bind9 bind 9.20.3

[Bruce Dubbs]

New point version.

[thomas]

Changelog

Note

The following list contains detailed information about BIND9’s development. Regular users should refer to Release Notes for changes relevant to them. BIND 9.20.3

New Features

Log query response status to the query log. cee11c8610f

Log a query response summary using the new category responses. Logging can be controlled by the option responselog and rndc responselog. [GL #459] [GL !9526]

Added WALLET type. dad3fafe9eb

Add the new record type WALLET (262). This provides a mapping from a domain name to a cryptographic currency wallet. Multiple mappings can exist if multiple records exist. [GL #4947] [GL !9554]

Feature Changes

Set logging category for notify/xfer-in related messages. 1f553c61f76

Some ‘notify’ and ‘xfer-in’ related log messages were logged at the ‘general’ category instead of their own category. This has been fixed. [GL #2730] [GL !9514]

Restore the number of threadpool threads back to original value. a0eada53883

The issue of long-running operations potentially blocking query resolution has been fixed. Revert this temporary workaround and restore the number of threadpool threads. [GL #4898] [GL !9532]

Allow IXFR-to-AXFR fallback on DNS_R_TOOMANYRECORDS. 30c4cbd4035

This change allows fallback from an IXFR failure to AXFR when the reason is DNS_R_TOOMANYRECORDS. This is because this error condition could be temporary only in an intermediate version of IXFR transactions and it’s possible that the latest version of the zone doesn’t have that condition. In such a case, the secondary would never be able to update the zone (even if it could) without this fallback.

This fallback behavior is particularly useful with the recently introduced max-records-per-type and max-types-per-name options: the primary may not have these limitations and may temporarily introduce “too many” records, breaking IXFR. If the primary side subsequently deletes these records, this fallback will help recover the zone transfer failure automatically; without it, the secondary side would first need to increase the limit, which requires more operational overhead and has its own adverse effect. [GL #4928] [GL !9471]

Remove statslock from dnssec-signzone. 12eb16186ff

Silence Coverity CID 468757 and 468767 (DATA RACE read not locked) by converting dnssec-signzone to use atomics for statistics counters rather than using a lock. [GL #4939] [GL !9500]

Use release memory ordering when incrementing reference counter. 19e3cd0cd2c

As the relaxed memory ordering doesn’t ensure any memory synchronization, it is possible that the increment will succeed even in the case when it should not - there is a race between atomic_fetch_sub(…, acq_rel) and atomic_fetch_add(…, relaxed). Only the result is consistent, but the previous value for both calls could be same when both calls are executed at the same time. [GL !9567]

Bug Fixes

Fix a statistics channel counter bug when ‘forward only’ zones are used. 2287dc0ac0d

When resolving a zone with a ‘forward only’ policy, and finding out that all the forwarders are marked as “bad”, the ‘ServerQuota’ counter of the statistics channel was incorrectly increased. This has been fixed. [GL #1793] [GL !9502]

Fix a bug in the static-stub implementation. 72626cf9405

Static-stub addresses and addresses from other sources were being mixed together, resulting in static-stub queries going to addresses not specified in the configuration, or alternatively, static-stub addresses being used instead of the correct server addresses. [GL #4850] [GL !9571]

Don’t allow statistics-channel if libxml2 and libjson-c are unsupported. 02822b70eee

When the libxml2 and libjson-c libraries are not supported, the statistics channel can’t return anything useful, so it is now disabled. Use of statistics-channel in named.conf is a fatal error. [GL #4895] [GL !9486]

Separate DNSSEC validation from the long-running tasks. c0022f68025

As part of the KeyTrap [CVE-2023-50387] mitigation, the DNSSEC CPU- intensive operations were offloaded to a separate threadpool that we use to run other tasks that could affect the networking latency.

If that threadpool is running some long-running tasks like RPZ, catalog zone processing, or zone file operations, it would delay DNSSEC validations to a point where the resolving signed DNS records would fail.

Split the CPU-intensive and long-running tasks into separate threadpools in a way that the long-running tasks don’t block the CPU- intensive operations. [GL #4898] [GL !9495]

Fix assertion failure when processing access control lists. a15d975dbe2

The named process could terminate unexpectedly when processing access control lists (ACLs). This has been fixed. [GL #4908] [GL !9466]

Fix bug in Offline KSK that is using ZSK with unlimited lifetime. 3f115d3cdae

If the ZSK has unlimited lifetime, the timing metadata “Inactive” and “Delete” cannot be found and is treated as an error, preventing the zone to be signed. This has been fixed. [GL #4914] [GL !9453]

Fix data race in offloaded dns_message_checksig() 3b5c4f94d70

When verifying a message in an offloaded thread there is a race with the worker thread which writes to the same buffer. Clone the message buffer before offloading. [GL #4929] [GL !9490]

Limit the outgoing UDP send queue size. 251b90c25e0

If the operating system UDP queue gets full and the outgoing UDP sending starts to be delayed, BIND 9 could exhibit memory spikes as it tries to enqueue all the outgoing UDP messages. Try a bit harder to deliver the outgoing UDP messages synchronously and if that fails, drop the outgoing DNS message that would get queued up and then timeout on the client side. [GL #4930] [GL !9511]

Do not set SO_INCOMING_CPU. 6c9f3d0d1ed

We currently set SO_INCOMING_CPU incorrectly, and testing by Ondrej shows that fixing the issue by setting affinities is worse than letting the kernel schedule threads without constraints. So we should not set SO_INCOMING_CPU anymore. [GL #4936] [GL !9504]

Fix the ‘rndc dumpdb’ command’s error reporting. d35f654d674

The ‘rndc dumpdb’ command wasn’t reporting errors which occurred when starting up the database dump process by named, like, for example, a permission denied error for the ‘dump-file’ file. This has been fixed. Note, however, that ‘rndc dumpdb’ performs asynchronous writes, so errors can also occur during the dumping process, which will not be reported back to ‘rndc’, but which will still be logged by named. [GL #4944] [GL !9553]

Fix long-running incoming transfers. c5cadd29d87

Incoming transfers that took longer than 30 seconds would stop reading from the TCP stream and the incoming transfer would be indefinitely stuck causing BIND 9 to hang during shutdown.

This has been fixed and the max-transfer-time-in and max-transfer- idle-in timeouts are now honoured. [GL #4949] [GL !9536]

Fix assertion failure when receiving DNS responses over TCP. e2058ab4619

When matching the received Query ID in the TCP connection, an invalid received Query ID can very rarely cause assertion failure. [GL #4952] [GL !9582]

Don’t ignore the local port number in dns_dispatch_add() for TCP. 97fad455d73

The dns_dispatch_add() function registers the ‘resp’ entry in ‘disp->mgr->qids’ hash table with ‘resp->port’ being 0, but in tcp_recv_success(), when looking up an entry in the hash table after a successfully received data the port is used, so if the local port was set (i.e. it was not 0) it fails to find the entry and results in an unexpected error.

Set the ‘resp->port’ to the given local port value extracted from ‘disp->local’. [GL #4969] [GL !9581]

Add a missing rcu_read_unlock() call on exit path. 5db2ec07395

An exit path in the dns_dispatch_add() function fails to get out of the RCU critical section when returning early. Add the missing rcu_read_unlock() call. [GL !9564]

Don’t enable REUSEADDR on outgoing UDP sockets. a6692e793c3

The outgoing UDP sockets enabled SO_REUSEADDR that allows sharing of the UDP sockets, but with one big caveat - the socket that was opened the last would get all traffic. The dispatch code would ignore the invalid responses in the dns_dispatch, but this could lead to unexpected results. [GL !9583]

[thomas]

Fixed in [db8d44a9]