions than the usual „key error“ and like. However, it’s not that critical, as bindctl seems to perform some basic checks.

1410

enhancement

1321964662534494

1322560922805321

Unclassified

medium

vorner

new

Remove command line parameters from processes

Some of our processes (like b10-auth) need parameters computed by boss at startup. This is wrong, for two reasons: * It is impossible to change such settings at runtime. * We need to handle such processes as special components, making it harder for user to grasp and configure. So, I think all such parameters should be removed and special components eliminated (at last the ones that aren’t really that special, keeping msgq as special seems inevitable).

1411

enhancement

1321964944968568

1394116563971759

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

More component states in boss

Currently, each component in boss can be either stopped, started or failed. We should extend it to allow more accurate control, notably about: * Components that are starting up, but they didn’t initialize yet. That would allow to wait for one component to complete startup before starting another one depending on it. * Waiting to being restarted. Currently it pretends to be stopped and boss itself keeps it in some list. * Components that were asked to terminate, but didn’t do it yet. This will allow to kill a component that fails to stop after some time.

1412

enhancement

1321965103756754

1394116577753373

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

Boss should be more reluctant to abort shutdown.

Currently, when boss shuts down and a component raises an exception when it is stopped, the shutdown is aborted and the rest of processes are just mercilessly killed. We should catch exceptions, keep stopping the other components and then after everything is stopped, rethrow them. This will allow killing only the components that are broken.

1413

enhancement

1321966062429119

1394116596697670

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

Runtime change of component configuration

Currently, if a configuration of boss component is changed, the boss complains it can’t handle it and suggests to remove the component and then add it again. But the changes should be handled transparently, either by changing local variables in boss (if a core components becomes dispensable, etc) or by restarting the component behind the scene with new parameters, so the user isn’t bothered.

1416

task

1321986603556273

1323178776389778

data source

medium

jinmei

new

buffered read of journal

I believe !DatabaseJournalReader should do buffered read so that it can minimize the period of holding the database lock. While it’s a kind of optimization, I think it’s quite crucial for production-like environment, and suggest doing so earlier.

1417

defect

1322060080496444

1323178777012801

configuration

low

jreed

new

config show and missing index number and slash results in not found for single list entry

> config show Auth/listen_on/ Error: Auth/listen_on/[0]/address not found Notice above is missing index number like [0] and has a slash which results in showing a list item (address) not found. (Really address and port do exist for [0].)

1418

defect

1322060624107872

1394116814482704

b10-auth

low

jreed

DNS Outstanding Tasks

new

no logging by default when changing Auth/listen_on

I removed some Auth/listen_on entries and changed some values there too. On commit, no logs (default configuration). I think it should log this. I thought there was logging for this, but now I can’t find it.

1419

defect

1322061105903298

1323178777674777

configuration

medium

jreed

new

confusing and unrelated auth listen_on logging

I did the following in bindctl: > config add Auth/listen_on/ > config show Auth/listen_on Auth/listen_on[0]/address “::” string (modified) Auth/listen_on[0]/port 53 integer (modified) Auth/listen_on[1]/address “0.0.0.0” string (modified) Auth/listen_on[1]/port 53 integer (modified) Auth/listen_on[2]/address “::1” string (default) Auth/listen_on[2]/port 53 integer (default) > config set Auth/listen_on[0]/port 5353 > config commit Error: Server configuration failed: Address must contain both the IPaddress and port Configuration not committed The default logging showed: 2011-11-23 08:50:05.696 ERROR [b10-auth.server_common] SRVCOMM_ADDRESS_MISSING address specification is missing “address” or “port” element in { } 2011-11-23 08:50:05.699 ERROR [b10-auth.auth] AUTH_CONFIG_UPDATE_FAIL update of configuration failed: Server configuration failed: Address must contain both the IPaddress and port 2011-11-23 08:50:05.702 ERROR [b10-cmdctl.cmdctl] CMDCTL_COMMAND_ERROR error in command set_config to module ConfigManager: Server configuration failed: Address must contain both the IPaddress and port 1. SRVCOMM_ADDRESS_MISSING what is this { } element? 2. Why does it suggest I am missing an address or port? 3. Why is there an unrelated b10-cmdctl.cmdctl log message here? Here is an example after starting with no configuration: > config set Auth/listen_on[0]/port 5353 > config commit Error: Server configuration failed: Failed to initialize network servers: Permission denied Configuration not committed Results in: 2011-11-23 09:08:44.650 ERROR [b10-auth.server_common] SRVCOMM_ADDRESS_FAIL failed to listen on addresses (Failed to initialize network servers: Permission denied) 2011-11-23 09:08:44.652 ERROR [b10-auth.auth] AUTH_CONFIG_UPDATE_FAIL update of configuration failed: Server configuration failed: Failed to initialize network servers: Permission denied 2011-11-23 09:08:44.656 ERROR [b10-cmdctl.cmdctl] CMDCTL_COMMAND_ERROR error in command set_config to module ConfigManager: Server configuration failed: Failed to initialize network servers: Permission denied I will ignore permission denied for b10-auth as I understand that (I am non-root), but what is this CMDCTL_COMMAND_ERROR message? Oh… it is the previous error seen by cmdctl. This is quite confusing.

1422

defect

1322066511138520

1332238414333689

configuration

low

jreed

new

config remove /Boss/components/foo and not a list or a named set

> config remove Boss/components/b10-xfrin Error: /Boss/components/b10-xfrin is not a list or a named_set > config remove Boss/components b10-xfrin The first example does not work. The second example is accepted. I think it is confusing because config show does show it like “/Boss/components/b10-xfrin”.

1423

defect

1322067772031162

1331998412575006

configuration

low

jreed

new

config show Boss/components is missing entries

> config show Boss/components Boss/components/b10-cmdctl/special “cmdctl” string Boss/components/b10-cmdctl/process null string Boss/components/b10-cmdctl/kind “needed” string Boss/components/b10-cmdctl/address null string Boss/components/b10-cmdctl/params/ list Boss/components/b10-cmdctl/priority 99 integer (modified) > config show /Boss/components/setuid Boss/components/setuid/special “setuid” string Boss/components/setuid/process null string Boss/components/setuid/kind “dispensable” string Boss/components/setuid/address null string Boss/components/setuid/params/ list Boss/components/setuid/priority 5 integer Notice first only shows b10-cmdctl but setuid exists too. When I restart bindctl, “config show Boss/components” shows over a screenful of many settings. I can get into this broken state by doing: > config set Boss/components/b10-stats-httpd/priority 99 (Without commit and note commit does not work anyways for that.) A “config revert” will fix also.

1425

defect

1322087911350698

1396529357041668

xfrin

medium

shane

DNS Outstanding Tasks

new

Need backoff algorithm when AXFR refused

I was configuring BIND 10 as a secondary, and had not yet updated my master to allow transfers. Every 5 seconds I got this in my log files: 2011-11-23 22:35:54.849 ERROR [b10-xfrin.xfrin] XFRIN_XFR_TRANSFER_FAILURE AXFR transfer of zone home.time-travellers.org./IN failed: error response: REFUSED 2011-11-23 22:36:00.690 ERROR [b10-xfrin.xfrin] XFRIN_XFR_TRANSFER_FAILURE AXFR transfer of zone home.time-travellers.org./IN failed: error response: REFUSED 2011-11-23 22:36:05.319 ERROR [b10-xfrin.xfrin] XFRIN_XFR_TRANSFER_FAILURE AXFR transfer of zone home.time-travellers.org./IN failed: error response: REFUSED This needs to be made a bit less aggressive.

1438

enhancement

1322502345556404

1392999578081708

Unclassified

medium

stephen

DNS Outstanding Tasks

new

NSEC3: consistent selection of NSEC3PARAM

Consistent selection of NSEC3PARAM record for use in all subsequent NSEC3 code. [http://tools.ietf.org/html/rfc5155 RFC 5155] does not prohibit multiple NSEC3PARAM RRs at the apex of the zone and leaves flexibility in which one is used. The purpose of this ticket is to review the NSEC3 code and to ensure if multiple NSEC3PARAM records are present, the parameters of the same record are used throughout one query. (See [http://tools.ietf.org/html/rfc5155#section-7.3 RFC 5155 section 7.3].) This relies on the completion of tickets #1431 through #1437.

1441

task

1322598538096248

1323178784715843

Unclassified

medium

shane

new

Requirements for sharing a socket

This ticket is to document the requirements that we have for sharing a socket, for example to handle both AXFR and queries on a single IP+port, or to handle both DDNS and queries on a single IP+port, or to handle both authoritative and recursive servers on a single machine, and so on. This may end up being a receptionist, but that is design, and this ticket is about requirements.

1445

defect

1322669839124408

1323357901608466

logging

very low

jreed

new

inconsistent use of “SQLite3” in log messages

Log messages have “SQLite3Database” (no space), “sqlite”, “SQLite3” and maybe others. Let’s be consistent.

1459

task

1322857184069690

1339516603763329

DDNS

medium

jelte

new

Consistency checks in DDNS module

(Updating based on jabber chat) Before the (final) commit in a DDNS update, there is a number of consistency checks we should do. It was not really clear what “consistency checks” mean, so I’m going to list additional checks BIND 9 does, which don’t seem to be implemented in BIND 10 yet (not even in #1457). Note that they are not only “final” checks, but also checks in prescan or actually updating the zone. Some of the checks may not make sense for us (or too advanced at the moment), so we should discuss any suspicious ones. Also, if we try to include most of the checks, it may be too big for a single ticket. Since each individual check is generally independent, we should be easily able to separate them into multiple tasks. In prescan: - reject any meta types including MAILA/MAILB - reject any attempt of updating NSEC/NSEC3/RRSIG When adding an RR: - ignore MD/MF - ignore wildcard NS/DNAME - be careful with the coexistence of CNAME and DNSSEC related records - ignore a 2nd SOA (okay if explicitly deleting the existing one first) - ignore NSEC3PARAM records with any flags other than OPTOUT. - merge new RRs with existing RRset: in particular, if a new RR is being added which is only different with an existing one in TTL, make sure just the new TTL is used (note that the new TTL may be larger than the existing one) When deleting all any type of RRs of a name: - do not delete RRSIG or NSEC (or NSEC3?) - in addition, if the name is zone origin, do not delete NSEC3PARAM (or SOA or NS) After applying all changes: - check DNSSEC: Prevent the zone entering a inconsistent state where NSEC only DNSKEYs are present with NSEC3 chains. - zone apex has NS, and if the NS name is a subdomain of the zone, there’s AAAA or A for it. - check_mx: (depending on configuration) whether MX has AAAA or A, the mx name is reasonable (not “x.y.z.w”) - remove_orphaned_ds: “DS records are not allowed to exist without corresponding NS records” - if ‘dnssec-secure-to-insecure’ is false, whether at least one DNSKEY exists. - if changing from secure to insecure, delete all NSEC3s - also log it if all changes result in no-op: “redundant request”

1463

task

1322985484551436

1396529365842456

xfrin

medium

jinmei

DNS Outstanding Tasks

new

use ixfr-in by default

Now we support IXFR to AXFR, we should change the default mode of xfrin protocol from AXFR to IXFR. (Note: It’s probably better to hold off until #1299 is completed to avoid conflicts)

1464

task

1322985744645661

1396529373849828

xfrin

medium

jinmei

DNS Outstanding Tasks

new

do AXFR by ‘retransfer’ command

I suggest we do unconditionally AXFR if zone transfer is invoked via bindctl’s ‘retransfer’ command. It’s more compatible to BIND 9’s ‘rndc retransfer’. (Or maybe we can add an optional ‘type’ parameter for this command whose default is AXFR) (Note: It’s probably better to hold off until #1299 is completed to avoid conflicts)

1465

task

1323019258434804

1323019258434804

Unclassified

medium

larissas

new

DDNS User Story: DDNS Analysis Tools

“[I need] Analysis tools that could aid me in getting more data on what is really going on in our systems. For example, I have a problem that I’m trying to figure out and do not have the tools, or do not know where to find access to what is happening in the”right now" interaction of our DNS with our DHCP and DDNS other than trying to read logs that fly by."

1466

task

1323019367019041

1323019367019041

Unclassified

medium

larissas

new

DDNS User Stories: No DDNS Option

User request is to have a way to run without DDNS at all: “Please be conservative & modular with features. If I don’t want something (say dynamic DNS), then I should be able to run without it.”

1469

defect

1323101532101380

1323352586911784

dhcp

medium

tomek

DHCP Outstanding Tasks

new

SocketInfo may be possibly replaced by boost::ip::udp::socket or asiolink/udp_socket

It was pointed out in #1238 review (comment 6) that SocketInfo in IfaceMgr in dhcp can be possibly replaced by boost::ip::udp::socket or asiolink/udp_socket.

1473

task

1323174884190713

1323174884190713

Unclassified

medium

larissas

new

DDNS User Stories: Finding inactive DDNS machines

“[As an administrator] I need some way to go through DNS and find inactive DDNS machines.”

1474

task

1323174966408510

1338013399079949

Unclassified

medium

larissas

new

DDNS User Stories: Make it fast

“[As an administrator, I need] for dynamic updates [to take] less time to configure”

1475

task

1323175124648575

1323352683698735

Unclassified

medium

larissas

larissas

assigned

DDNS User Stories: Samba4 Interoperability

“[I need there to be]less issues when running [DDNS] alongside Samba4”

1476

task

1323175219546909

1338013370225107

Unclassified

medium

larissas

larissas

assigned

DDNS User Stories: ADDNS interoperability

“[As an administrator using DDNS], I need interoperability with Microsoft ADDNS”

1477

task

1323175388880578

1339829595814921

Unclassified

medium

larissas

new

DDNS User Stories: TSIG

“[As an administrator I want] DDNS with TSIG so I can make sure no one unauthorized is altering my zone data”

1478

task

1323175532090406

1323175532090406

Unclassified

medium

larissas

new

DDNS User Stories: Requirements for high volume

“[As a large scale domain host] rate of dynamic updates DNSSEC with dynamic updates is very high for us, need configuration parameters to customize for this and logging to track it”

1479

task

1323175854242600

1323175854242600

Unclassified

medium

larissas

new

DDNS User Storie: Crash-safe journal

“Dynamic updates journal should really become crash-safe.”

1480

task

1323176229810631

1323176229810631

Unclassified

medium

larissas

new

DDNS User Stories: Dynamic Updates to specific view

“[As an administrator I need] Views and dynamic updates to specific view [so that I can update specific interally or externally facing zones (or other view specific zone data).”

1481

enhancement

1323176461104253

1323356001589423

xfrout

low

shane

new

Optimize size on XFR-out

https://lists.isc.org/pipermail/bind10-dev/2011-December/002851.html During review of #1389, it was discovered, that xfrout splits the stream into messages in an suboptimal way. Currently, it keeps a sum of RR sizes and if this overflows, it renders the message and starts a new one. But, the rendering compresses names. This means few more RRs could fit in, if we are lucky and there are lots of similar names (which there usually are, at last the names of the RRs, if not inside the real data). This is not really a big deal, it doesn’t break anything. But it generates more messages and can increase the size of the whole stream, as we can’t compress names across message boundary. Having less messages mean having less boundaries and more compression. So, I’d like to ask, is it worth fixing? There surely are ways to do it completely right and fill the messages up to the edge. One would be like this: message = * Iterate over the RRs to transfer: * new_message = message * new_message.add(rr) * try to render * if it overflows: * send out message * message = * message.add(rr) * else: * message = new_message That is, of course, slow. However, if we could save the renderer state and could „continue“ with another rr added to the message, it could be made fast (it wouldn’t make the counts in the headers right, but otherwise, we add RRs to the end of message). So, do you think, is it worth fixing?

1482

task

1323208794472721

1389878915635667

logging

medium

jinmei

new

simple logging format checker using unittests

To catch some trivial errors in logging like this: https://lists.isc.org/pipermail/bind10-dev/2011-December/002897.html I’d propose the following: - make sure all python unit tests call `isc.log.resetUnitTestRootLogger()` - make sure all C++ unit tests call `isc::log::initLogger(); - add a top level make target, e.g. check-logformat, which would do B10_LOGGER_DESTINATION=stdout make check

grep ‘^[0-9][0-9][0-9][0-9]-[0-9][0-9]-[0-9][0-9]’

grep ‘%’ and exits with a non 0 code if the output is not empty - fix any current problems that make this target fail - configure a buildbot with enabling this target as a regular test

1487

defect

1323234902695730

1323234902695730

documentation

medium

jinmei

new

BIND 10 guide should explain more about zonemgr configuration

At least - explain configuring it is (in practice) mandatory for a secondary server to make zone transfers - provide a configuration example

1490

defect

1323270428663135

1324388409115033

Unclassified

medium

jreed

new

redundant logging with SRVCOMM_ADDRESS_FAIL and AUTH_CONFIG_UPDATE_FAIL and missing example

This ticket has multiple problems, all related. If I need more tickets, please let me know. This is related to #1419 but in this case I already had configuration in place so not using bindctl. I loaded a configuration that listed an IPv6 address that no longer existed on the interface. This resulted in: 2011-12-07 14:26:38.q ERROR [b10-auth.server_common] SRVCOMM_ADDRESS_FAIL failed to listen on addresses (Failed to initialize network servers: Can’t assign requested address) 2011-12-07 14:26:38.q ERROR [b10-auth.auth] AUTH_CONFIG_UPDATE_FAIL update of configuration failed: Server configuration failed: Failed to initialize network servers: Can’t assign requested address (Ignore the “q” in timestamp due to out of date log4cplus.) 1) Why log twice? 2) Please have it list the address(es) that has the problem. In my case, it was working with IPv4 and so I was initially confused. 3) Why AUTH_CONFIG_UPDATE_FAIL — this is not an attempt to “update the configuration”. This configuration has been in place for over a month. Also the description for the AUTH_CONFIG_UPDATE_FAIL in the message file does not make sense: “At attempt to update the configuration the server with information from the configuration database has failed, the reason being given in the message.” I think it is missing some words or has wrong grammar. In addition I had a configuration with both IPv6 and IPv4 addresses that weren’t configured on any interface: 2011-12-07 14:48:53.q DEBUG [b10-resolver.server_common] SRVCOMM_SET_LISTEN setting addresses to listen to 2011-12-07 14:48:53.q DEBUG [b10-resolver.server_common] SRVCOMM_ADDRESS_VALUE address to set: 2001:4f8:3:d::95#53 2011-12-07 14:48:53.q DEBUG [b10-resolver.server_common] SRVCOMM_ADDRESS_VALUE address to set: 149.20.48.80#53 2011-12-07 14:48:53.q DEBUG [b10-resolver.server_common] SRVCOMM_ADDRESS_VALUE address to set: ::1#53 2011-12-07 14:48:53.q DEBUG [b10-resolver.server_common] SRVCOMM_ADDRESS_VALUE address to set: 127.0.0.1#53 2011-12-07 14:48:53.q ERROR [b10-resolver.server_common] SRVCOMM_ADDRESS_FAIL failed to listen on addresses (Failed to initialize network servers: Can’t assign requested address) 2011-12-07 14:48:53.q ERROR [b10-resolver.resolver] RESOLVER_CONFIG_ERROR error in configuration: Failed to initialize network servers: Can’t assign requested address This doesn’t tell me which ones failed. And notice the SRVCOMM_SET_LISTEN line is incomplete or wrong grammar. Listen “on”? And why does the auth server have one log message that is quite different from the resolver’s message?

1492

defect

1323277092325829

1324388410159588

Unclassified

low

jreed

new

add debug logging for when timer is triggered to notify xfrin

Xfrin logs XFRIN_XFR_TRANSFER_STARTED but I don’t know what triggered that. Please add DEBUG level logging to zonemgr for when the timer is triggered to notify xfrin. Please add DEBUG level logging to xfrin for when it receives notify and other commands.

1493

defect

1323278376179515

1324388410516405

Unclassified

low

jreed

new

tests/system/ixfr/in-2 is missing bind10.run output

tests/system/ixfr/in-2 is missing bind10.run output either it was removed or never saved. please make sure it is kept around so it can be analyzed. Note there is the corresponding: tests/system/ixfr/in-2/ns1/named.run

1494

task

1323338178346051

1324388411185427

Unclassified

medium

shane

new

Review environment variable use in BIND 10

BIND 10 has inconsistent use of environment variables. This ticket is to review the research Jeremy did in May and update it: https://lists.isc.org/pipermail/bind10-dev/2011-May/002288.html A follow-up ticket will actually implement any agreed-upon changes.

1495

enhancement

1323345408263358

1394116826100586

b10-auth

low

jreed

DNS Outstanding Tasks

new

DEBUG log when NOTIFY is received

In addition to #1492, have b10-auth log at some DEBUG level when a NOTIFY is received.

1496

enhancement

1323427164192949

1323955380563870

xfrout

low

vorner

new

Making the xfrout messages really full

Currently, the xfrout decides when to start a new message based on the size of uncompressed RRs. But the RRs are sent compressed, so this leads to messages that are not completely filled. It should be possible to do something like incremental message rendering to know the final compressed size. The actuall benefit of this is unknown, but beleived to be low anyway, so this probably is a low-priority task.

1497

enhancement

1323427485658178

1394116608027166

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

Chroot for socket creator

The socket creator should be able to create a temporary (empty) directory, chroot there and delete the directory. As the socket creator should be the only component running with elevated privileges, it should increase the trust in its safety, even as chroot itself is not primarily security related feature.

1498

enhancement

1323427701350145

1394116620114584

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

Droping root in socket creator

On system where it is possible, the socket creator should drop all the privileges except only the ones needed to bind privileged sockets. Together with #1497, it should provide good trust in its security.

1499

enhancement

1323427995949111

1392912640058718

resolver

low

stephen

DNS Outstanding Tasks

new

Add upstream nameserver information to debug messages

Ticket #1383 improved the debug messages available to diagnose problems in responses received from upstream nameservers. However, missing from each message is information about the nameserver from which the response was received. This ticket involves making that information available to the debug messages and updating the messages to include it.

1506

task

1324055666064594

1328717731614489

Unclassified

medium

jelte

new

extract the common patterns from python modules

We have a number of python modules now, and most of those use very similar code (for instance for startup, option parsing, catching signals, etc.), or their code can be made to be very similar. The suggestion is to extract those pieces, and not have duplicate code. An addendum is that the dummy module for b10-ddns does a few things a tiny bit differently (for instance no global for catching signals, and a separate main() function), that we should apply to other modules too. This should automatically take care of that (Assuming those things are used in this ‘extracted’ code)

1507

task

1324055909292358

1328621887114801

Unclassified

medium

jelte

new

Extract the common dummy classes for python (module) tests

We have a number of python tests where we have created dummy classes, for example MySocket, MyCCSession and MockDataSrc, MockDataSourceClient, etc. It would be nice to have these extracted, not only to prevent duplicate code now, but also to be able to quickly use them when adding new tests (or tests for new modules).

1511

task

1324229809916537

1324388415717726

DDNS

medium

jelte

new

Documentation for b10-ddns

Write or complete the b10-ddns manpage and section in the bind10 guide

1521

defect

1324464330071317

1394116634419436

Boss of BIND

medium

jelte

Common Outstanding Tasks

new

Make boss process close children on SIGHUP and internal fatal errors

There are some scenarios where child processes of the boss are not cleaned up well, notable cases are sending a SIGHUP and uncaught exceptions in the boss code. In either case, we should always close all child processes if the boss exits, so if it isn’t available yet, we need exception-free process cleanup code (and point the correct handlers to it). For SIGHUP, this has been more-or-less addressed in #642, but at the time it turned out to be more work than we had time for. The changes made there are probably not applicable anymore, but have been kept around for reference in branches/trac642-historic.

1525

defect

1324557521847740

1331917011391166

build system

low

UnAssigned

jreed

new

configure should fail immediately if no pkg-config?

checking for pkg-config… no checking for botan-config… no ./configure: line 16580: —libs: command not found ./configure: line 16581: —cflags: command not found … [failure later] botan-config-1.10 is my executable name. Note that later configure.ac does have check and failure for pkg-config (used to for sqlite3), so just move this earlier.

1529

defect

1325077429812275

1326903459326515

libdhcp

medium

tomek

DHCP Outstanding Tasks

new

ifconfig parser improvements

libdhcp+ currently have interface detection implemented that uses netlink. It works on linux only. To validate its correctness, tests parse ifconfig output and match with list returned by libdhcp+. Unfortunately, this approach has 2 problems: - some ifconfig outputs vary between Linux versions, e.g. Gentoo version produces slightly different output than Ubuntu - In case of several addresses assigned to a single interface, ifconfig report alias interfaces while netlink reports a single interface with several addresses assigned. Jeremy suggested to write an awk script that will produce a consistent output. Shane suggested that Python would be better, as we already use Python.

1530

defect

1325090564832766

1328621888606606

Unclassified

medium

jreed

new

BIND10_STARTUP_ERROR error during startup: Unable to start b10-cfgmgr: ‘xfrin’

I had this strange failure: 2011-12-23 21:16:46.001 FATAL [b10-boss.boss] BIND10_STARTUP_ERROR error during startup: Unable to start b10-cfgmgr: ‘xfrin’ Notice is says b10-cfgmgr and ‘xfrin’. I removed the Boss config for the b10-xfrin. On next attempt I then got same error for xfrout, so removed its configuration also: b10-xfrout {kind “dispensable”, special “xfrout”}, Then it worked. I don’t understand the error message. And I don’t understand what caused these configurations to be there. As a reminder, see #1219 ticket — I also didn’t understand the same error message. (I created a new ticket instead since this is different.) Also see #1443 — since I can’t even start components to fix the problem.

1536

task

1325287488003233

1327400937432913

data source

medium

jinmei

new

ZoneFinder::find should (probably) throw for out-of-zone name

See discussions at #1430. In short, calling find() for (clearly) out-of-zone name should be considered a caller’s bug, so it would make more sense to indicate it via an exception. Note: this should be done after #1535. Otherwise it will accidentally kill notify_out (and xfrout as a result).

1537

defect

1325521971174272

1340064910295911

Unclassified

medium

shane

new

Handle error receiving file descriptors

I was seeing this in my log file: 2012-01-02 16:02:53.168 ERROR [b10-xfrout.xfrout] XFROUT_RECEIVE_FILE_DESCRIPTOR_ERROR error receiving the file descriptor for an XFR connection 2012-01-02 16:02:53.168 ERROR [b10-xfrout.xfrout] XFROUT_RECEIVE_FILE_DESCRIPTOR_ERROR error receiving the file descriptor for an XFR connection 2012-01-02 16:02:53.168 ERROR [b10-xfrout.xfrout] XFROUT_RECEIVE_FILE_DESCRIPTOR_ERROR error receiving the file descriptor for an XFR connection Also, b10-xfrout then uses 100% of CPU once this condition occurs. I discovered that this ultimately comes from fd_share.cc: const int cc = recvmsg(sock, &msghdr, 0); if (cc <= 0) { free(msghdr.msg_control); if (cc == 0) { errno = ECONNRESET; } return (FD_SYSTEM_ERROR); } Looking via strace I find: select(13, [9 12], [], [], NULL) = 1 (in [12]) recvmsg(12, {msg_name(0)=NULL, msg_iov(1)=[{“”, 1}], msg_controllen=0, msg_flags=0}, 0) = 0 My guess is that is what is happening is that the process on the other side of the Unix domain socket has closed the connection (perhaps due to dying), and that the xfrout gets stuck in a loop. What I think we should do is: 1. Check for this condition everywhere in the code and re-connect (or error in some meaningful way) when we discover it. 2. Update the documentation to specify that this is necessary.

1544

task

1325761490369172

1328718119508541

statistics

medium

naokikambe

new

Resolve the design issues about names in MIB of stats-snmp

As result of #930 we found at least two possible issues about names in MIB of stats-snmp in the current design as described in the prototype implement in the experiment branch(kambe-SNMP-stats) and in the document StatsModule#StatsSnmp(#1448). * The MIB of stats-snmp is statically generated when the BIND 10 is made. And if we change the daemons to run, for example, when we disable the Auth daemon and enable the Resolver daemon, there may be an inconsistency between such static MIB and the statistics list which is dynamically answered by the Stats daemon. * There might be name duplication in MIB. For example, if one name authQueriestcp is defined in MIB as two different OIDs .1.3.6.1.4.1.2021.255.0.0 and .1.3.6.1.4.1.2021.255.0.2.0.2, we can access to the object firstly matched in MIB by authQueriestcp but we cannot access secondly matched one by same way. Improve current data mapping between specfile and MIB to resolve these design issues, and then revise the document StatsModule#StatsSnmp.

1569

defect

1326821487398082

1328718154706396

Unclassified

medium

jelte

DHCP Outstanding Tasks

new

IFaceMgrTest fails on some systems

It may be the ifconfig output format, or perhaps that some systems have a few non-default virtual interfaces). It certainly fails on my Ubuntu system, and apparently on vorner’s gentoo as well. [ RUN ] IfaceMgrTest.getIface Interface checks. Please ignore socket binding errors. IfaceMgr initialization. Linux: detecting interfaces. Detected interface lo/1, hwtype=772, maclen=6, mac=00:00:00:00:00:00, flags=10049(LOOPBACK UP RUNNING ) 2 addr(s): 127.0.0.1 ::1 Detected interface eth0/2, hwtype=1, maclen=6, mac=20:cf:30:db:d9:19, flags=11043(UP RUNNING MULTICAST BROADCAST ) 3 addr(s): 192.168.8.30 2001:470:1f15:17ba:22cf:30ff:fedb:d919 fe80::22cf:30ff:fedb:d919 Detected interface virbr0/3, hwtype=1, maclen=6, mac=fe:54:00:49:3c:6f, flags=11043(UP RUNNING MULTICAST BROADCAST ) 1 addr(s): 192.168.122.1 Detected interface vnet0/5, hwtype=1, maclen=6, mac=fe:54:00:49:3c:6f, flags=11043(UP RUNNING MULTICAST BROADCAST ) 1 addr(s): fe80::fc54:ff:fe49:3c6f There are 8 interfaces. lo/1 eth0/2 virbr0/3 vnet0/5 lo1/1 eth5/2 en3/5 e1000g0/3 iface_mgr_unittest.cc:207: Failure Value of: tmp->getName() Actual: “vnet0” Expected: “en3” [ FAILED ] IfaceMgrTest.getIface (1 ms) If this isn’t fixed for the release, I propose we simply disable it in the release branch.

1572

task

1326868754682390

1389878540361599

data source

medium

jinmei

new

DS query handling in database data source

See #1571. We need to do the same thing for the `DatabaseClient`. (But this should go to the backlog for the moment, according to our current task priorities).

1589

task

1326889420293980

1328718171476250

Unclassified

medium

vorner

new

Portconfig redesign

The isc::server_common::portconfig would need a little bit of redesigning. The logic with the state is not entirely clean, it might become an object holding the configuration and be able to apply it. Also a better error handling might be helpful. And it would be good if the portconfig::test_mode wouldn’t be necessary.

1590

defect

1326889474949114

1328718355583811

Unclassified

medium

vorner

new

Make SocketCreator not a singleton

It might be cleaner to have a local object.

1591

defect

1326889550549884

1328718371895885

Unclassified

medium

vorner

new

Handle the case when application can’t inform boss about released socket.

If the communication with the boss fails, it might end up in inconsistent state. We should at last kill the application and start over.

1592

task

1326889631478056

1328718386656768

Unclassified

medium

vorner

new

Move testutils/socket_request.h

Moving it somewhere from testutils (possibly server_common/tests) will make it possible to have a corresponding .cc file and hide the details and gtest.h header.

1594

task

1326889844284424

1328718406743593

Unclassified

medium

vorner

new

Use different place for socketcreator master socket

The unix domain socket is currently placed under /tmp. This might arguably not the best place for it, at last because of consistency. We should discuss it and move it somewhere else.

1609

task

1327054489254688

1368439257140873

dhcp

medium

UnAssigned

stephen

DHCP Outstanding Tasks

assigned

Review object breakdown of DHCP code

Review the object structure of the BIND 10 DHCP code to date and make recommendations about any refactoring needed.

1624

defect

1327415052754054

1329823712899211

Unclassified

medium

jreed

new

Unable to start b10-msgq, but it is started and running

I started bind10 —verbose: 2012-01-24 08:15:22.099 INFO [b10-boss.boss] BIND10_STARTING starting BIND10: bind10 20110223 (BIND 10 20111129) 2012-01-24 08:15:22.119 DEBUG [b10-boss.boss] BIND10_CHECK_MSGQ_ALREADY_RUNNING checking if msgq is already running 2012-01-24 08:15:22.138 INFO [b10-boss.boss] BIND10_CONFIGURATOR_START bind10 component configurator is starting up 2012-01-24 08:15:22.158 DEBUG [b10-boss.boss] BIND10_CONFIGURATOR_BUILD building plan ‘{}’ -> ‘{’sockcreator’: {’priority’: 200, ‘kind’: ‘core’, ‘special’: ‘sockcreator’}, ‘msgq’: {’priority’: 199, ‘kind’: ‘core’, ‘special’: ‘msgq’}, ‘cfgmgr’: {’priority’: 198, ‘kind’: ‘core’, ‘special’: ‘cfgmgr’}}’ 2012-01-24 08:15:22.176 DEBUG [b10-boss.boss] BIND10_CONFIGURATOR_RUN running plan of 3 tasks 2012-01-24 08:15:22.192 DEBUG [b10-boss.boss] BIND10_CONFIGURATOR_TASK performing task start on Socket creator 2012-01-24 08:15:22.214 INFO [b10-boss.boss] BIND10_COMPONENT_START component Socket creator is starting 2012-01-24 08:15:22.294 INFO [b10-boss.boss] BIND10_SOCKCREATOR_INIT initializing socket creator parser 2012-01-24 08:15:22.314 DEBUG [b10-boss.boss] BIND10_STARTED_PROCESS_PID started b10-sockcreator (PID 8761) 2012-01-24 08:15:22.334 DEBUG [b10-boss.boss] BIND10_CONFIGURATOR_TASK performing task start on msgq 2012-01-24 08:15:22.354 INFO [b10-boss.boss] BIND10_COMPONENT_START component msgq is starting 2012-01-24 08:15:22.371 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-msgq 2012-01-24 08:15:22.619 DEBUG [b10-boss.boss] BIND10_STARTED_PROCESS_PID started b10-msgq (PID 6349) 2012-01-24 08:15:27.753 ERROR [b10-boss.boss] BIND10_COMPONENT_START_EXCEPTION component msgq failed to start: Unable to connect to c-channel after 5 seconds 2012-01-24 08:15:27.757 ERROR [b10-boss.boss] BIND10_COMPONENT_FAILED component msgq (pid None) failed with unknown exit status 2012-01-24 08:15:27.758 FATAL [b10-boss.boss] BIND10_COMPONENT_UNSATISFIED component msgq is required to run and failed 2012-01-24 08:15:27.759 ERROR [b10-boss.boss] BIND10_CONFIGURATOR_PLAN_INTERRUPTED configurator plan interrupted, only 1 of 3 done 2012-01-24 08:15:27.760 INFO [b10-boss.boss] BIND10_KILLING_ALL_PROCESSES killing all started processes 2012-01-24 08:15:27.760 INFO [b10-boss.boss] BIND10_KILL_PROCESS killing process Socket creator 2012-01-24 08:15:27.761 WARN [b10-boss.boss] BIND10_SOCKCREATOR_KILL killing the socket creator 2012-01-24 08:15:27.769 FATAL [b10-boss.boss] BIND10_STARTUP_ERROR error during startup: Unable to start b10-msgq: Component failed during startup Now it has been a few minutes b10-msgq hasn’t exited yet. I sent a term signal to it and it exited. I could repeat this.

1625

defect

1327420316714945

1333469720780363

bind-ctl

low

jreed

new

config go to a list confusion

> config go Auth/listen_on /Auth/listen_on> config show Auth/listen_on[0]/address “::” string (default) Auth/listen_on[0]/port 53 integer (default) Auth/listen_on[1]/address “0.0.0.0” string (default) Auth/listen_on[1]/port 53 integer (default) /Auth/listen_on> config set Auth/listen_on[0]/port 5300 Error: /Auth/listen_on/Auth/listen_on[0]/port not found /Auth/listen_on> config go / > config show Auth Auth/database_file “/home/reed/builder/work/BIND10/20120124093934-NetBSD5-i386/install/var/bind10-devel/zone.sqlite3” string (default) Auth/datasources [] list (default) Auth/statistics-interval 60 integer (default) Auth/listen_on/ list (default) > config go Auth/listen_on /Auth/listen_on> config set [0]/port 5300 The show output is not prefixed with a slash, that makes it appear that the “go” didn’t work or that is configurables below current location. Maybe it should prefix a slash or only show the item, for example: > config go /Auth/listen_on /Auth/listen_on> config show [0]/address “::” string (default) [0]/port 53 integer (default) [1]/address “0.0.0.0” string (default) [1]/port 53 integer (default) (Note above does not exist yet.)

1629

defect

1327506670328527

1359562886790256

logging

medium

UnAssigned

jreed

assigned

logging with garbage in it

See https://lists.isc.org/pipermail/bind10-dev/2011-December/002901.html There was a timeout in a lettuce test on December 6. Wait for bind10 stderr message CMDCTL_STARTED The stderr output has garbage in it. (I piped through cat v so I could paste it.) }} Today on same system I saw another corrupted log file : macmini:system jreed$ grepa –1 ‘[[:cntrl:]]’ ./ixfr/in-2/nsx2/bind10.run

cat -v 2012-01-25 03:58:52.408 DEBUG [b10-cmdctl.cmdctl] CMDCTL_STARTED cmdctl is listening for connections on 127.0.0.1:8080 2012-01-25 03:58:52.429 012-01-25 03:58:52.428IINFO ^^ @^XFROUT_NEW_CONFIG Update xfrout configuration^^^^^^^^^^^^^^^^^^^^^^^<br>^2012-01-25 03:58:52.429 INFO [b10-xfrout.xfrout] XFROUT_NEW_CONFIG_DONE Update xfrout configuration done 2012-01-25 03:59:07.946 INFO [b10-xfrin.xfrin] XFRIN_XFR_TRANSFER_STARTED IXFR transfer of zone example/IN started Looks like corruption in same place.

1630

task

1327515699493178

1327515699493178

Unclassified

low

jreed

shane

new

Change automatic unit test reporter to warn if percentage of coverage goes down

This item came up from the face to face meeting. With our current policies, any new code should have unit tests. This means that our test coverage percentage should never go down. The idea of this ticket is for the scripts that we run automatically to produce coverage reports to send an e-mail if it discovers that our test coverage has declined.

1631

task

1327516267222093

1329463682149414

Unclassified

medium

shane

new

Turn goals for documentation into a plan to produce

This ticket comes from the BIND 10 face to face meeting. We came up with a proposed structure of documentation, and need to create a plan to actually making that happen.

1632

task

1327516567137440

1343912070022677

Unclassified

medium

jreed

shane

new

Experiment using Doxygen for Python

This action came out of the BIND 10 face to face meeting. We currently use pydoc for our Python documentation, and doxygen for our C++ documentation. However, apparently doxygen can work for both. We need to investigate what is needed to use doxygen for our Python documentation.

1636

task

1327565743235142

1344438981978028

Unclassified

medium

shane

shane

accepted

Redesign the BIND 10 Wiki

The BIND 10 wiki is not helpful for most people landing there. This needs to be redesigned.

1645

task

1328271184994582

1328271184994582

Unclassified

medium

shane

new

Add anti-spam facilities to Trac

We are starting to have non-trivial amounts of Trac spam, so we need to investigate tools to block this when possible, or minimize the effects in some way.

1647

defect

1328523121240668

1328805729377714

xfrout

medium

jelte

new

logging in xfrout is incomplete

Some error conditions in xfrout should be logged, such as tsig key mismatch. See for starters https://lists.isc.org/pipermail/bind10-users/2012-February/000168.html but we should probably go through the module and add other log messages as well.

1652

enhancement

1328620423271737

1328820919398110

msgq

low

jreed

new

msgq write to stderr on startup and exit status

If msgq has a failure when it attempts to start, it should write to stderr and also have return some exit status indicating the problem. (As mentioned in F2F 2012-01.)

1653

defect

1328620761245706

1394116652575675

Boss of BIND

very low

jreed

Common Outstanding Tasks

new

too much output at startup

(As discussed at F2F 2012-01.) Reduce the logging output for startup of bind10. For example has both BIND10_COMPONENT_START and BIND10_STARTING_PROCESS at INFO. And other components indicate own startup too like RESOLVER_STARTING. Maybe use a DEBUG level for these?

1654

defect

1328620862874551

1328828613174652

xfrout

very low

jreed

new

reduce xfrout logging

Reduce xfrout logging. For example both of these are INFO: 2012-01-17 16:05:53.911 INFO [b10-xfrout.xfrout] XFROUT_NEW_CONFIG Update xfrout configuration 2012-01-17 16:05:53.911 INFO [b10-xfrout.xfrout] XFROUT_NEW_CONFIG_DONE Update xfrout configuration done Maybe one or both can be DEBUG.

1656

defect

1328621163310965

1392911711044514

Unclassified

low

jreed

DNS Outstanding Tasks

new

ZONEMGR_NO_SOA should not warn when adding new zone

It should not WARN the ZONEMGR_NO_SOA when adding a new zone.

1657

defect

1328621237107039

1328810368022696

Unclassified

medium

jreed

new

zonemgr should not ask for IXFR on new zone

zonemgr should not ask for IXFR on new zone. It should do AXFR.

1658

enhancement

1328621723577463

1328821085547843

logging

low

jreed

new

log when adding new configuring new logging

When adding or changing to a new logging configuration (loggers, output), then log about it to that new output — that is a single line to introduce it.

1659

defect

1328621858996557

1328812632272980

configuration

medium

jreed

new

be able to view default list configurations

If using bindctl, you can view a list that has the default configurations. You should be able to view all configurations even if defaults (so don’t have to go find the spec file and interpret it manually).

1661

defect

1328622693273693

1328821109597944

bind-ctl

low

jreed

new

config go strangeness

Check this out: > config go Xfrin/transfers_in /Xfrin/transfers_in> config go .. /Xfrin> config go zones/ /Xfrin/zones> config go .. /Xfrin> config go zones /Xfrin/zones> config show Xfrin/zones[0]/name “foo” string Xfrin/zones[0]/class “IN” string (default) Xfrin/zones[0]/master_addr “192.168.2.3” string Xfrin/zones[0]/master_port 53 integer (default) Xfrin/zones[0]/tsig_key null string Xfrin/zones[0]/use_ixfr false boolean (default) /Xfrin/zones> config go zones[0]/use_ixfr Error: /Xfrin/zones/zones[0]/use_ixfr not found /Xfrin/zones> config go [0] /Xfrin/zones[0]> config show Xfrin/zones[0]/name “foo” string Xfrin/zones[0]/class “IN” string (default) Xfrin/zones[0]/master_addr “192.168.2.3” string Xfrin/zones[0]/master_port 53 integer (default) Xfrin/zones[0]/tsig_key null string Xfrin/zones[0]/use_ixfr false boolean (default) /Xfrin/zones[0]> config go tsig_key Error: /Xfrin/zones[0]/tsig_key not found /Xfrin/zones[0]> config go /Xfrin/zones[0]/master_addr /Xfrin/zones[0]/master_addr> config show Xfrin/zones[0]/master_addr “192.168.2.3” string /Xfrin/zones[0]/master_addr> config go .. /Xfrin/zones[0]> config go master_addr /Xfrin/zones[0]/master_addr> config go .. /Xfrin/zones[0]> config go /Xfrin/zones[0]/tsig_key Error: /Xfrin/zones[0]/tsig_key not found /Xfrin/zones[0]> config show /Xfrin/zones[0]/tsig_key Error: Xfrin not found /Xfrin/zones[0]> config show /Xfrin Error: Xfrin not found /Xfrin/zones[0]> config go .. /Xfrin> config go .. > config show /Xfrin Xfrin/transfers_in 10 integer (default) Xfrin/zones/ list Sometimes it works and sometimes it doesn’t. Notice how it can’t go into tsig_key. Also noitce that /Xfrin is not found.

1662

task

1328622766732752

1329823713576974

documentation

medium

jreed

new

documentation: logging quick start examples

For the guide, have some quick start examples for logging in addition or instead of the tutorial.

1663

task

1328623332829622

1328627735816334

Unclassified

medium

jreed

new

doxygen generation automated on builder

Add a doxygen build task to one system on the build farm. The verbose output may need to be parsed or reduced and trigger failure on some types of issues.

1664

enhancement

1328623686802418

1328821126663106

build system

low

UnAssigned

jreed

new

configure provide more help for building

Have configure have some output about “If having problem building …” even in —help output. Maybe point to documentation, websites, list addresses.

1670

enhancement

1328882972995808

1394116840891047

b10-auth

medium

Dr. Jeffry A. Spain

DNS Outstanding Tasks

new

Ability to control version.bind output

Question from the users mailing list: In bind10-devel-20120119, how can the response to ‘dig @server version.bind. CH TXT’ be disabled in a manner equivalent to ‘options { version none; };’ in bind9? Thanks. https://lists.isc.org/pipermail/bind10-users/2012-February/000184.html AFAIK this is not possible, but it should be easy and useful to add.

1672

defect

1329168961119532

1392912620635197

resolver

low

Jeffry A. Spain

DNS Outstanding Tasks

new

b10-resolver crashing with status 11 when compiled with —enable-boost-threads

In my most recent build of bind10-devel-20110119, built according to http://bind10.isc.org/wiki/SystemNotesUbuntuOneiric, b10-resolver is failing after being given the query ‘dig @localhost jaspain.net a’, or any query for that matter. Most of the installed prerequisites are newer versions than those in the standard Ubuntu packages that I have used previously with success, so I will try to figure out which one may be causing the problem. Based on the following log excerpts, if you have a sense of where the problem lies, would you please let me know. Thanks. The following is log from bind10-users mailing list. https://lists.isc.org/pipermail/bind10-users/2012-February/000216.html Apparently any query caused resolver to crash. 2012-02-12 23:00:20.613 DEBUG [b10-resolver.resolver] RESOLVER_QUERY_ACCEPTED query accepted: ‘jaspain.net./A/IN’ from 127.0.0.1#37965 2012-02-12 23:00:20.613 DEBUG [b10-resolver.resolver] RESOLVER_NORMAL_QUERY processing normal query 2012-02-12 23:00:20.613 DEBUG [b10-resolver.reslib] RESLIB_RESOLVE asked to resolve (resolve() instance 2) 2012-02-12 23:00:20.613 DEBUG [b10-resolver.reslib] RESLIB_RECQ_CACHE_NO_FIND did not find in the cache, starting RunningQuery (resolve() instance 2) 2012-02-12 23:00:20.613 DEBUG [b10-resolver.reslib] RESLIB_NSAS_LOOKUP looking up nameserver for zone . in the NSAS 2012-02-12 23:00:20.613 DEBUG [b10-resolver.nsas] NSAS_SEARCH_ZONE_NS searching NSAS for nameservers for zone . 2012-02-12 23:00:20.613 DEBUG [b10-resolver.reslib] RESLIB_RESOLVE asked to resolve <. IN NS> (resolve() instance 1) 2012-02-12 23:00:20.613 DEBUG [b10-resolver.nsas] NSAS_FIND_NS_ADDRESS asking resolver to obtain A and AAAA records for l.root-servers.net. 2012-02-12 23:00:20.613 DEBUG [b10-resolver.reslib] RESLIB_RESOLVE asked to resolve (resolve() instance 1) 2012-02-12 23:00:20.613 DEBUG [b10-resolver.reslib] RESLIB_RESOLVE asked to resolve (resolve() instance 1) 2012-02-12 23:00:20.676 DEBUG [b10-resolver.nsas] NSAS_SEARCH_ZONE_NS searching NSAS for nameservers for zone net. 2012-02-12 23:00:20.676 DEBUG [b10-resolver.reslib] RESLIB_RESOLVE asked to resolve (resolve() instance 1) 2012-02-12 23:00:20.678 INFO [b10-boss.boss] BIND10_LOST_SOCKET_CONSUMER consumer 20 of sockets disconnected, considering all its sockets closed 2012-02-12 23:00:20.678 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 1855 of b10-resolver ended with status 11 2012-02-12 23:00:20.678 ERROR [b10-boss.boss] BIND10_COMPONENT_FAILED component b10-resolver (pid 1855) failed with 11 exit status 2012-02-12 23:00:20.678 INFO [b10-boss.boss] BIND10_COMPONENT_START component b10-resolver is starting 2012-02-12 23:00:20.678 WARN [b10-boss.boss] BIND10_START_AS_NON_ROOT_RESOLVER starting b10-resolver as a user, not root. This might fail. 2012-02-12 23:00:20.678 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-resolver 2012-02-12 23:00:20.685 DEBUG [b10-boss.boss] BIND10_STARTED_PROCESS_PID started b10-resolver (PID 1867)

1674

defect

1329257610581110

1392912596662655

resolver

low

jreed

DNS Outstanding Tasks

new

confusing CACHE_RRSET_REMOVE_OLD

2012-02-14 18:32:18.196 DEBUG [b10-resolver.cache] CACHE_RRSET_REMOVE_OLD removing old RRset for ams.sns-pb.isc.org./AAAA/IN to make space for new one Why remove old RRSet on first query?

1675

enhancement

1329296537935503

1394116664953487

Boss of BIND

medium

vorner

Common Outstanding Tasks

new

Allow specifying count in an component configuration

Currently, if a user wants to run multiple instances of a component (eg. an auth for each core), multiple copies of the component configuration must be specified in Boss/components. It would be more convenient to have a `count` configuration variable and the system would start so many instances by itself. If the isc.bind10.components.Component class is modified to take care of multiple processes or if multiple component objects are generated from single configuration element is to be decided.

1676

enhancement

1329296772886889

1329823718431454

Unclassified

medium

vorner

new

Differentiate instances of the same components in logs

If multiple instances of a single component are running, it would be convenient to differentiate them in logs in case the outputs are mixed up (eg. have b10-auth-1, b10-auth-2, etc). This might turn out to be an easy extension of #1675, when the system knows it should start n instances of single component, it could provide a different number as a command line argument to each of the instances and the component would modify its name in logs according to this.

1677

enhancement

1329297072638129

1329390620126168

Unclassified

medium

vorner

new

Remove local log level constants

We defined the consistent debug levels (eg. `DBGLVL_START_SHUT`). However, when switching to them, we just redefined the constants used in the existing code to point to these, like this: #!c++ const int DBG_AUTH_START = DBGLVL_START_SHUT; This should be cleaned up and the local constants replaced by the global ones. This should be an easy search&replace, but it could be convenient to split it up into multiple tickets by the components, to have smaller diffs to review.

1679

enhancement

1329298384374814

1336568071055568

Unclassified

medium

vorner

new

Auto-generate backtraces & crash reports

It would be good if whenever a process crashes, a crash report with some useful information is produced and saved somewhere, noted in a log and the admin is asked to send it. The idea is to use whatever is available in the system to get the information, for example use gdb to attach to the process and get the information or use some built-in methods. The crashing process could have a handler for registered all reasonable fatal signals and call a shell script with it’s PID and name and the script would write down system information, call gdb on the PID, produce the backtrace, etc… It might make sense to register the signals for python too (in case it crashes in the wrapper code) and make sure any uncaught exceptions are caught at the highest level and written down to a file. I attach a file which does that (from one of my own projects), it is slightly different, it produces the backtrace to the screen and leaves the gdb running, but it can illustrate the idea. While this relies on having gdb installed on the system and having debug information compiled in (which we could enable by default), it would at least increase the chance of getting useful bug report and make it easier for a user to generate them.

1683

task

1329315225571717

1332237437723377

Unclassified

medium

shane

shane

new

Review all Trac tickets

We need to go through our tickets on the Trac site and check the status of them all. Here’s a link: http://bind10.isc.org/query?status=accepted&status=assigned&status=new&status=reopened&status=reviewing&max=1000&col=id&col=summary&col=status&col=owner&col=type&col=priority&col=milestone&col=component&col=time&col=changetime&col=feature&order=id There are over 600, so this will take awhile. Spending a couple hours a day will hopefully get this done in a month or so.

1685

task

1329315368637216

1329315368637216

Unclassified

medium

shane

new

Document and test security procedures

We need to write down how we handle security bugs discovered in BIND 10.

1689

defect

1329387513525977

1392999621271534

Unclassified

medium

shane

DNS Outstanding Tasks

new

Handle RRSIG TTL properly when combining multiple RRSIG into a single RRSet

Apparently we improperly modify the TTL when we are dealing with RRSIG within an RRSet. This came out of discussion on ticket #152: MessageImpl::parseSection() would still need to consider RRSIG type covered when it combines multiple RRSIGs into a single RRset. That would go to a separate ticket.

1694

enhancement

1329402017073627

1330431728587315

bind-ctl

medium

shane

new

bindctl should be able to run when BIND 10 is down

This is a result of a comment in ticket #304. Basically, bindctl should be able to do some things when BIND 10 is not running.

1700

task

1329906336862876

1329906336862876

Unclassified

medium

shane

new

Trac ticket dependency plugin

We should try to get one of the plugins which supports dependencies between Trac tickets

1706

defect

1329928997058676

1330431986105718

msgq

medium

jreed

new

msgq exiting early? socket.error: [Errno 104] Connection reset by peer

2012-02-22 11:20:34.342 INFO [b10-boss.boss] BIND10_SEND_SIGTERM sending SIGTERM to b10-xfrout (PID 23285) 2012-02-22 11:20:34.342 INFO [b10-boss.boss] BIND10_SEND_SIGTERM sending SIGTERM to b10-auth (PID 23286) 2012-02-22 11:20:34.343 INFO [b10-boss.boss] BIND10_SEND_SIGTERM sending SIGTERM to b10-zonemgr (PID 23287) 2012-02-22 11:20:34.343 INFO [b10-boss.boss] BIND10_SEND_SIGTERM sending SIGTERM to b10-stats (PID 23288) Traceback (most recent call last): File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/libexec/bind10-devel/b10-xfrout”, line 1040, in xfrout_server = XfroutServer() File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/libexec/bind10-devel/b10-xfrout”, line 922, in init self.cc.start File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/config/ccsession.py”, line 211, in start self.send_spec File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/config/ccsession.py”, line 389, insend_spec answer, env = self.session.group_recvmsg(False, seq) File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 266, in group_recvmsg env, msg = self.recvmsg(nonblock, seq) File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 121, in recvmsg data = self.receive_full_buffer File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 230, inreceive_full_buffer raise se File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 203, in receive_full_buffer self.receive_len_data() File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 163, in receive_len_data new_data = self.receive_bytes(self.recv_len_size) File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 149, inreceive_bytes data = self.socket.recv socket.error: Connection reset by peer Traceback : File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/libexec/bind10-devel/b10-zonemgr”, line 692, in zonemgrd = Zonemgr File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/libexec/bind10-devel/b10-zonemgr”, line 517, ininit self.setup_session() File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/libexec/bind10-devel/b10-zonemgr”, line 536, in setup_session self.module_cc.add_remote_config(AUTH_SPECFILE_LOCATION) File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/config/ccsession.py”, line 349, in add_remote_config answer, env = self.session.group_recvmsg File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 266, in group_recvmsg env, msg = self.recvmsg File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 121, in recvmsg data = self.receive_full_buffer(nonblock) File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 230, in receive_full_buffer raise se File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 203, inreceive_full_buffer self.receive_len_data File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 163, inreceive_len_data new_data = self.receive_bytes File “/home/jreed/builder/work/BIND10/20120222082222-CentOS5-x86_64-GCC/install/lib/python3.1/site-packages/isc/cc/session.py”, line 149, inreceive_bytes data = self._socket.recv(size) socket.error: [Errno 104] Connection reset by peer 2012-02-22 11:20:34.443 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 23278 of msgq ended with status 0

1707

defect

1329939626794526

1394116855912999

b10-auth

medium

jreed

DNS Outstanding Tasks

new

Default configuration was used when mistake in different configuration

Default configuration was used when mistake in different configuration: 2012-02-22 13:09:04.846 INFO [b10-auth.auth] AUTH_SERVER_CREATED server created 2012-02-22 13:09:04.855 ERROR [b10-auth.auth] AUTH_CONFIG_UPDATE_FAIL update of configuration failed: Server configuration failed: Failed to open master file: /home/jreed/dnsbenchsuite/tests/root/root.zone.file-canonical 2012-02-22 13:09:04.887 INFO [b10-boss.boss] BIND10_SOCKET_GET requesting socket [::]:53 of type TCP from the creator 2012-02-22 13:09:04.888 ERROR [b10-boss.boss] BIND10_SOCKET_ERROR error on bind call in the creator: 13/Permission denied 2012-02-22 13:09:04.889 ERROR [b10-auth.server_common] SRVCOMM_ADDRESS_FAIL failed to listen on addresses (“Error creating socket on bind”) 2012-02-22 13:09:04.889 ERROR [b10-auth.auth] AUTH_CONFIG_LOAD_FAIL load of configuration failed: Server configuration failed: “Error creating socket on bind” The only change was the wrong name of the database filename. The config is: {version 2, Auth {datasources [{zones [{origin “.”, file “/home/jreed/dnsbenchsuite/tests/root/root.zone-canonical”}], type “memory”}], listen_on [{port 5300, address “127.0.0.1”}]}} So why did the second error above happen? Why did it use port 53? Once I renamed the file, it started fine using port 5300 as expected. I am not sure if this problem is in cfgmgr or auth.

1709

task

1330001822014872

1336467375269802

dhcp

medium

stephen

DHCP Outstanding Tasks

new

Consider alternatives to IOAddress for DHCP

DHCP code needs to get to low-level features of the address object and often needs to know if it is V6 or V4 and get information depending on the result. For this reason, a general IOAddress may not be the best address abstraction to use in DHCP. This ticket will propose an alternative.

1710

enhancement

1330003336406236

1330432045258370

bind-ctl

low

vorner

new

Sort output of config show

Just look at config show of, let’s say, Boss/components. The components are not sorted, which makes it harder to get oriented in the output.

1716

defect

1330094081569678

1366910527020037

Boss of BIND

very low

jreed

new

use DEBUG for BIND10_LOST_SOCKET_CONSUMER and BIND10_SOCKET_CREATED instead of INFO

2012-02-24 08:13:53.616 INFO [b10-boss.boss] BIND10_SOCKET_CREATED successfully created socket 23 2012-02-24 08:24:35.165 INFO [b10-boss.boss] BIND10_LOST_SOCKET_CONSUMER consumer 23 of sockets disconnected, considering all its sockets closed Please use DEBUG instead. (Also it would be nice if the “consumer 23” was identified by name or PID.)

1718

defect

1330109246747787

1330432064257185

data source

low

jreed

new

null data source

From January 2012 face-to-face meeting: Idea: create a null data source to check efficiency of the code. A null data source could also serve as an example if people want to build their own.

1719

task

1330109811186048

1330109811186048

Unclassified

low

jreed

new

Test with bad packets

See #703 Automate tests/tools/badpacket to test auth and resolver with bad packets

1720

task

1330111359741972

1330111359741972

Unclassified

medium

jreed

new

add profiling make target

As discussed at January 2012 face-to-face, make a —with-gprof configure option, and a make profile target which runs query_bench with some set of data.

1723

enhancement

1330524467215903

1331636636281371

statistics

low

jreed

new

access to stats via bindctl

It is not very intuitive for accessing stats. For example to see some entries I tried: Stats show Auth rcode, Stats show Auth.rcode, Stats show auth.rcode.nxrrset, and some others before I learned that I should use “Stats show Auth rcode.refused” I suggest we allow showing a group of stats like Stats show auth, Stats show auth.rcode, and specifically like Stats show auth.rcode.nxrrset.

1724

enhancement

1330524561795476

1331636645298930

statistics

low

jreed

new

access to stats via stats-httpd

This is related to #1723, but want same for the HTTP interface. It would be nice if the following would work to show all items under auth.queries. http://n10.isc.org:8000/bind10/statistics/xml/Auth/queries

1729

defect

1330530157958703

1331571605832006

statistics

medium

jreed

new

cc session timeout causes noisy traceback from b10-stats-httpd

Traceback (most recent call last): File “/home/jreed/src/bind10/src/lib/python/isc/cc/session.py”, line 203, in receive_full_buffer self.receive_len_data() File “/home/jreed/src/bind10/src/lib/python/isc/cc/session.py”, line 163, in receive_len_data new_data = self.receive_bytes(self.recv_len_size) File “/home/jreed/src/bind10/src/lib/python/isc/cc/session.py”, line 149, inreceive_bytes data = self.socket.recv socket.timeout: timed out During handling of the above exception, another exception occurred: Traceback : File “/home/jreed/src/bind10/src/bin/stats/b10-stats-httpd”, line 827, in stats_httpd = StatsHttpd File “/home/jreed/src/bind10/src/bin/stats/b10-stats-httpd”, line 187, inin it self.open_mccs File “/home/jreed/src/bind10/src/bin/stats/b10-stats-httpd”, line 199, in open_mccs SPECFILE_LOCATION, self.config_handler, self.command_handler) File “/home/jreed/src/bind10/src/lib/python/isc/config/ccsession.py”, line 186, ininit self.session = Session(socket_file) File “/home/jreed/src/bind10/src/lib/python/isc/cc/session.py”, line 57, in init env, msg = self.recvmsg(False) File “/home/jreed/src/bind10/src/lib/python/isc/cc/session.py”, line 121, in recvmsg data = self.receive_full_buffer File “/home/jreed/src/bind10/src/lib/python/isc/cc/session.py”, line 218, inreceive_full_buffer raise SessionTimeout(“recv() on cc session timed out”) isc.cc.session.SessionTimeout: recv() on cc session timed out Exception AttributeError: “‘ModuleCCSession’ object has no attribute ‘_session’” in > ignored 2012-02-29 15:27:37.994 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 13233 of b10-stats-httpd ended with status 256 This is due to same problem as #1726. But I open a new ticket since I think its failure should be friendlier, such as: 2012-02-29 15:27:46.824 ERROR [b10-xfrin.xfrin] XFRIN_UNKNOWN_ERROR unknown error: recv() on cc session timed out or 2012-02-29 15:27:46.854 ERROR [b10-zonemgr.zonemgr] ZONEMGR_SESSION_TIMEOUT timeout on session to command channel daemon By the way, those two examples maybe should use identical format for same error? So original problem to be fixed in #1726. Make the output clean in this ticket.

1730

defect

1330531611749244

1332509420767998

Unclassified

medium

jreed

new

OpenBSD meta ticket

OpenBSD openbsd5-64 5.0 amd64 But it is not enabled in the build farm yet due to some issues: system include header ordering needs #1644 incomplete pc file for botan and wrong filename for botan-config #1640 perfdhcp.c uses pselect #1639 IntervalTimerTest.invalidArgumentToIntervalTimer failure #1727 python import and versioned modules #1728 HashTest tests fail on OpenBSD #1812 IfaceMgrTest.sendReceive6 test hangs on OpenBSD #1824 CC Session timeouts / ConfigManager not responding (on OpenBSD) #1829 install-sh issue on OpenBSD #1835

1734

defect

1330551648536980

1331571692456641

Boss of BIND

medium

jreed

new

ERROR [b10-boss.boss] BIND10_COMPONENT_FAILED component … failed with 0 exit status

I noticed this when I restart resolver and auth as in #1733. I did: > Resolver shutdown > Auth shutdown The logs showed: … 2012-02-29 15:23:40.820 DEBUG [b10-resolver.cc] CC_GROUP_SEND sending message ‘{ command [ “stopping”, { module_name “Resolver” } ] }’ to group ‘ConfigManager’ 2012-02-29 15:23:40.820 INFO [b10-resolver.resolver] RESOLVER_SHUTDOWN resolver shutdown complete 2012-02-29 15:23:40.827 DEBUG [b10-cmdctl.cmdctl] CMDCTL_COMMAND_SENT command ‘shutdown’ to module ‘Resolver’ was sent 2012-02-29 15:23:40.828 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 11275 of b10-resolver ended with status 0 2012-02-29 15:23:40.828 ERROR [b10-boss.boss] BIND10_COMPONENT_FAILED component b10-resolver (pid 11275) failed with 0 exit status 2012-02-29 15:23:40.828 INFO [b10-boss.boss] BIND10_COMPONENT_START component b10-resolver is starting Notice the “ERROR” for 0 exit status. That seems wrong. I don’t see any error here. Then: … 2012-02-29 15:23:45.847 DEBUG [b10-auth.datasrc] DATASRC_SQLITE_CLOSE closing SQLite database 2012-02-29 15:23:45.848 DEBUG [b10-auth.datasrc] DATASRC_CACHE_DESTROY destroying the hotspot cache 2012-02-29 15:23:45.848 DEBUG [b10-cmdctl.cmdctl] CMDCTL_COMMAND_SENT command ‘shutdown’ to module ‘Auth’ was sent 2012-02-29 15:23:45.868 INFO [b10-boss.boss] BIND10_LOST_SOCKET_CONSUMER consumer 17 of sockets disconnected, considering all its sockets closed 2012-02-29 15:23:45.870 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 12084 of b10-auth ended with status 0 2012-02-29 15:23:45.870 ERROR [b10-boss.boss] BIND10_COMPONENT_FAILED component b10-auth (pid 12084) failed with 0 exit status 2012-02-29 15:23:45.870 INFO [b10-boss.boss] BIND10_COMPONENT_START component b10-auth is starting Same thing again: ERROR for 0 exit status. These don’t seem to be errors to me.

1737

enhancement

1330563639383383

1331636855978016

statistics

low

jreed

new

store statistics data on shutdown

Feature request: store statistics data on shutdown and maybe re-use it on next startup. Not sure yet. Just opening this ticket so this idea can be recorded. This is not a high priority, since other tools can fetch the XML and then manage how they want.

1740

defect

1330640620273079

1331577732027152

bind-ctl

medium

jreed

new

bindctl crash on stats set

> Stats set Boss boot_time 2012-02-03T22:49:49Z Traceback (most recent call last): File “/usr/pkg/lib/python3.1/cmd.py”, line 213, in onecmd func = getattr(self, ‘do’ + cmd) AttributeError: ’BindCmdInterpreter’ object has no attribute ’do_Stats’ During handling of the above exception, another exception occurred: Traceback : File “/home/reed/opt/bind10/bin/bindctl”, line 149, in result = tool.run File “/home/reed/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 138, in run self.cmdloop File “/usr/pkg/lib/python3.1/cmd.py”, line 139, in cmdloop stop = self.onecmd File “/home/reed/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 466, in onecmd Cmd.onecmd File “/usr/pkg/lib/python3.1/cmd.py”, line 215, in onecmd return self.default File “/home/reed/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 432, in default self.parse_cmd(line) File “/home/reed/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 568, in parse_cmd self.validate_cmd(cmd) File “/home/reed/opt/bind10/lib/python3.1/site-packages/bindctl/bindcmd.py”, line 399, in _validate_cmd cmd.params[param_name] = isc.config.config_data.convert_type(param_spec, cmd.params[param_name]) File “/home/reed/opt/bind10/lib/python3.1/site-packages/isc/config/config_data.py”, line 112, in convert_type map = ast.literal_eval(value) File “/usr/pkg/lib/python3.1/ast.py”, line 49, in literal_eval node_or_string = parse(node_or_string, mode=’eval’) File “/usr/pkg/lib/python3.1/ast.py”, line 37, in parse return compile(source, filename, mode, PyCF_ONLY_AST) File “”, line 1 boot_time2012-02-03T22:49:49Z ^ SyntaxError: invalid token Here is another different example: … File “”, line 1 last_update_time“2012-03-01T22:21:42Z” ^ SyntaxError: invalid syntax

1742

enhancement

1330693514506461

1331038947010571

message-library

low

stephen

new

Have message compiler exit with an error if a duplicate message ID is detected

Ticket #1741 reports a case where a duplicate ID is used in a message file. This was only noticed by chance, as the message compiler outputs a warning message but otherwise exits normally. The message compiler should be modified to output an error message when this condition is detected, and to exit with a non-zero status. That would cause a build to stop when a duplicate ID is found and so make the problem more obvious.

1743

task

1330700156041242

1391544186391937

data source

medium

jreed

new

[meta] support NSEC in in-memory datasource

NXDOMAIN result only returns RRSIG for the SOA, but no NSEC. (Additional task is lettuce test(s) — open new tickets as needed.)

1753

task

1330793748465085

1392999461740805

data source

medium

jinmei

jinmei

DNS Outstanding Tasks

assigned

use object pool for in-memory finder contexts

By default ZoneFinder::Context needs to be allocated from heap (by `new`) for every call to find(). The cost would not be negligible for performance sensitive version like the one for the in-memory data source. I’d suggest introducing an object pool such as boost::object_pool so the major resource of Context can be resused over multiple calls to find(). I’d maintain the pool in the `InMemoryClient` that created the finder and use the same pool for all zones. The in-memory version of Context class will need to be “resettable” so we release resources in the context when it goes back to the pool. It will also require some modifications to the base Context call.

1755

defect

1330939939098902

1347891866607468

data source

medium

jinmei

new

“ANY_SUB” query in sqlite3_accessor needs to be updated

See https://lists.isc.org/pipermail/bind10-dev/2012-March/003167.html In short: - we need to revise the query so ‘' will be placed last (and so we'll<br> probably have to use rname instead of name)<br>- let the caller append the '’ I also wonder whether this can correctly detect the following case: Zone has b.example.com. *.example.com. Query a.b.example.com must result in NXDOMAIN, not wildcard match. It’s nicer if we can confirm that too. .

1761

enhancement

1331030390320577

1331635774132797

data source

medium

shane

new

Change the SQLite data source so that it supports binary labels

See the thread started here: https://lists.isc.org/pipermail/bind10-dev/2011-September/002630.html

1765

defect

1331144039722679

1331636583333687

bind-ctl

medium

jreed

new

config go, then config show datasources does no work

> config go Auth /Auth> config show database_file listen_on datasources statistics-interval /Auth> config show datasources /Auth> config show Auth /Auth> config show /Auth Error: Auth not found /Auth> config show data database_file datasources /Auth> config show_json {datasources [{zones [{origin “smallzone”, file “/home/jreed/dnsbenchsuite/tests/smallzone/master.zone.file-canonical”}], type “memory”}], listen_on [{port 5300, address “127.0.0.1”}]} /Auth> config show datasources /Auth> config go / > config show Auth/data database_file datasources > config show Auth/data database_file datasources > config show Auth/datasources Auth/datasources[0]/type “memory” string Auth/datasources[0]/class “IN” string (default) Auth/datasources[0]/zones/ list > (notice tab completion in output above) An additional problem is config show /Auth doesn’t work.

1766

enhancement

1331158406719092

1331636915476954

data source

low

jinmei

new

placeholder: python binding for ZoneFinder::Context

It’s currently only in C++. As discussed in http://bind10.isc.org/ticket/1607#comment:11 python binding wasn’t provided because it was not clear if we need it. This ticket is a placeholder for it so we can revisit this point later.

1770

enhancement

1331287704347235

1396529381183472

xfrin

medium

jelte

DNS Outstanding Tasks

new

xfrin command to show transfers in progress

It would be nice to have a command that shows transfers in progress in the xfrin module; possibly with some extended information from the information collected in #1280.

xfrin bindctl

1776

task

1331719471784379

1331917664425822

build system

medium

UnAssigned

shane

assigned

git repository should set version to something

Jeremy proposed that we should set the version string in our software to something. Right now it is whatever the last release was, or sometimes updated since then, but it is not helpful and sometimes misleading. Some notes are available in our [wiki:WeeklyMinutes20120313#Versioninthemasterconfigure.acJeremy5minutes meeting minutes]. Ideally we would set the version string to something like: git-259eea4da2d634ee7cbf28eb34ac076d2a8ed50d We would need a way to override this on our release branches, of course. If we cannot do that, then possibly using just “git” or “master” as the version identifier is okay.

1777

enhancement

1331733353163112

1336592052344382

Unclassified

medium

jelte

new

resetting vectors in auth::Query

#1747 and its predecessors introduced three vectors for storing the rrsets that get added to response messages. These vectors currectly get reserved to contain 64 rrsets each, but in theory they might grow. It was suggested that if they ever become larger than this, it might be good to reset them (back to a reserved size of 64, or whatever value turns out to be good). The idea is that if they are abnormally large, the are replaced by new vectors during reset(). In normal cases this wouldn’t happen (and the overhead is a size check for each). If much larger, the replacement should clear up unused memory for these. But see the discussion in #1747

1797

defect

1331972495039357

1392811741870737

b10-auth

medium

jinmei

DNS Outstanding Tasks

new

CNAME should include auth and additional

b10-auth doesn’t include the authority and additional section in the case of CNAME. This does not necessarily be incorrect per the spec, but I don’t think it’s intentional but rather a bug. I propose we handle it just like the SUCCESS case. (As a bonus) this will also make the big, ugly switch of Query::process() a bit more concise. This should be a pretty easy task.

1801

task

1331999509260329

1336748005828429

Unclassified

medium

jelte

new

NSEC in-mem; lettuce tests for NSEC responses

Create lettuce tests for NSEC responses. On the one hand it should be relatively easy; the framework is already there (we have lettuce tests for NSEC3). OTOH, there may not be a clear (rfc-based) list on what tests to write. Technically, this depends on #1800 (and #1799 and #1798), but in theory these could be written in parallel (or even before; BDD-style).

1811

task

1332132785079358

1336577058868652

Inter-module communication

medium

naokikambe

new

Consider how to address multiple instances

As a result of #1751, each auth instance uses its own PID for addressing itself so that stats would identify one of multiple auth instances. But that way is a short-term narrow solution as discussed in [comment:ticket:1751:10] Furthermore we need a long-term wide solution, not only between auth and stats, for addressing multiple instances.

1817

task

1332236902882641

1336577260560153

data source

medium

vorner

new

Cleanup object for SQLite3 statements

We manually reset a SQLite3 statement each time it is used. This is both little bit too much code and can keep the statement not reset on some unexpected exception (which is not fatal, as we reset the statement before use again, but it is clearly not optimal). The task is to create a class that would hold the statement and reset it on destruction and use it to hold the statements inside the methods using them.

1821

defect

1332341006212027

1336577914147394

Unclassified

medium

jreed

new

inconsistent verbose logging

Some components honor a -v (or —verbose) switch to enable maximum debug logging. But not all is set to maximum. For example, it provides complete logging for “auth” but not “datasrc”. This is confusing. One fix is to either clearly document this. Another fix is to make everything “*” logged at DEBUG 99 when using —verbose.

1822

task

1332342771530688

1336577964165257

logging

medium

jreed

new

review logging details

The task(s) to review existing logging was discussed at the January 2012 F2F. http://bind10.isc.org/wiki/January2012MeetingMinutes#LoggingIssues This probably needs to be broken up into separate tasks maybe by component level. This is to: Review readability and understandability of the log descriptions. Confirm that the log severity is correct. Confirm that debug levels are correct (for example 30 and below is useful for admins, but we have non-developer details at higher levels). Do we have excess messages? Too many messages for same issue? Missing useful logging?

1827

defect

1332430142589214

1340809921054942

build system

medium

UnAssigned

muks

new

Install bind10 shared objects and other resources in versioned directories

bind10 modules (.so) used to have a version in their filenames. Due to issues on OpenBSD, now they’re created without the version. Currently, bind10 modules are installed in `$prefix/libexec/bind10-devel/modules` whereas they should be installed in `$prefix/lib/bind10-devel-/modules` (note the change from libexec to lib and the version added to the directory name). The same should be done for the installation paths of any version-specific resources. Whether we want to implement this should be discussed, and a list of what all need to be versioned should be made. This work would involve build system changes and also some minor changes to code for using the correct paths.

1830

defect

1332444460478829

1336644551015538

Unclassified

medium

jreed

new

traceback in cfgmgr shutdown

The initial problem was caused by some cc session timeouts / cfgmgr not listening as seen in ticket #1829. But shutdown stills seems wrong: 2012-03-22 19:11:34.701 INFO [b10-boss.boss] BIND10_COMPONENT_STOP component cfgmgr is being stopped 2012-03-22 19:11:34.702 INFO [b10-boss.boss] BIND10_STOP_PROCESS asking cfgmgr to shut down … 2012-03-22 19:11:35.729 INFO [b10-boss.boss] BIND10_SEND_SIGTERM sending SIGTERM to cfgmgr (PID 25628) … 2012-03-22 19:11:35.832 INFO [b10-boss.boss] BIND10_SEND_SIGKILL sending SIGKILL to b10-cmdctl (PID 7154) 2012-03-22 19:11:35.837 INFO [b10-boss.boss] BIND10_SEND_SIGKILL sending SIGKILL to msgq (PID 16242) Traceback (most recent call last): 2012-03-22 19:11:35.842 File “/home/jreed/src/bind10/src/bin/cfgmgr/b10-cfgmgr”, line 107, in sys.exit(main()) INFO File “/home/jreed/src/bind10/src/bin/cfgmgr/b10-cfgmgr”, line 95, in main cm.run() [ File “/home/jreed/src/bind10/src/lib/python/isc/config/cfgmgr.py”, line 526, in run b10-boss.boss] BIND10_SEND_SIGKILL sending SIGKILL to cfgmgr (PID 25628) 2012-03-22 19:11:35.951 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 7154 of b10-cmdctl ended with status 9 2012-03-22 19:11:35.951 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 25628 of cfgmgr ended with status 9 2012-03-22 19:11:35.952 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 16242 of msgq ended with status 9 2012-03-22 19:11:35.952 INFO [b10-boss.boss] BIND10_SHUTDOWN_COMPLETE all processes ended, shutdown complete (Notice how logs are mixed. That is ticket #1704)

1835

task

1332509337004142

1389102214188351

build system

medium

jreed

jreed

accepted

install-sh issue on OpenBSD

/bin/sh /bin/sh /home/jreed/src/bind10/install-sh d //home/jreed/opt/bind10/var/bind10-devel Caused by: $c m 644 install_sh_PROGRAM = ${SHELL} $c install_sh_SCRIPT = ${SHELL} $(install_sh) c mkinstalldirs = $ $d install_sh = ${SHELL} /home/jreed/src/bind10/install-sh $ /bin/sh /bin/sh /bin/sh[2]: syntax error: `(’ unexpected The problem is caused by http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/automake/1.11/patches/patch-lib_am_header-vars_am and http://www.openbsd.org/cgi-bin/cvsweb/ports/devel/automake/1.11/patches/patch-automake_in I reported this to their ports team. I am opening this ticket to track it from our side too.

1837

task

1332770526219153

1336652421972022

Unclassified

medium

jelte

new

log/print b10-dbutil command when db is out of date

If any module (most probably b10-auth) finds that the sqlite3 database it is trying to use is out of date, it should log (or print, if it is a printed error) the command needed to upgrade it, including the full path to the database file(s) e.g. ‘please run b10-dbutil —upgrade /foo/bar/bind10-zones.sqlite3’

1840

task

1332841559982496

1336654818626401

Unclassified

medium

jelte

new

handling several databases at once in b10-dbutil

Right now b10-dbutil can only upgrade one database at a time. It was suggested that it should perhaps be able to do multiple (as you can technically have several database backends at the same time). But it did not seem much of a priority when doing #963, so here is the deferred task.

1841

task

1332841736950079

1336745465447674

Unclassified

low

jelte

new

port b10-dbutil tests to lettuce

The tests created for b10-dbutil in #963 were done in shellscript. We should port them to lettuce tests (these really are system tests anyway)

1842

task

1332850908086397

1336654981957369

Unclassified

medium

vorner

new

Integrate the b10-dbutil into system start

Currently, if the database schema is old, the system starts, but will complain about the problem somewhere in the middle of logs. That is too late. We should integrate a call to `b10-dbutil —check` into the startup, before anything that would provide service is attempted and if it fails, don’t attempt to start it. This task will probably need to be split into smaller ones: * Support for „synchronous“ commands in the boss (currently, a component is forked off and we don’t care much any more until it fails, but this should start it and wait for the process to terminate, either successfully or fail). * Add support to dbutil to read the list of databases from configuration through the message queue. * Include the dbutil invocation in the guide how to enable and start auth.

1844

defect

1332851322907622

1336655517870037

bind-ctl

medium

vorner

new

The config unset help is wrong

If I execute the above command, it prints this: > config unset help Command unset (Unset a configuration value (i.e. revert to the default, if any).) help (Get help for command) Parameters: identifier (string, mandatory) The identifier specifies the config item. Child elements are separated with the ‘/’ character. List indices can be specified with ‘[i]’, where i is an integer specifying the index, starting with 0. Examples: ‘Boss/start_auth’, ‘Recurse/listen_on[0]/address’. If no identifier is given, shows the item at the current location. Which is wrong for several reasons: * The examples are outdated, these no longer exist. * It says it is mandatory, but still includes the „If no identifier is given“ condition. * Talks about showing the item, not clearing it.

1848

defect

1332859129521998

1355947936419631

Unclassified

medium

jreed

new

msgq disappeared causes great shutdown confusion

I received: 2012-03-27 07:22:22.964 FATAL [b10-boss.boss] BIND10_MSGQ_DISAPPEARED msgq channel disappeared I don’t know what caused this. This ticket is mostly about what happens next. It is “fatal” so boss starts a BIND10_SHUTDOWN as expected. 2012-03-27 07:22:22.964 FATAL [b10-boss.boss] BIND10_MSGQ_DISAPPEARED msgq channel disappeared 2012-03-27 07:22:22.964 INFO [b10-boss.boss] BIND10_SHUTDOWN stopping the server 2012-03-27 07:22:22.965 ERROR [b10-boss.config] CONFIG_SESSION_STOPPING_FAILED error sending stopping message: [Errno 32] Broken pipe 2012-03-27 07:22:22.965 INFO [b10-boss.boss] BIND10_CONFIGURATOR_STOP bind10 component configurator is shutting down 2012-03-27 07:22:22.965 INFO [b10-boss.boss] BIND10_COMPONENT_STOP component Socket creator is being stopped 2012-03-27 07:22:22.965 INFO [b10-boss.boss] BIND10_SOCKCREATOR_TERMINATE terminating socket creator Traceback (most recent call last): File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-cfgmgr”, line 112, in sys.exit(main()) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-cfgmgr”, line 100, in main cm.run() File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 558, in run answer = self.handle_msg(msg); File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 535, in handle_msg 2012-03-27 07:22:22.967 INFO [b10-boss.boss] BIND10_COMPONENT_STOP component msgq is being stopped answer = self.handle_module_spec) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 485, inhandle_module_spec spec.get_full_spec()) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 511, in send_module_spec_to_cmdctl self.cc.group_sendmsg File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/cc/session.py”, line 268, in group_sendmsg }, isc.cc.message.to_wire) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/cc/session.py”, line 101, in sendmsg cc = self.socket.send(data) socket.error: [Errno 32] Broken pipe 2012-03-27 07:22:22.967 ERROR [b10-auth.cc] CC_READ_ERROR er2012-03-27 07:22:22.976 INFO [b10-boss.boss] BIND10_COMPONENT_STOP component b10-auth is being stopped 2012-03-27 07:22:22.976 INFO [b10-boss.boss] BIND10_STOP_PROCESS asking b10-auth to shut down 2012-03-27 07:22:22.977 ERROR [b10-boss.boss] BIND10_CONFIGURATOR_PLAN_INTERRUPTED configurator plan interrupted, only 2 of 7 done ror reading data from command channel (End of file.)2012-03-27 07:22:22.977 FATAL [b10-auth.cc] CC_WRITE_ERROR error writing data to command channel (Broken pipe) 2012-03-27 07:22:22.977 FATAL [b10-auth.auth] AUTH_SERVER_FAILED server failed: ASIO write failed: Broken pipe 2012-03-27 07:22:22.980 FATAL [b10-auth.auth] AUTH_SERVER_FAILED server failed: Error while reading data from cc session: End of file. 2012-03-27 07:22:22.982 FATAL [b10-auth.cc] CC_WRITE_ERROR error writing data to command channel (Broken pipe) 2012-03-27 07:22:22.982 FATAL [b10-auth.auth] AUTH_SERVER_FAILED server failed: ASIO write failed: Broken pipe 2012-03-27 07:22:22.970 ERROR [b10-auth.cc] CC_READ_ERROR error reading data from command channel (End of file.) 2012-03-27 07:22:22.984 FATAL [b10-auth.auth] AUTH_SERVER_FAILED server failed: Error while reading data from cc session: End of file. 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 56861 of b10-auth-4 ended with status 256 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 56860 of b10-auth-2 ended with status 256 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 56859 of b10-auth-3 ended with status 256 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 56858 of b10-auth ended with status 256 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 56851 of cfgmgr ended with status 256 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 56850 of msgq ended with status 256 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_PROCESS_ENDED process 56849 of Socket creator ended with status 0 2012-03-27 07:22:23.977 INFO [b10-boss.boss] BIND10_SHUTDOWN_COMPLETE all processes ended, shutdown complete The above is much to noisy and doesn’t give me much clue on what happened.

1849

defect

1332876790346463

1336661869166721

Unclassified

medium

jreed

new

traceback in msgq self.sendbuffs

(as previously mentioned in #1847) This is on the macmini system: Traceback (most recent call last): File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-msgq”, line 551, in msgq.run() File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-msgq”, line 460, in run self.run_poller() File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-msgq”, line 479, in run_poller self.process_write File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-msgq”, line 391, inprocess_write (_, msg) = self.sendbuffs[fileno] KeyError: 8323074 I have it configured for four b10-auth components. This happens maybe one out of every five times I try. I have seen it maybe 6 times.

1850

defect

1332877306895467

1336729330422770

Unclassified

medium

jreed

new

core dump at isc::server_common::portconfig::installListenAddresses when Error while reading data from cc session

on macmini: core from b10-auth #0 0x930a3176 in __kill () #1 0x930a3168 in kill$UNIX2003 () #2 0x9313589d in raise () #3 0x9314b9bc in abort () #4 0x00653347 in isc::server_common::portconfig::installListenAddresses () #5 0x0000d29d in AuthSrv::setListenAddresses () #6 0x0001bccc in (anonymous namespace)::ListenAddressConfig::build () #7 0x0001b0e3 in configureAuthServer () #8 0x0000dce6 in AuthSrv::updateConfig () #9 0x00024f89 in (anonymous namespace)::my_config_handler () #10 0x00396760 in isc::config::ModuleCCSession::handleConfigUpdate () #11 0x003985c1 in isc::config::ModuleCCSession::ModuleCCSession () #12 0x00025846 in main () This was configured with four b10-auth components. I think the corresponding logging is: 2012-03-27 12:32:10.427 FATAL [b10-auth.server_common] SRVCOMM_EXCEPTION_ALLOC exception when allocating a socket: Error while reading data from cc session: End of file. There were several “Error while reading data from cc session” and CC_READ_ERROR and a traceback in b10-cfgmgr at same time: Traceback (most recent call last): File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-cfgmgr”, line 112, in sys.exit(main()) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/libexec/bind10-devel/b10-cfgmgr”, line 100, in main cm.run() File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 558, in run answer = self.handle_msg(msg); File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 535, in handle_msg answer = self.handle_module_spec) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 485, inhandle_module_spec spec.get_full_spec()) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/config/cfgmgr.py”, line 511, in _send_module_spec_to_cmdctl rver_common] SRVCOMM_EXCEPTION_ALLOC exception when allocating a socket: Error while reading data from cc session: End of file. self.cc.group_sendmsg(spec_update, “Cmdctl”) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/cc/session.py”, line 268, in group_sendmsg 2012-03-27 12:32:10.427 ERROR [b10-boss.boss] BIND10_COMPONENT_FAILED component b10-auth-4 (pid 34532) failed: process exited normally with exit status 256 }, isc.cc.message.to_wire(msg)) File “/Local/Users/jreed/dnsbench/work/master/20120327130322/install/lib/python3.1/site-packages/isc/cc/session.py”, line 101, in sendmsg (note that some regular logging is mixed in above)

1851

defect

1332881865392315

1360930892151771

Unclassified

medium

UnAssigned

jreed

assigned

finding python modules should not append

for example my installed bind10 has: import sys; sys.path.append (‘/var/users/jreed/dnsbench/work/master/201203272003 37/install/lib/python3.1/site-packages’) … from bind10_config import LIBEXECPATH But the LIBEXECPATH is defined from the /usr/local/lib/ version of bind10_config.py and not my version in my path above. This causes all types of confusion when communicating with wrong msgq and cfgmgr so gets wrong configurations.

1854

enhancement

1332944504898895

1336730512437894

Unclassified

medium

jreed

new

directory for configuration files

Currently for in-memory datasource (and other configurations), the file may be an absolute path to the master zone file or it is relative to the directory BIND 10 is started from. That behavior may be dangerous I think since you never know where the admin will be located when running bind10 boss. But it is useful for testing. We should have some default directory configurable. And if not set this means relative. (jelte’s idea from jabber) (Or maybe set to “.” for relative?)

1855

defect

1332945511404703

1336730692492694

Unclassified

medium

jreed

new

Error: Unknown configuration identifier: datasources/

Reporting error… should say what is missing or wrong: > config set Auth/datasources[0]/type “” > config commit Error: Unknown configuration identifier: datasources/ Configuration not committed 2012-03-28 10:17:07.641 ERROR [b10-auth.auth] AUTH_CONFIG_UPDATE_FAIL update of configuration failed: Unknown configuration identifier: datasources/ 2012-03-28 10:17:07.642 ERROR [b10-cmdctl.cmdctl] CMDCTL_COMMAND_ERROR error in command set_config to module ConfigManager: Unknown configuration identifier: datasources/ I was attempting to change a working “memory” zone to “” to disable it (as a test).

1859

defect

1333031352406559

1336731045404127

Unclassified

medium

jreed

new

many auth servers results in Unable to open domain socket on macmini

I can reproduce the following frequently on the macmini system by attempting to run around 15 b10-auth components: 2012-03-29 07:10:38.818 DEBUG [b10-auth.cc] CC_GROUP_RECEIVED message arrived (‘{ from “4f746d5e_3@macmini.lab.isc.org”, group “Boss”, instance “*”, reply 2, seq 19, to “4f746d5e_12@macmini.lab.isc.org”, type “send” }’, ‘{ result [ 0, { path “/tmp/sockcreator-SWQsjy/sockcreator”, token “t3455974382” } ] }’) 2012-03-29 07:10:38.818 DEBUG [b10-auth.cc] CC_GROUP_RECEIVED message arrived (‘{ from “4f746d5e_3@macmini.lab.isc.org”, group “Boss”, instance “*”, reply 2, seq 18, to “4f746d5e_11@macmini.lab.isc.org”, type “send” }’, ‘{ result [ 0, { path “/tmp/sockcreator-SWQsjy/sockcreator”, token “t3513635662” } ] }’) 2012-03-29 07:10:38.819 FATAL [b10-auth.server_common] SRVCOMM_EXCEPTION_ALLOC exception when allocating a socket: Unable to open domain socket /tmp/sockcreator-SWQsjy/sockcreator: Connection refused 2012-03-29 07:10:38.819 FATAL [b10-auth.server_common] SRVCOMM_EXCEPTION_ALLOC exception when allocating a socket: Unable to open domain socket /tmp/sockcreator-SWQsjy/sockcreator: Connection refused 2012-03-29 07:10:38.819 INFO [b10-boss.boss] BIND10_SOCKET_CREATED successfully created socket 37 Other times I get other failures like in #1850 or like: 2012-03-29 07:13:47.201 ERROR [b10-auth.cc] CC_READ_ERROR error reading data from command channel (End of file.) 2012-03-29 07:13:47.201 DEBUG [b10-auth.cc] CC_DISCONNECT disconnecting from message queue daemon 2012-03-29 07:13:47.202 FATAL [b10-auth.auth] AUTH_SERVER_FAILED server failed: Error while reading data from cc session: End of file. 2012-03-29 07:13:47.202 DEBUG [b10-auth.datasrc] DATASRC_CACHE_DESTROY destroying the hotspot cache (Also often my sockcreator is left running.) I used the following script to generate my configuration: #!/usr/bin/awk -f BEGIN{ print “{ersion 2,”; print “uth {atasources [”; print “{ones [{rigin xample ile ests/smallzone/master.zone.file-canonical}], ype emory}],”; print “isten_on [{ort 5300, ddress 27.0.0.1}]},”; print “oss {omponents {”; for (i = 1; i <= ARGV[1]; i++) { print “10-auth-” i “ {ind eeded pecial uth}”; if (i < ARGV[1]) { print “,”; } } print “”; } The command line argument is the number of b10-auth components to run. I think this is a macmini or portability issue. I can run 50 of the b10-auth server components on Linux fine.

1861

defect

1333129676122232

1350619070112693

data source

medium

jinmei

new

SQLite3 DB creation code should be consolidated

With the introduction of b10-dbutil, we now have 4 places that create initial DB file for the SQLite3 data source: - isc.datasrc.sqlite3_ds Python module (used by b10-loadzone) - two places in C++ libdatasrc (old and new APIs) - b10-dbutil (although, technically, it only does ‘upgrade’ rather than ‘create’) This is obviously bad. Although some of the above will be retired (hopefully) soon, we should basically maintain the DB schema only in a single place. My suggestion is to introduce a python module that defines the latest SQLite3 schema, and have dbutil use it. b10-dbutil wold also have a “create” option, and on ‘make install’ we not only check compatibility but also create a new one if the DB file doesn’t exist. After that, remove the DB creation code from libdatasrc.

1862

enhancement

1333129799230681

1336126333995496

data source

medium

jinmei

new

have b10-dbutil reports upgrade progress

It could take long time to upgrade a large SQLite3 DB file to a new version. It would be nice if it could keep showing the progress like b10-loadzone.

1864

defect

1333137073260916

1336731070940783

Unclassified

medium

jreed

new

bindctl help help is indented too many

help in bindctl shows indented “help”. It has one too many tabs: $ echo Stats show help

bindctl

cat -tv Command show I (Show the specified/all statistics data) I^Ihelp (Get help for command) Parameters: owner (string, optional) module name of the owner of the statistics data name (string, optional) statistics item name of the owner Exit from bindctl

1865

task

1333139411442035

1336126350407522

libdns++

medium

UnAssigned

jinmei

new

python wrapper for findNSEC3

Not for any urgency, but for completeness. Shouldn’t be difficult.

1867

task

1333175462970721

1394116865894633

b10-auth

medium

jinmei

DNS Outstanding Tasks

new

use util::io::SocketSessionForwarder for passing xfr from auth to xfrout

I believe this will also help resolve various issues in xfrout such as busy loop-like problem. Both auth and xfrout need to be updated, but that will probably be too big for a single task, so I propose we first update auth, only with unittests, and keeping the current code for the actual operation. xfrout part is #1868. Once the xfrout part is completed, we’ll switch the auth part too.

1868

task

1333175654854404

1334677602625827

xfrout

medium

jinmei

new

use SocketSessionReceiver for receiving xfr messages from b10-auth at xfrout

This is the xfrout part of #1867 (and depends on it). With this change, we can also eliminate the hack of `_guess_remote()` because the `SocketSession` framework also forwards the source address information. We’ll also update b10-auth to enable the code using `SocketSessionForwarder` for forwarding xfr messages.

1871

defect

1333237139536879

1353314743437578

build system

medium

UnAssigned

jinmei

new

cleanup: unify pydnspp and isc.dns to the latter

Just as we agreed before. Also, it’s probably better to move src/lib/dns/python to src/lib/python/isc/dns.

1874

defect

1333551385070802

1336731318521911

Unclassified

medium

jreed

new

xfrout traceback EOF read where not expected

This is on OpenBSD. I started bind10 as non-root using no custom configuration. 2012-04-04 14:46:24.649 INFO [b10-boss.boss] BIND10_COMPONENT_START component b10-xfrout is starting 2012-04-04 14:46:24.743 INFO [b10-boss.boss] BIND10_STARTING_PROCESS starting process b10-xfrout … 2012-04-04 14:46:25.229 INFO [b10-boss.boss] BIND10_SOCKET_GET requesting socket [::]:53 of type TCP from the creator 2012-04-04 14:46:25.229 ERROR [b10-boss.boss] BIND10_SOCKET_ERROR error on bind call in the creator: 1/Operation not permitted 2012-04-04 14:46:25.231 ERROR [b10-auth.server_common] SRVCOMM_ADDRESS_FAIL failed to listen on addresses (“Error creating socket on bind”) 2012-04-04 14:46:25.231 ERROR [b10-auth.auth] AUTH_CONFIG_LOAD_FAIL load of configuration failed: Server configuration failed: “Error creating socket on bind” 2012-04-04 14:46:25.233 INFO [b10-auth.auth] AUTH_SERVER_STARTED server started Traceback (most recent call last): File “/home/jreed/builder/work/BIND10/20120404131458-OpenBSD5-amd64/install/libexec/bind10-devel/b10-xfrout”, line 30, in from isc.notify import notify_out 2012-04-04 14:46:25.470 File “/home/jreed/builder/work/BIND10/20120404131458-OpenBSD5-amd64/install/lib/python3.2/site-packages/isc/notify/init.py”, line 1, in from isc.notify.notify_out import