Ubuntu
bind9 package

Ubuntu 22.04.2, nsupdate stopped recognizing HMAC-MD5 key after update from 1:9.18.1-1ubuntu1.3 to 1:9.18.12-0ubuntu0.22.04.1

Bug #2015176 reported by Wladimir Mutel on 2023-04-04

This bug affects 1 person

	Status	Importance	Assigned to
BIND	New	Undecided	Unassigned
bind9 (Ubuntu)	Fix Released	Undecided	Lena Voytek
Jammy	Fix Released	Undecided	Lena Voytek
Kinetic	Won't Fix	Undecided	Lena Voytek
Lunar	Fix Released	Undecided	Lena Voytek

Bug Description

[Impact]

Bind9 upstream accidentally introduced a regression that made old HMAC-MD5 key pair files unreadable in version 9.18.8.

This capability was fixed with the release of 9.18.17 through https://gitlab.isc.org/isc-projects/bind9/-/merge_requests/8069. This means the issue will be fixed alongside the MRE release of 9.18.18 in Lunar and Jammy.

The issue is fixed by restoring the missing files and pointing to them correctly.

[Test Plan]

To test that this fix specifically is successful, you can run:

# lxc launch ubuntu:{lunar, jammy} test-bind9
# lxc exec test-bind9 bash

# apt update && apt dist-upgrade -y
# apt install bind9

Create example key files since HMAC-MD5 is deprecated and creation of them was removed from focal onward
# cat <<EOF >Kexample.com.+157+15178.key
example.com. IN KEY 512 3 157 SItPKKvb7T9QEBRl9Mmrng==
EOF

# cat <<EOF >Kexample.com.+157+15178.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: SItPKKvb7T9QEBRl9Mmrng==
Bits: AAA=
Created: 20230920212628
Publish: 20230920212628
Activate: 20230920212628
EOF

# nsupdate -k Kexample.com.+157+15178.private

Prior to the fix, this results in something like:
20-Sep-2023 21:41:40.730 Kexample.com.+157+15178.private:1: unknown option 'Private-key-format:'
20-Sep-2023 21:41:40.730 Kexample.com.+157+15178.private:8: unexpected token near end of file
could not read key from Kexample.com.+157+15178.{private,key}: unexpected token

After the fix, the command should succeed with a possible deprecation warning:
20-Sep-2023 21:36:24.723 Kexample.com.+157+15178.private: Use of K* file pairs for HMAC is deprecated

[Where problems could occur]

Problems with this release would most likely occour outside the scope of this issue, as the MRE release includes many other fixes and updates alongside this. However, issues related directly to this change would likely revolve around other key files breaking or the HMAC-MD5 files not being restored properly to match their original state.

[Original Description]

I have a key with the following contents (key material replaced with ...) :

+ cat /etc/bind/Khost.+157+35878.key
host. IN KEY 0 3 157 YSp... ...QsQ==

+ cat /etc/bind/Khost.+157+35878.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: YSp......QsQ==
Bits: AAA=
Created: 20180616045813
Publish: 20180616045813
Activate: 20180616045813

it worked for long time, up till package version 1:9.18.1-1ubuntu1.3
but since upgrading to 1:9.18.12-0ubuntu0.22.04.1 , it stopped working with nsupdate giving out the following :

Creating key...
could not read key from /etc/bind/Khost.+157+35878.{private,key}: file not found

in strace printout, I see that nsupdate successfully opens and reads .private key file but then checks existence of the same file name without suffix (as specified after nsupdate -k) and fails.

were there any changes in key parsing from 9.18.1 to 9.18.13 ?
reverting bind9-utils, bind9-dnsutils and bind9-libs back to 1:9.18.1-1ubuntu1.3 restored the desired behavior.
please advise if I should fix the key format after the upgrade, or if this is a regression to be fixed from your side.

See original description

Tags:

Related branches

~lvoytek/ubuntu/+source/bind9:MRE-jammy-9.18.18

Merged into ubuntu/+source/bind9:ubuntu/jammy-devel at revision 83178ed804297a060fd02dfe569b525e928d5df3

Andreas Hasenack: Approve on 2023-09-22

git-ubuntu bot: Approve on 2023-09-21

Canonical Server Reporter: Pending requested 2023-09-19

Diff: 49386 lines (+14938/-6786)

811 files modified

CHANGES (+264/-0)
CONTRIBUTING.md (+4/-4)
COPYRIGHT (+30/-30)
ChangeLog (+264/-0)
NEWS (+264/-0)
bin/check/named-checkconf.c (+2/-1)
bin/check/named-compilezone.rst (+1/-1)
bin/dig/dig.c (+2/-1)
bin/dig/dighost.c (+24/-17)
bin/dig/dighost.h (+3/-0)
bin/dnssec/dnssec-cds.c (+96/-56)
bin/dnssec/dnssec-settime.rst (+1/-1)
bin/named/builtin.c (+5/-9)
bin/named/config.c (+1/-0)
bin/named/include/named/os.h (+0/-3)
bin/named/include/named/server.h (+1/-1)
bin/named/main.c (+28/-0)
bin/named/os.c (+0/-8)
bin/named/server.c (+96/-50)
bin/named/statschannel.c (+2/-0)
bin/named/zoneconf.c (+98/-78)
bin/nsupdate/nsupdate.c (+28/-17)
bin/nsupdate/nsupdate.rst (+5/-1)
bin/plugins/filter-a.c (+1/-1)
bin/plugins/filter-aaaa.c (+1/-1)
bin/rndc/rndc.c (+7/-3)
bin/rndc/rndc.rst (+6/-2)
bin/tests/system/Makefile.am (+10/-2)
bin/tests/system/Makefile.in (+35/-13)
bin/tests/system/README (+155/-29)
bin/tests/system/acl/ns2/named1.conf.in (+1/-0)
bin/tests/system/acl/ns2/named2.conf.in (+1/-0)
bin/tests/system/acl/ns2/named3.conf.in (+1/-0)
bin/tests/system/acl/ns2/named4.conf.in (+1/-0)
bin/tests/system/acl/ns2/named5.conf.in (+1/-0)
bin/tests/system/acl/ns3/named.conf.in (+1/-0)
bin/tests/system/acl/ns4/named.conf.in (+1/-0)
bin/tests/system/acl/tests.sh (+33/-31)
bin/tests/system/acl/tests_sh_acl.py (+2/-9)
bin/tests/system/additional/ns2/named.conf.in (+1/-0)
bin/tests/system/additional/tests.sh (+28/-26)
bin/tests/system/additional/tests_sh_additional.py (+2/-24)
bin/tests/system/addzone/ns1/named.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named2.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named3.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named2.conf.in (+1/-0)
bin/tests/system/addzone/tests.sh (+134/-132)
bin/tests/system/addzone/tests_sh_addzone.py (+14/-0)
bin/tests/system/allow-query/ns1/named.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named01.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named02.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named03.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named04.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named05.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named06.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named07.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named08.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named09.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named10.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named11.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named12.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named21.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named22.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named23.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named24.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named25.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named26.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named27.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named28.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named29.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named30.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named31.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named32.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named33.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named34.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named40.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named53.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named54.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named55.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named56.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named57.conf.in (+1/-0)
bin/tests/system/allow-query/tests.sh (+100/-98)
bin/tests/system/allow-query/tests_sh_allowquery.py (+14/-0)
bin/tests/system/ans.pl (+5/-5)
bin/tests/system/auth/ns1/named.conf.in (+1/-0)
bin/tests/system/auth/ns2/named.conf.in (+1/-0)
bin/tests/system/auth/tests.sh (+31/-29)
bin/tests/system/auth/tests_sh_auth.py (+14/-0)
bin/tests/system/autosign/clean.sh (+1/-2)
bin/tests/system/autosign/ns2/keygen.sh (+8/-0)
bin/tests/system/autosign/ns2/named.conf.in (+9/-0)
bin/tests/system/autosign/ns2/optout-with-ent.db.in (+22/-0)
bin/tests/system/autosign/tests.sh (+58/-10)
bin/tests/system/autosign/tests_sh_autosign.py (+14/-0)
bin/tests/system/builtin/ns1/named.conf.in (+1/-0)
bin/tests/system/builtin/ns2/named.conf.in (+1/-0)
bin/tests/system/builtin/ns3/named.conf.in (+1/-0)
bin/tests/system/builtin/tests.sh (+33/-31)
bin/tests/system/builtin/tests_sh_builtin.py (+14/-0)
bin/tests/system/cacheclean/tests.sh (+39/-37)
bin/tests/system/cacheclean/tests_sh_cacheclean.py (+14/-0)
bin/tests/system/case/ns1/named.conf.in (+1/-0)
bin/tests/system/case/ns2/named.conf.in (+1/-0)
bin/tests/system/case/tests.sh (+23/-21)
bin/tests/system/case/tests_sh_case.py (+14/-0)
bin/tests/system/catz/clean.sh (+1/-0)
bin/tests/system/catz/ns1/named.conf.in (+1/-0)
bin/tests/system/catz/ns2/named1.conf.in (+11/-1)
bin/tests/system/catz/ns2/named2.conf.in (+1/-0)
bin/tests/system/catz/ns3/named.conf.in (+1/-0)
bin/tests/system/catz/ns4/catalog.example.db.in (+14/-0)
bin/tests/system/catz/ns4/named.conf.in (+11/-0)
bin/tests/system/catz/setup.sh (+1/-0)
bin/tests/system/catz/tests.sh (+49/-0)
bin/tests/system/catz/tests_sh_catz.py (+14/-0)
bin/tests/system/cds/setup.sh (+3/-1)
bin/tests/system/cds/tests.sh (+3/-2)
bin/tests/system/cds/tests_sh_cds.py (+14/-0)
bin/tests/system/chain/ans4/ans.py (+1/-1)
bin/tests/system/chain/tests.sh (+73/-71)
bin/tests/system/chain/tests_sh_chain.py (+14/-0)
bin/tests/system/checkconf/clean.sh (+1/-0)
bin/tests/system/checkconf/deprecated.conf (+17/-0)
bin/tests/system/checkconf/dnssec.2 (+1/-1)
bin/tests/system/checkconf/dnssec.3 (+1/-1)
bin/tests/system/checkconf/kasp-bad-keylen.conf (+1/-1)
bin/tests/system/checkconf/tests.sh (+168/-163)
bin/tests/system/checkconf/tests_sh_checkconf.py (+14/-0)
bin/tests/system/checkds/ns2/named.conf.in (+1/-0)
bin/tests/system/checkds/ns4/named.conf.in (+1/-0)
bin/tests/system/checkds/ns5/named.conf.in (+1/-0)
bin/tests/system/checkds/ns6/named.conf.in (+1/-0)
bin/tests/system/checkds/ns7/named.conf.in (+1/-0)
bin/tests/system/checkds/ns9/named.conf.in (+1/-0)
bin/tests/system/checknames/tests.sh (+24/-22)
bin/tests/system/checknames/tests_sh_checknames.py (+14/-0)
bin/tests/system/checkzone/tests.sh (+2/-0)
bin/tests/system/checkzone/tests_sh_checkzone.py (+14/-0)
bin/tests/system/ckdnsrps.sh (+2/-2)
bin/tests/system/conf.sh.common (+18/-16)
bin/tests/system/conf.sh.in (+7/-2)
bin/tests/system/conftest.py (+592/-7)
bin/tests/system/cookie/ans9/ans.py (+2/-0)
bin/tests/system/cookie/ns7/named.conf.in (+1/-0)
bin/tests/system/cookie/tests.sh (+83/-81)
bin/tests/system/cookie/tests_sh_cookie.py (+14/-0)
bin/tests/system/database/tests.sh (+7/-5)
bin/tests/system/database/tests_sh_database.py (+14/-0)
bin/tests/system/dialup/tests.sh (+6/-4)
bin/tests/system/dialup/tests_sh_dialup.py (+14/-0)
bin/tests/system/digdelv/tests.sh (+14/-15)
bin/tests/system/digdelv/tests_sh_digdelv.py (+14/-0)
bin/tests/system/dispatch/ns1/named.conf.in (+1/-0)
bin/tests/system/dispatch/ns2/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/ns1/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/tests.sh (+40/-38)
bin/tests/system/dlzexternal/tests_sh_dlzexternal.py (+14/-0)
bin/tests/system/dns64/tests.sh (+313/-311)
bin/tests/system/dns64/tests_sh_dns64.py (+14/-0)
bin/tests/system/dnssec/ans10/ans.py (+1/-0)
bin/tests/system/dnssec/ns4/named5.conf.in (+1/-0)
bin/tests/system/dnssec/ns5/named2.conf.in (+1/-0)
bin/tests/system/dnssec/tests.sh (+32/-35)
bin/tests/system/dnssec/tests_sh_dnssec.py (+14/-0)
bin/tests/system/dnstap/tests.sh (+177/-150)
bin/tests/system/dnstap/tests_dnstap.py (+2/-2)
bin/tests/system/dnstap/tests_sh_dnstap.py (+14/-0)
bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem (+1/-1)
bin/tests/system/doth/example.axfr.good (+1/-1)
bin/tests/system/doth/example8.axfr.good (+1/-1)
bin/tests/system/doth/tests.sh (+29/-34)
bin/tests/system/doth/tests_sh_doth.py (+14/-0)
bin/tests/system/dsdigest/tests.sh (+5/-3)
bin/tests/system/dsdigest/tests_sh_dsdigest.py (+14/-0)
bin/tests/system/dupsigs/ns1/named.conf.in (+1/-0)
bin/tests/system/dupsigs/ns1/reset_keys.sh (+23/-23)
bin/tests/system/dupsigs/tests.sh (+27/-12)
bin/tests/system/dupsigs/tests_sh_dupsigs.py (+14/-0)
bin/tests/system/dyndb/driver/driver.c (+0/-11)
bin/tests/system/dyndb/ns1/named.conf.in (+1/-0)
bin/tests/system/dyndb/tests.sh (+25/-23)
bin/tests/system/dyndb/tests_sh_dyndb.py (+14/-0)
bin/tests/system/ecdsa/setup.sh (+1/-1)
bin/tests/system/ecdsa/tests_sh_ecdsa.py (+14/-0)
bin/tests/system/eddsa/tests_sh_eddsa.py (+14/-0)
bin/tests/system/ednscompliance/ns1/named.conf.in (+1/-0)
bin/tests/system/ednscompliance/tests.sh (+21/-19)
bin/tests/system/ednscompliance/tests_sh_ednscompliance.py (+14/-0)
bin/tests/system/emptyzones/ns1/named1.conf.in (+1/-0)
bin/tests/system/emptyzones/ns1/named2.conf.in (+1/-0)
bin/tests/system/emptyzones/tests.sh (+6/-4)
bin/tests/system/emptyzones/tests_sh_emptyzones.py (+14/-0)
bin/tests/system/enginepkcs11/tests.sh (+2/-0)
bin/tests/system/enginepkcs11/tests_sh_enginepkcs11.py (+14/-0)
bin/tests/system/feature-test.c (+16/-0)
bin/tests/system/fetchlimit/ans4/ans.pl (+4/-0)
bin/tests/system/fetchlimit/clean.sh (+5/-3)
bin/tests/system/fetchlimit/ns5/named1.conf.in (+46/-0)
bin/tests/system/fetchlimit/ns5/named2.conf.in (+49/-0)
bin/tests/system/fetchlimit/ns5/root.hint (+14/-0)
bin/tests/system/fetchlimit/setup.sh (+1/-0)
bin/tests/system/fetchlimit/tests.sh (+185/-59)
bin/tests/system/fetchlimit/tests_sh_fetchlimit.py (+14/-0)
bin/tests/system/filter-aaaa/ns1/sign.sh (+1/-1)
bin/tests/system/filter-aaaa/tests.sh (+280/-278)
bin/tests/system/filter-aaaa/tests_sh_filter_aaaa.py (+14/-0)
bin/tests/system/formerr/clean.sh (+3/-3)
bin/tests/system/formerr/formerr.pl (+1/-1)
bin/tests/system/formerr/ns1/named.conf.in (+1/-0)
bin/tests/system/formerr/tests.sh (+8/-6)
bin/tests/system/formerr/tests_sh_formerr.py (+14/-0)
bin/tests/system/forward/ans11/ans.py (+1/-0)
bin/tests/system/forward/ns10/named.conf.in (+1/-0)
bin/tests/system/forward/tests.sh (+4/-2)
bin/tests/system/forward/tests_sh_forward.py (+14/-0)
bin/tests/system/genzone.sh (+7/-7)
bin/tests/system/geoip2/tests.sh (+75/-73)
bin/tests/system/geoip2/tests_sh_geoip2.py (+14/-0)
bin/tests/system/get_algorithms.py (+3/-4)
bin/tests/system/get_core_dumps.sh (+12/-8)
bin/tests/system/glue/ns1/named.conf.in (+1/-0)
bin/tests/system/glue/tests.sh (+2/-0)
bin/tests/system/glue/tests_sh_glue.py (+14/-0)
bin/tests/system/hooks/tests_async_plugin.py (+27/-0)
bin/tests/system/host/ns1/named.conf.in (+1/-0)
bin/tests/system/host/tests_sh_host.py (+14/-0)
bin/tests/system/idna/tests.sh (+8/-7)
bin/tests/system/idna/tests_sh_idna.py (+14/-0)
bin/tests/system/ifconfig.sh.in (+0/-8)
bin/tests/system/include-multiplecfg/ns2/named.conf.in (+1/-0)
bin/tests/system/include-multiplecfg/tests.sh (+9/-8)
bin/tests/system/include-multiplecfg/tests_sh_include_multiplecfg.py (+14/-0)
bin/tests/system/inline/ns2/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/sign.sh (+2/-2)
bin/tests/system/inline/ns4/named.conf.in (+1/-0)
bin/tests/system/inline/ns6/named.conf.in (+1/-0)
bin/tests/system/inline/ns8/named.conf.in (+1/-0)
bin/tests/system/inline/tests.sh (+155/-141)
bin/tests/system/inline/tests_sh_inline.py (+14/-0)
bin/tests/system/inline/tests_signed_zone_files.py (+0/-1)
bin/tests/system/integrity/ns1/named.conf.in (+1/-0)
bin/tests/system/integrity/tests.sh (+26/-24)
bin/tests/system/integrity/tests_sh_integrity.py (+14/-0)
bin/tests/system/ixfr/ns1/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns3/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns4/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns5/named.conf.in (+1/-0)
bin/tests/system/ixfr/tests.sh (+6/-4)
bin/tests/system/ixfr/tests_sh_ixfr.py (+14/-0)
bin/tests/system/journal/tests.sh (+45/-43)
bin/tests/system/journal/tests_sh_journal.py (+14/-0)
bin/tests/system/kasp.sh (+11/-4)
bin/tests/system/kasp/ns2/named.conf.in (+1/-0)
bin/tests/system/kasp/ns3/named-fips.conf.in (+12/-0)
bin/tests/system/kasp/ns3/setup.sh (+41/-0)
bin/tests/system/kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/kasp/ns5/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named2.conf.in (+1/-0)
bin/tests/system/kasp/tests.sh (+78/-5)
bin/tests/system/kasp/tests_sh_kasp.py (+14/-0)
bin/tests/system/keepalive/ns1/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns2/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns3/named.conf.in (+1/-0)
bin/tests/system/keepalive/tests.sh (+22/-20)
bin/tests/system/keepalive/tests_sh_keepalive.py (+14/-0)
bin/tests/system/keyfromlabel/tests.sh (+2/-0)
bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py (+14/-0)
bin/tests/system/keymgr2kasp/ns3/kasp.conf.in (+20/-0)
bin/tests/system/keymgr2kasp/ns3/named.conf.in (+8/-0)
bin/tests/system/keymgr2kasp/ns3/named2.conf.in (+8/-0)
bin/tests/system/keymgr2kasp/ns3/setup.sh (+17/-0)
bin/tests/system/keymgr2kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/ns4/named2.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/tests.sh (+139/-0)
bin/tests/system/keymgr2kasp/tests_sh_keymgr2kasp.py (+14/-0)
bin/tests/system/legacy.run.sh.in (+2/-2)
bin/tests/system/legacy/ns6/sign.sh (+2/-2)
bin/tests/system/legacy/ns7/sign.sh (+2/-2)
bin/tests/system/legacy/tests.sh (+45/-43)
bin/tests/system/legacy/tests_sh_legacy.py (+14/-0)
bin/tests/system/limits/ns1/named.conf.in (+1/-0)
bin/tests/system/limits/tests.sh (+2/-0)
bin/tests/system/limits/tests_sh_limits.py (+14/-0)
bin/tests/system/logfileconfig/clean.sh (+2/-0)
bin/tests/system/logfileconfig/ns1/named.abspathconf.in (+52/-0)
bin/tests/system/logfileconfig/ns1/named.incconf.in (+52/-0)
bin/tests/system/logfileconfig/tests.sh (+58/-0)
bin/tests/system/logfileconfig/tests_sh_logfileconfig.py (+14/-0)
bin/tests/system/masterfile/ns1/named.conf.in (+1/-0)
bin/tests/system/masterfile/tests.sh (+10/-8)
bin/tests/system/masterfile/tests_sh_masterfile.py (+14/-0)
bin/tests/system/masterformat/ns1/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns2/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns3/named.conf.in (+1/-0)
bin/tests/system/masterformat/tests.sh (+3/-2)
bin/tests/system/masterformat/tests_sh_masterformat.py (+14/-0)
bin/tests/system/metadata/clean.sh (+1/-1)
bin/tests/system/metadata/tests.sh (+12/-15)
bin/tests/system/metadata/tests_sh_metadata.py (+14/-0)
bin/tests/system/mirror/ns1/named.conf.in (+1/-0)
bin/tests/system/mirror/ns2/named.conf.in (+1/-0)
bin/tests/system/mirror/ns3/named.conf.in (+1/-0)
bin/tests/system/mirror/tests.sh (+2/-0)
bin/tests/system/mirror/tests_sh_mirror.py (+14/-0)
bin/tests/system/mkeys/clean.sh (+7/-2)
bin/tests/system/mkeys/ns1/named1.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/named2.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/named3.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/root.db (+3/-0)
bin/tests/system/mkeys/ns1/sign.sh (+18/-0)
bin/tests/system/mkeys/ns1/sub.tld.db (+21/-0)
bin/tests/system/mkeys/ns1/tld.db (+23/-0)
bin/tests/system/mkeys/ns4/named.conf.in (+5/-0)
bin/tests/system/mkeys/ns4/sign.sh (+24/-0)
bin/tests/system/mkeys/ns4/sub.foo.db (+21/-0)
bin/tests/system/mkeys/ns5/foo.db (+23/-0)
bin/tests/system/mkeys/ns5/named.conf.in (+8/-0)
bin/tests/system/mkeys/setup.sh (+1/-0)
bin/tests/system/mkeys/tests.sh (+60/-14)
bin/tests/system/mkeys/tests_sh_mkeys.py (+14/-0)
bin/tests/system/names/ns1/named.conf.in (+1/-0)
bin/tests/system/names/tests.sh (+8/-7)
bin/tests/system/names/tests_sh_names.py (+14/-0)
bin/tests/system/notify/ns1/named.conf.in (+1/-0)
bin/tests/system/notify/ns2/named.conf.in (+6/-4)
bin/tests/system/notify/ns3/named.conf.in (+7/-0)
bin/tests/system/notify/ns3/notify-source-port-test.db (+22/-0)
bin/tests/system/notify/ns4/named.conf.in (+1/-0)
bin/tests/system/notify/ns5/named.conf.in (+1/-0)
bin/tests/system/notify/tests.sh (+6/-1)
bin/tests/system/notify/tests_sh_notify.py (+14/-0)
bin/tests/system/nsec3/ns2/named.conf.in (+1/-0)
bin/tests/system/nsec3/tests.sh (+3/-7)
bin/tests/system/nsec3/tests_sh_nsec3.py (+14/-0)
bin/tests/system/nslookup/ns1/named.conf.in (+1/-0)
bin/tests/system/nslookup/tests.sh (+18/-0)
bin/tests/system/nslookup/tests_sh_nslookup.py (+14/-0)
bin/tests/system/nsupdate/ans4/ans.pl (+5/-0)
bin/tests/system/nsupdate/clean.sh (+2/-0)
bin/tests/system/nsupdate/krb/setup.sh (+4/-4)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private (+7/-0)
bin/tests/system/nsupdate/ns1/named.conf.in (+13/-0)
bin/tests/system/nsupdate/ns10/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns2/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns5/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns6/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns7/named1.conf.in (+52/-0)
bin/tests/system/nsupdate/ns7/named2.conf.in (+1/-0)
bin/tests/system/nsupdate/ns8/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns9/named.conf.in (+1/-0)
bin/tests/system/nsupdate/setup.sh (+17/-2)
bin/tests/system/nsupdate/tests.sh (+239/-99)
bin/tests/system/nsupdate/tests_sh_nsupdate.py (+14/-0)
bin/tests/system/nzd2nzf/ns1/named.conf.in (+1/-0)
bin/tests/system/nzd2nzf/tests.sh (+2/-0)
bin/tests/system/nzd2nzf/tests_sh_nzd2nzf.py (+14/-0)
bin/tests/system/padding/ns1/named.conf.in (+1/-0)
bin/tests/system/padding/ns2/named.conf.in (+1/-0)
bin/tests/system/padding/ns3/named.conf.in (+1/-0)
bin/tests/system/padding/ns4/named.conf.in (+1/-0)
bin/tests/system/padding/tests.sh (+27/-25)
bin/tests/system/padding/tests_sh_padding.py (+14/-0)
bin/tests/system/parallel.sh (+1/-1)
bin/tests/system/pending/ns1/named.conf.in (+1/-0)
bin/tests/system/pending/ns1/sign.sh (+1/-1)
bin/tests/system/pending/ns4/named.conf.in (+1/-0)
bin/tests/system/pending/tests.sh (+36/-34)
bin/tests/system/pending/tests_sh_pending.py (+14/-0)
bin/tests/system/pipelined/tests.sh (+8/-6)
bin/tests/system/pipelined/tests_sh_pipelined.py (+14/-0)
bin/tests/system/pytest.ini (+20/-0)
bin/tests/system/qmin/tests.sh (+14/-15)
bin/tests/system/qmin/tests_sh_qmin.py (+14/-0)
bin/tests/system/reclimit/tests.sh (+29/-27)
bin/tests/system/reclimit/tests_sh_reclimit.py (+14/-0)
bin/tests/system/redirect/ns5/named.conf.in (+1/-0)
bin/tests/system/redirect/ns6/named.conf.in (+1/-0)
bin/tests/system/redirect/tests.sh (+122/-120)
bin/tests/system/redirect/tests_sh_redirect.py (+14/-0)
bin/tests/system/resolver/ans10/ans.py (+152/-0)
bin/tests/system/resolver/ns4/root.db (+2/-0)
bin/tests/system/resolver/tests.sh (+29/-15)
bin/tests/system/resolver/tests_sh_resolver.py (+14/-0)
bin/tests/system/rndc/ns2/named.conf.in (+1/-0)
bin/tests/system/rndc/ns3/named.conf.in (+1/-0)
bin/tests/system/rndc/ns5/named.conf.in (+1/-0)
bin/tests/system/rndc/ns6/named.args (+1/-1)
bin/tests/system/rndc/ns6/named.conf.in (+1/-0)
bin/tests/system/rndc/ns7/named.conf.in (+1/-0)
bin/tests/system/rndc/setup.sh (+1/-1)
bin/tests/system/rndc/tests.sh (+26/-20)
bin/tests/system/rndc/tests_sh_rndc.py (+14/-0)
bin/tests/system/rootkeysentinel/ns2/sign.sh (+4/-7)
bin/tests/system/rootkeysentinel/tests.sh (+46/-46)
bin/tests/system/rootkeysentinel/tests_sh_rootkeysentinel.py (+14/-0)
bin/tests/system/rpz/clean.sh (+1/-1)
bin/tests/system/rpz/ns1/named.conf.in (+1/-0)
bin/tests/system/rpz/ns3/named.conf.in (+10/-0)
bin/tests/system/rpz/qperf.sh (+2/-2)
bin/tests/system/rpz/tests.sh (+77/-61)
bin/tests/system/rpz/tests_sh_rpz.py (+14/-0)
bin/tests/system/rpzextra/clean.sh (+1/-0)
bin/tests/system/rpzextra/ns2/gooddomain.db (+27/-0)
bin/tests/system/rpzextra/ns2/named.conf.in (+11/-0)
bin/tests/system/rpzextra/ns2/rpz-external.local.db (+26/-0)
bin/tests/system/rpzextra/ns3/external-rpz.local.db (+29/-0)
bin/tests/system/rpzextra/ns3/fourth-rpz-extra.local.db (+32/-0)
bin/tests/system/rpzextra/ns3/named.conf.in (+147/-0)
bin/tests/system/rpzextra/ns3/root.db (+3/-0)
bin/tests/system/rpzextra/ns3/third-rpz-extra.local.db (+26/-0)
bin/tests/system/rpzextra/setup.sh (+1/-1)
bin/tests/system/rpzextra/tests_rpzextra.py (+143/-0)
bin/tests/system/rpzrecurse/setup.sh (+6/-6)
bin/tests/system/rpzrecurse/tests.sh (+56/-52)
bin/tests/system/rpzrecurse/tests_sh_rpzrecurse.py (+14/-0)
bin/tests/system/rrchecker/tests.sh (+12/-10)
bin/tests/system/rrchecker/tests_sh_rrchecker.py (+14/-0)
bin/tests/system/rrl/broken.conf.in (+1/-0)
bin/tests/system/rrl/tests.sh (+24/-22)
bin/tests/system/rrl/tests_sh_rrl.py (+14/-0)
bin/tests/system/rrsetorder/tests.sh (+7/-5)
bin/tests/system/rrsetorder/tests_sh_rrsetorder.py (+14/-0)
bin/tests/system/rsabigexponent/ns1/root.db.in (+1/-1)
bin/tests/system/rsabigexponent/ns1/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/ns2/named.conf.in (+1/-0)
bin/tests/system/rsabigexponent/ns2/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/tests.sh (+6/-4)
bin/tests/system/rsabigexponent/tests_sh_rsabigexponent.py (+14/-0)
bin/tests/system/run.sh (+27/-0)
bin/tests/system/runall.sh (+1/-1)
bin/tests/system/runsequential.sh (+1/-1)
bin/tests/system/runtime/ns2/named-alt4.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt5.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt6.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt7.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt9.conf.in (+1/-0)
bin/tests/system/runtime/setup.sh (+1/-1)
bin/tests/system/runtime/tests.sh (+9/-9)
bin/tests/system/runtime/tests_sh_runtime.py (+14/-0)
bin/tests/system/serve-stale/ans2/ans.pl (+54/-0)
bin/tests/system/serve-stale/ns1/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named2.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named3.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/root.db (+2/-0)
bin/tests/system/serve-stale/ns3/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named2.conf.in (+4/-3)
bin/tests/system/serve-stale/ns3/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named8.conf.in (+1/-0)
bin/tests/system/serve-stale/ns4/named.conf.in (+1/-0)
bin/tests/system/serve-stale/ns5/named.conf.in (+1/-0)
bin/tests/system/serve-stale/tests.sh (+142/-31)
bin/tests/system/serve-stale/tests_sh_serve_stale.py (+14/-0)
bin/tests/system/sfcache/tests.sh (+2/-2)
bin/tests/system/sfcache/tests_sh_sfcache.py (+14/-0)
bin/tests/system/shutdown/tests_shutdown.py (+49/-47)
bin/tests/system/smartsign/tests.sh (+2/-0)
bin/tests/system/smartsign/tests_sh_smartsign.py (+14/-0)
bin/tests/system/sortlist/ns1/named.conf.in (+1/-0)
bin/tests/system/sortlist/tests.sh (+2/-0)
bin/tests/system/sortlist/tests_sh_sortlist.py (+14/-0)
bin/tests/system/spf/ns1/named.conf.in (+1/-0)
bin/tests/system/spf/tests.sh (+4/-2)
bin/tests/system/spf/tests_sh_spf.py (+14/-0)
bin/tests/system/start.pl (+2/-2)
bin/tests/system/staticstub/ns3/sign.sh (+1/-1)
bin/tests/system/staticstub/tests.sh (+36/-34)
bin/tests/system/staticstub/tests_sh_staticstub.py (+14/-0)
bin/tests/system/statistics/ns2/named2.conf.in (+1/-0)
bin/tests/system/statistics/tests.sh (+47/-43)
bin/tests/system/statistics/tests_sh_statistics.py (+14/-0)
bin/tests/system/statschannel/fetch.pl (+1/-1)
bin/tests/system/statschannel/generic.py (+0/-4)
bin/tests/system/statschannel/generic_dnspython.py (+0/-3)
bin/tests/system/statschannel/ns1/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named2.conf.in (+1/-0)
bin/tests/system/statschannel/ns3/named.conf.in (+1/-0)
bin/tests/system/statschannel/tests.sh (+90/-28)
bin/tests/system/statschannel/tests_json.py (+2/-3)
bin/tests/system/statschannel/tests_sh_statschannel.py (+14/-0)
bin/tests/system/statschannel/tests_xml.py (+2/-2)
bin/tests/system/stop.pl (+2/-8)
bin/tests/system/stress/setup.pl (+2/-2)
bin/tests/system/stress/tests.sh (+3/-1)
bin/tests/system/stress/tests_sh_stress.py (+14/-0)
bin/tests/system/stub/ns1/named.conf.in (+1/-0)
bin/tests/system/stub/ns2/named.conf.in (+1/-0)
bin/tests/system/stub/ns3/named.conf.in (+1/-0)
bin/tests/system/stub/tests.sh (+2/-0)
bin/tests/system/stub/tests_sh_stub.py (+14/-0)
bin/tests/system/synthfromdnssec/tests.sh (+2/-0)
bin/tests/system/synthfromdnssec/tests_sh_synthfromdnssec.py (+14/-0)
bin/tests/system/tcp/ns1/named.conf.in (+1/-0)
bin/tests/system/tcp/ns2/named.conf.in (+1/-0)
bin/tests/system/tcp/ns3/named.conf.in (+1/-0)
bin/tests/system/tcp/ns4/named.conf.in (+1/-0)
bin/tests/system/tcp/ns7/named.conf.in (+1/-0)
bin/tests/system/tcp/tests_sh_tcp.py (+14/-0)
bin/tests/system/tcp/tests_tcp.py (+0/-4)
bin/tests/system/timeouts/ns1/named.conf.in (+1/-0)
bin/tests/system/tkey/ns1/named.conf.in (+1/-0)
bin/tests/system/tkey/tests_sh_tkey.py (+14/-0)
bin/tests/system/tools/tests.sh (+32/-29)
bin/tests/system/tools/tests_sh_tools.py (+14/-0)
bin/tests/system/transport-acl/tests.sh (+2/-0)
bin/tests/system/transport-acl/tests_sh_transport_acl.py (+14/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private (+7/-0)
bin/tests/system/tsig/ns1/named.conf.in (+28/-7)
bin/tests/system/tsig/setup.sh (+21/-0)
bin/tests/system/tsig/tests.sh (+102/-26)
bin/tests/system/tsig/tests_sh_tsig.py (+14/-0)
bin/tests/system/tsiggss/ns1/example.nil.db.in (+1/-1)
bin/tests/system/tsiggss/ns1/named.conf.in (+1/-0)
bin/tests/system/tsiggss/setup.sh (+1/-1)
bin/tests/system/tsiggss/tests.sh (+9/-7)
bin/tests/system/tsiggss/tests_isc_spnego_flaws.py (+219/-0)
bin/tests/system/tsiggss/tests_sh_tsiggss.py (+14/-0)
bin/tests/system/ttl/clean.sh (+1/-5)
bin/tests/system/ttl/ns1/named.conf.in (+1/-0)
bin/tests/system/ttl/setup.sh (+0/-1)
bin/tests/system/ttl/tests_cache_ttl.py (+32/-0)
bin/tests/system/unknown/ns1/named.conf.in (+1/-0)
bin/tests/system/unknown/ns2/named.conf.in (+1/-0)
bin/tests/system/unknown/ns3/named.conf.in (+1/-0)
bin/tests/system/unknown/tests.sh (+40/-33)
bin/tests/system/unknown/tests_sh_unknown.py (+14/-0)
bin/tests/system/upforwd/ans4/ans.pl (+5/-5)
bin/tests/system/upforwd/ns1/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns2/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named1.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named2.conf.in (+1/-0)
bin/tests/system/upforwd/tests.sh (+74/-72)
bin/tests/system/upforwd/tests_sh_upforwd.py (+14/-0)
bin/tests/system/verify/tests.sh (+8/-6)
bin/tests/system/verify/tests_sh_verify.py (+14/-0)
bin/tests/system/views/ns1/named.conf.in (+1/-0)
bin/tests/system/views/ns2/named1.conf.in (+1/-0)
bin/tests/system/views/ns2/named2.conf.in (+1/-0)
bin/tests/system/views/ns2/named3.conf.in (+1/-0)
bin/tests/system/views/ns3/named1.conf.in (+1/-0)
bin/tests/system/views/ns3/named2.conf.in (+1/-0)
bin/tests/system/views/ns5/named.conf.in (+1/-0)
bin/tests/system/views/tests_sh_views.py (+14/-0)
bin/tests/system/wildcard/tests.sh (+54/-52)
bin/tests/system/wildcard/tests_sh_wildcard.py (+14/-0)
bin/tests/system/xfer/clean.sh (+1/-0)
bin/tests/system/xfer/ns1/axfr-max-idle-time.db (+15/-0)
bin/tests/system/xfer/ns1/axfr-max-transfer-time.db (+15/-0)
bin/tests/system/xfer/ns1/named1.conf.in (+11/-0)
bin/tests/system/xfer/ns1/named2.conf.in (+10/-43)
bin/tests/system/xfer/ns1/named3.conf.in (+41/-0)
bin/tests/system/xfer/ns2/named.conf.in (+1/-0)
bin/tests/system/xfer/ns3/named.conf.in (+2/-0)
bin/tests/system/xfer/ns6/named.args (+1/-0)
bin/tests/system/xfer/ns6/named.conf.in (+16/-0)
bin/tests/system/xfer/ns7/named.conf.in (+1/-0)
bin/tests/system/xfer/ns8/named.conf.in (+1/-0)
bin/tests/system/xfer/setup.sh (+1/-1)
bin/tests/system/xfer/tests.sh (+54/-4)
bin/tests/system/xfer/tests_sh_xfer.py (+14/-0)
bin/tests/system/xferquota/ns1/named.conf.in (+1/-0)
bin/tests/system/xferquota/ns2/named.conf.in (+1/-0)
bin/tests/system/xferquota/tests.sh (+6/-4)
bin/tests/system/xferquota/tests_sh_xferquota.py (+14/-0)
bin/tests/system/zero/tests.sh (+3/-1)
bin/tests/system/zero/tests_sh_zero.py (+14/-0)
bin/tests/system/zonechecks/tests.sh (+30/-28)
bin/tests/system/zonechecks/tests_sh_zonechecks.py (+14/-0)
bin/tools/named-rrchecker.c (+13/-3)
config.h.in (+0/-12)
configure (+187/-120)
configure.ac (+16/-47)
contrib/README (+1/-1)
contrib/dlz/modules/bdbhpt/testing/bdbhpt-populate.pl (+3/-3)
contrib/dlz/modules/ldap/testing/slapd.conf (+2/-2)
contrib/dlz/modules/mysqldyn/README (+1/-1)
contrib/scripts/zone-edit.sh.in (+4/-4)
debian/changelog (+47/-0)
debian/patches/CVE-2023-3341.patch (+11/-14)
debian/patches/series (+0/-2)
debian/tests/control (+9/-0)
debian/tests/dyndb-ldap (+280/-0)
dev/null (+0/-171)
doc/Makefile.am (+2/-0)
doc/Makefile.in (+6/-5)
doc/arm/Makefile.in (+1/-1)
doc/arm/build.inc.rst (+6/-4)
doc/arm/dns-ops.inc.rst (+1/-1)
doc/arm/index.rst (+3/-0)
doc/arm/intro-dns-bind.inc.rst (+53/-53)
doc/arm/intro-security.inc.rst (+31/-31)
doc/arm/introduction.inc.rst (+6/-6)
doc/arm/logging-categories.inc.rst (+10/-10)
doc/arm/notes.rst (+6/-0)
doc/arm/platforms.inc.rst (+5/-5)
doc/arm/reference.rst (+111/-33)
doc/arm/requirements.txt (+3/-3)
doc/arm/security.inc.rst (+1/-1)
doc/arm/troubleshooting.inc.rst (+1/-1)
doc/arm/zones.inc.rst (+1/-0)
doc/dnssec-guide/introduction.rst (+2/-2)
doc/dnssec-guide/preface.rst (+1/-1)
doc/dnssec-guide/recipes.rst (+3/-3)
doc/dnssec-guide/signing.rst (+2/-2)
doc/dnssec-guide/troubleshooting.rst (+3/-3)
doc/dnssec-guide/validation.rst (+0/-2)
doc/man/Makefile.am (+6/-5)
doc/man/Makefile.in (+31/-34)
doc/man/ddns-confgen.8in (+4/-4)
doc/man/delv.1in (+13/-13)
doc/man/dig.1in (+6/-6)
doc/man/dnssec-dsfromkey.1in (+1/-1)
doc/man/dnssec-importkey.1in (+1/-1)
doc/man/dnssec-keygen.1in (+1/-1)
doc/man/dnssec-signzone.1in (+5/-5)
doc/man/filter-a.8in (+2/-2)
doc/man/filter-aaaa.8in (+2/-2)
doc/man/host.1in (+3/-3)
doc/man/mdig.1in (+10/-10)
doc/man/named-checkconf.1in (+1/-1)
doc/man/named-checkzone.1in (+2/-2)
doc/man/named-compilezone.1in (+3/-3)
doc/man/named.conf.5in (+12/-12)
doc/man/nsec3hash.1in (+1/-1)
doc/man/nsupdate.1in (+5/-1)
doc/man/rndc.8in (+15/-11)
doc/man/rndc.conf.5in (+7/-7)
doc/man/tsig-keygen.8in (+1/-1)
doc/misc/forward.zoneopt (+1/-1)
doc/misc/hint.zoneopt (+1/-1)
doc/misc/options (+6/-6)
doc/misc/primary.zoneopt (+1/-1)
doc/misc/secondary.zoneopt (+1/-1)
doc/misc/stub.zoneopt (+2/-2)
doc/notes/notes-9.18.13.rst (+75/-0)
doc/notes/notes-9.18.14.rst (+46/-0)
doc/notes/notes-9.18.15.rst (+57/-0)
doc/notes/notes-9.18.16.rst (+72/-0)
doc/notes/notes-9.18.17.rst (+42/-0)
doc/notes/notes-9.18.18.rst (+47/-0)
doc/notes/notes-known-issues.rst (+11/-0)
lib/bind9/check.c (+15/-7)
lib/bind9/include/bind9/check.h (+3/-1)
lib/dns/adb.c (+43/-25)
lib/dns/catz.c (+710/-487)
lib/dns/clientinfo.c (+6/-2)
lib/dns/dispatch.c (+48/-33)
lib/dns/dnssec.c (+11/-5)
lib/dns/dst_api.c (+126/-66)
lib/dns/dst_internal.h (+10/-0)
lib/dns/dst_parse.c (+20/-18)
lib/dns/dyndb.c (+5/-5)
lib/dns/hmac_link.c (+13/-1)
lib/dns/include/dns/catz.h (+86/-95)
lib/dns/include/dns/clientinfo.h (+12/-2)
lib/dns/include/dns/dnssec.h (+2/-1)
lib/dns/include/dns/dyndb.h (+1/-1)
lib/dns/include/dns/kasp.h (+4/-2)
lib/dns/include/dns/message.h (+1/-0)
lib/dns/include/dns/rdataset.h (+8/-0)
lib/dns/include/dns/resolver.h (+32/-45)
lib/dns/include/dns/rpz.h (+59/-51)
lib/dns/include/dns/stats.h (+4/-3)
lib/dns/include/dns/tsig.h (+3/-1)
lib/dns/include/dns/view.h (+14/-1)
lib/dns/include/dns/xfrin.h (+1/-0)
lib/dns/include/dns/zone.h (+6/-0)
lib/dns/include/dst/dst.h (+16/-6)
lib/dns/kasp.c (+7/-1)
lib/dns/keymgr.c (+39/-20)
lib/dns/keytable.c (+7/-4)
lib/dns/master.c (+1/-1)
lib/dns/nsec3.c (+3/-2)
lib/dns/rbtdb.c (+65/-41)
lib/dns/rdataset.c (+0/-2)
lib/dns/request.c (+13/-8)
lib/dns/resolver.c (+165/-116)
lib/dns/result.c (+64/-33)
lib/dns/rpz.c (+595/-755)
lib/dns/tkey.c (+1/-1)
lib/dns/tsig.c (+18/-8)
lib/dns/validator.c (+35/-11)
lib/dns/view.c (+97/-10)
lib/dns/xfrin.c (+122/-18)
lib/dns/zone.c (+90/-47)
lib/irs/resconf.c (+4/-4)
lib/isc/Makefile.am (+0/-6)
lib/isc/Makefile.in (+40/-80)
lib/isc/errno2result.c (+1/-0)
lib/isc/hmac.c (+1/-0)
lib/isc/httpd.c (+34/-17)
lib/isc/include/isc/os.h (+9/-2)
lib/isc/include/isc/result.h (+7/-5)
lib/isc/include/isc/types.h (+0/-2)
lib/isc/include/isc/util.h (+10/-0)
lib/isc/lib.c (+0/-1)
lib/isc/log.c (+91/-68)
lib/isc/mem.c (+0/-1)
lib/isc/netmgr/netmgr-int.h (+4/-3)
lib/isc/netmgr/netmgr.c (+23/-9)
lib/isc/netmgr/tlsstream.c (+6/-2)
lib/isc/netmgr/uverr2result.c (+7/-5)
lib/isc/os.c (+14/-0)
lib/isc/radix.c (+3/-3)
lib/isc/result.c (+3/-0)
lib/isccfg/namedconf.c (+8/-5)
lib/ns/client.c (+17/-11)
lib/ns/include/ns/client.h (+1/-0)
lib/ns/include/ns/server.h (+19/-16)
lib/ns/query.c (+84/-49)
lib/ns/server.c (+0/-1)
lib/ns/update.c (+2/-2)
lib/ns/xfrout.c (+33/-0)
srcid (+1/-1)
tests/dns/acl_test.c (+1/-0)
tests/dns/db_test.c (+1/-0)
tests/dns/dbdiff_test.c (+1/-0)
tests/dns/dbiterator_test.c (+1/-0)
tests/dns/dbversion_test.c (+1/-0)
tests/dns/dh_test.c (+8/-0)
tests/dns/dns64_test.c (+1/-0)
tests/dns/dst_test.c (+8/-0)
tests/dns/geoip_test.c (+1/-0)
tests/dns/master_test.c (+1/-0)
tests/dns/nsec3_test.c (+1/-0)
tests/dns/nsec3param_test.c (+1/-0)
tests/dns/rbtdb_test.c (+170/-0)
tests/dns/rdata_test.c (+1/-0)
tests/dns/rdataset_test.c (+1/-0)
tests/dns/resolver_test.c (+1/-0)
tests/dns/rsa_test.c (+8/-0)
tests/dns/sigs_test.c (+1/-0)
tests/dns/tsig_test.c (+1/-0)
tests/dns/zonemgr_test.c (+1/-0)
tests/dns/zt_test.c (+1/-0)
tests/irs/resconf_test.c (+1/-0)
tests/isc/aes_test.c (+1/-0)
tests/isc/buffer_test.c (+1/-0)
tests/isc/counter_test.c (+1/-0)
tests/isc/crc64_test.c (+1/-0)
tests/isc/doh_test.c (+31/-25)
tests/isc/errno_test.c (+1/-0)
tests/isc/file_test.c (+1/-0)
tests/isc/heap_test.c (+1/-0)
tests/isc/hmac_test.c (+8/-0)
tests/isc/ht_test.c (+2/-2)
tests/isc/lex_test.c (+1/-0)
tests/isc/md_test.c (+1/-0)
tests/isc/netaddr_test.c (+1/-0)
tests/isc/netmgr_test.c (+8/-0)
tests/isc/pool_test.c (+1/-0)
tests/isc/quota_test.c (+1/-0)
tests/isc/radix_test.c (+51/-0)
tests/isc/regex_test.c (+1/-0)
tests/isc/result_test.c (+1/-0)
tests/isc/safe_test.c (+1/-0)
tests/isc/siphash_test.c (+1/-0)
tests/isc/sockaddr_test.c (+1/-0)
tests/isc/stats_test.c (+1/-0)
tests/isc/symtab_test.c (+1/-0)
tests/isc/taskpool_test.c (+1/-0)
tests/isc/time_test.c (+1/-0)
tests/isccfg/duration_test.c (+1/-1)
tests/isccfg/parser_test.c (+1/-0)
tests/ns/listenlist_test.c (+2/-2)
tests/ns/notify_test.c (+2/-2)
tests/ns/plugin_test.c (+1/-0)
tests/ns/query_test.c (+1/-2)
tests/unit-test-driver.sh.in (+2/-2)

~lvoytek/ubuntu/+source/bind9:MRE-lunar-9.18.18

Merged into ubuntu/+source/bind9:ubuntu/lunar-devel at revision e394e1303d42519ca36879abe5301394d7e8bc4a

Andreas Hasenack: Approve on 2023-09-22

git-ubuntu bot: Approve on 2023-09-20

Canonical Server Reporter: Pending requested 2023-09-19

Diff: 49388 lines (+14938/-6786)

811 files modified

~lvoytek/ubuntu/+source/bind9:update-to-9.18.18

Merged into ubuntu/+source/bind9:ubuntu/devel at revision bee9eb66dc4d152444e02405d28ad9eea2876c5d

git-ubuntu bot: Approve on 2023-09-15

Andreas Hasenack: Approve on 2023-09-15

Canonical Server Reporter: Pending requested 2023-09-05

Diff: 26276 lines (+5541/-3527)

461 files modified

CHANGES (+59/-0)
COPYRIGHT (+30/-30)
ChangeLog (+59/-0)
NEWS (+59/-0)
bin/dig/dig.c (+1/-1)
bin/dnssec/dnssec-settime.rst (+1/-1)
bin/named/config.c (+1/-0)
bin/named/main.c (+3/-0)
bin/named/zoneconf.c (+1/-1)
bin/nsupdate/nsupdate.c (+10/-1)
bin/tests/system/README (+2/-2)
bin/tests/system/acl/ns2/named1.conf.in (+1/-0)
bin/tests/system/acl/ns2/named2.conf.in (+1/-0)
bin/tests/system/acl/ns2/named3.conf.in (+1/-0)
bin/tests/system/acl/ns2/named4.conf.in (+1/-0)
bin/tests/system/acl/ns2/named5.conf.in (+1/-0)
bin/tests/system/acl/ns3/named.conf.in (+1/-0)
bin/tests/system/acl/ns4/named.conf.in (+1/-0)
bin/tests/system/acl/tests.sh (+32/-30)
bin/tests/system/additional/ns2/named.conf.in (+1/-0)
bin/tests/system/additional/tests.sh (+28/-26)
bin/tests/system/addzone/ns1/named.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named2.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named3.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named2.conf.in (+1/-0)
bin/tests/system/addzone/tests.sh (+134/-132)
bin/tests/system/allow-query/ns1/named.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named01.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named02.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named03.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named04.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named05.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named06.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named07.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named08.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named09.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named10.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named11.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named12.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named21.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named22.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named23.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named24.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named25.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named26.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named27.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named28.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named29.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named30.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named31.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named32.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named33.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named34.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named40.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named53.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named54.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named55.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named56.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named57.conf.in (+1/-0)
bin/tests/system/allow-query/tests.sh (+100/-98)
bin/tests/system/ans.pl (+5/-5)
bin/tests/system/auth/ns1/named.conf.in (+1/-0)
bin/tests/system/auth/ns2/named.conf.in (+1/-0)
bin/tests/system/auth/tests.sh (+31/-29)
bin/tests/system/autosign/tests.sh (+14/-9)
bin/tests/system/builtin/ns1/named.conf.in (+1/-0)
bin/tests/system/builtin/ns2/named.conf.in (+1/-0)
bin/tests/system/builtin/ns3/named.conf.in (+1/-0)
bin/tests/system/builtin/tests.sh (+33/-31)
bin/tests/system/cacheclean/tests.sh (+39/-37)
bin/tests/system/case/ns1/named.conf.in (+1/-0)
bin/tests/system/case/ns2/named.conf.in (+1/-0)
bin/tests/system/case/tests.sh (+23/-21)
bin/tests/system/catz/ns1/named.conf.in (+1/-0)
bin/tests/system/catz/ns2/named1.conf.in (+1/-0)
bin/tests/system/catz/ns2/named2.conf.in (+1/-0)
bin/tests/system/catz/ns3/named.conf.in (+1/-0)
bin/tests/system/catz/ns4/named.conf.in (+1/-0)
bin/tests/system/cds/setup.sh (+3/-1)
bin/tests/system/cds/tests.sh (+3/-2)
bin/tests/system/chain/tests.sh (+73/-71)
bin/tests/system/checkconf/clean.sh (+1/-0)
bin/tests/system/checkconf/deprecated.conf (+3/-0)
bin/tests/system/checkconf/dnssec.2 (+1/-1)
bin/tests/system/checkconf/dnssec.3 (+1/-1)
bin/tests/system/checkconf/tests.sh (+164/-163)
bin/tests/system/checkds/ns2/named.conf.in (+1/-0)
bin/tests/system/checkds/ns4/named.conf.in (+1/-0)
bin/tests/system/checkds/ns5/named.conf.in (+1/-0)
bin/tests/system/checkds/ns6/named.conf.in (+1/-0)
bin/tests/system/checkds/ns7/named.conf.in (+1/-0)
bin/tests/system/checkds/ns9/named.conf.in (+1/-0)
bin/tests/system/checknames/tests.sh (+24/-22)
bin/tests/system/checkzone/tests.sh (+2/-0)
bin/tests/system/ckdnsrps.sh (+2/-2)
bin/tests/system/conf.sh.common (+12/-13)
bin/tests/system/conf.sh.in (+7/-2)
bin/tests/system/conftest.py (+1/-0)
bin/tests/system/cookie/ns7/named.conf.in (+1/-0)
bin/tests/system/cookie/tests.sh (+83/-81)
bin/tests/system/database/tests.sh (+7/-5)
bin/tests/system/dialup/tests.sh (+6/-4)
bin/tests/system/digdelv/tests.sh (+14/-15)
bin/tests/system/dispatch/ns1/named.conf.in (+1/-0)
bin/tests/system/dispatch/ns2/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/ns1/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/tests.sh (+40/-38)
bin/tests/system/dns64/tests.sh (+313/-311)
bin/tests/system/dnssec/ns4/named5.conf.in (+1/-0)
bin/tests/system/dnssec/ns5/named2.conf.in (+1/-0)
bin/tests/system/dnssec/tests.sh (+32/-35)
bin/tests/system/dnstap/tests.sh (+152/-140)
bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem (+1/-1)
bin/tests/system/doth/example.axfr.good (+1/-1)
bin/tests/system/doth/example8.axfr.good (+1/-1)
bin/tests/system/doth/tests.sh (+12/-11)
bin/tests/system/dsdigest/tests.sh (+5/-3)
bin/tests/system/dupsigs/ns1/named.conf.in (+1/-0)
bin/tests/system/dupsigs/ns1/reset_keys.sh (+23/-23)
bin/tests/system/dupsigs/tests.sh (+5/-3)
bin/tests/system/dyndb/ns1/named.conf.in (+1/-0)
bin/tests/system/dyndb/tests.sh (+25/-23)
bin/tests/system/ecdsa/setup.sh (+1/-1)
bin/tests/system/ednscompliance/ns1/named.conf.in (+1/-0)
bin/tests/system/ednscompliance/tests.sh (+21/-19)
bin/tests/system/emptyzones/ns1/named1.conf.in (+1/-0)
bin/tests/system/emptyzones/ns1/named2.conf.in (+1/-0)
bin/tests/system/emptyzones/tests.sh (+6/-4)
bin/tests/system/enginepkcs11/tests.sh (+2/-0)
bin/tests/system/fetchlimit/tests.sh (+14/-12)
bin/tests/system/filter-aaaa/ns1/sign.sh (+1/-1)
bin/tests/system/filter-aaaa/tests.sh (+280/-278)
bin/tests/system/formerr/clean.sh (+3/-3)
bin/tests/system/formerr/formerr.pl (+1/-1)
bin/tests/system/formerr/ns1/named.conf.in (+1/-0)
bin/tests/system/formerr/tests.sh (+8/-6)
bin/tests/system/forward/ns10/named.conf.in (+1/-0)
bin/tests/system/forward/tests.sh (+4/-2)
bin/tests/system/genzone.sh (+7/-7)
bin/tests/system/geoip2/tests.sh (+75/-73)
bin/tests/system/get_core_dumps.sh (+1/-1)
bin/tests/system/glue/ns1/named.conf.in (+1/-0)
bin/tests/system/glue/tests.sh (+2/-0)
bin/tests/system/host/ns1/named.conf.in (+1/-0)
bin/tests/system/idna/tests.sh (+8/-7)
bin/tests/system/ifconfig.sh.in (+0/-8)
bin/tests/system/include-multiplecfg/ns2/named.conf.in (+1/-0)
bin/tests/system/include-multiplecfg/tests.sh (+9/-8)
bin/tests/system/inline/ns2/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/sign.sh (+2/-2)
bin/tests/system/inline/ns4/named.conf.in (+1/-0)
bin/tests/system/inline/ns6/named.conf.in (+1/-0)
bin/tests/system/inline/ns8/named.conf.in (+1/-0)
bin/tests/system/inline/tests.sh (+153/-139)
bin/tests/system/integrity/ns1/named.conf.in (+1/-0)
bin/tests/system/integrity/tests.sh (+26/-24)
bin/tests/system/ixfr/ns1/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns3/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns4/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns5/named.conf.in (+1/-0)
bin/tests/system/ixfr/tests.sh (+6/-4)
bin/tests/system/journal/tests.sh (+45/-43)
bin/tests/system/kasp.sh (+11/-4)
bin/tests/system/kasp/ns2/named.conf.in (+1/-0)
bin/tests/system/kasp/ns3/named-fips.conf.in (+12/-0)
bin/tests/system/kasp/ns3/setup.sh (+41/-0)
bin/tests/system/kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/kasp/ns5/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named2.conf.in (+1/-0)
bin/tests/system/kasp/tests.sh (+78/-5)
bin/tests/system/keepalive/ns1/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns2/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns3/named.conf.in (+1/-0)
bin/tests/system/keepalive/tests.sh (+22/-20)
bin/tests/system/keyfromlabel/tests.sh (+2/-0)
bin/tests/system/keymgr2kasp/ns3/named.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/ns3/named2.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/ns4/named2.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/tests.sh (+2/-0)
bin/tests/system/legacy/ns6/sign.sh (+2/-2)
bin/tests/system/legacy/ns7/sign.sh (+2/-2)
bin/tests/system/legacy/tests.sh (+44/-42)
bin/tests/system/limits/ns1/named.conf.in (+1/-0)
bin/tests/system/limits/tests.sh (+2/-0)
bin/tests/system/logfileconfig/tests.sh (+6/-4)
bin/tests/system/masterfile/ns1/named.conf.in (+1/-0)
bin/tests/system/masterfile/tests.sh (+10/-8)
bin/tests/system/masterformat/ns1/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns2/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns3/named.conf.in (+1/-0)
bin/tests/system/masterformat/tests.sh (+3/-2)
bin/tests/system/metadata/clean.sh (+1/-1)
bin/tests/system/metadata/tests.sh (+12/-15)
bin/tests/system/mirror/ns1/named.conf.in (+1/-0)
bin/tests/system/mirror/ns2/named.conf.in (+1/-0)
bin/tests/system/mirror/ns3/named.conf.in (+1/-0)
bin/tests/system/mirror/tests.sh (+2/-0)
bin/tests/system/mkeys/tests.sh (+11/-9)
bin/tests/system/names/ns1/named.conf.in (+1/-0)
bin/tests/system/names/tests.sh (+8/-7)
bin/tests/system/notify/ns1/named.conf.in (+1/-0)
bin/tests/system/notify/ns2/named.conf.in (+1/-0)
bin/tests/system/notify/ns3/named.conf.in (+1/-0)
bin/tests/system/notify/ns4/named.conf.in (+1/-0)
bin/tests/system/notify/ns5/named.conf.in (+1/-0)
bin/tests/system/notify/tests.sh (+2/-1)
bin/tests/system/nsec3/ns2/named.conf.in (+1/-0)
bin/tests/system/nsec3/tests.sh (+3/-1)
bin/tests/system/nslookup/ns1/named.conf.in (+1/-0)
bin/tests/system/nslookup/tests.sh (+18/-0)
bin/tests/system/nsupdate/clean.sh (+2/-0)
bin/tests/system/nsupdate/krb/setup.sh (+4/-4)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private (+7/-0)
bin/tests/system/nsupdate/ns1/named.conf.in (+13/-0)
bin/tests/system/nsupdate/ns10/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns2/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns5/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns6/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns7/named1.conf.in (+52/-0)
bin/tests/system/nsupdate/ns7/named2.conf.in (+1/-0)
bin/tests/system/nsupdate/ns8/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns9/named.conf.in (+1/-0)
bin/tests/system/nsupdate/setup.sh (+12/-1)
bin/tests/system/nsupdate/tests.sh (+68/-17)
bin/tests/system/nzd2nzf/ns1/named.conf.in (+1/-0)
bin/tests/system/nzd2nzf/tests.sh (+2/-0)
bin/tests/system/padding/ns1/named.conf.in (+1/-0)
bin/tests/system/padding/ns2/named.conf.in (+1/-0)
bin/tests/system/padding/ns3/named.conf.in (+1/-0)
bin/tests/system/padding/ns4/named.conf.in (+1/-0)
bin/tests/system/padding/tests.sh (+27/-25)
bin/tests/system/pending/ns1/named.conf.in (+1/-0)
bin/tests/system/pending/ns1/sign.sh (+1/-1)
bin/tests/system/pending/ns4/named.conf.in (+1/-0)
bin/tests/system/pending/tests.sh (+36/-34)
bin/tests/system/pipelined/tests.sh (+8/-6)
bin/tests/system/qmin/tests.sh (+14/-15)
bin/tests/system/reclimit/tests.sh (+29/-27)
bin/tests/system/redirect/ns5/named.conf.in (+1/-0)
bin/tests/system/redirect/ns6/named.conf.in (+1/-0)
bin/tests/system/redirect/tests.sh (+122/-120)
bin/tests/system/resolver/ans10/ans.py (+152/-0)
bin/tests/system/resolver/ns4/root.db (+2/-0)
bin/tests/system/resolver/tests.sh (+29/-15)
bin/tests/system/rndc/ns2/named.conf.in (+1/-0)
bin/tests/system/rndc/ns3/named.conf.in (+1/-0)
bin/tests/system/rndc/ns5/named.conf.in (+1/-0)
bin/tests/system/rndc/ns6/named.args (+1/-1)
bin/tests/system/rndc/ns6/named.conf.in (+1/-0)
bin/tests/system/rndc/ns7/named.conf.in (+1/-0)
bin/tests/system/rndc/tests.sh (+13/-11)
bin/tests/system/rootkeysentinel/ns2/sign.sh (+4/-7)
bin/tests/system/rootkeysentinel/tests.sh (+46/-46)
bin/tests/system/rpz/clean.sh (+1/-1)
bin/tests/system/rpz/ns1/named.conf.in (+1/-0)
bin/tests/system/rpz/qperf.sh (+2/-2)
bin/tests/system/rpz/tests.sh (+68/-62)
bin/tests/system/rpzrecurse/setup.sh (+6/-6)
bin/tests/system/rpzrecurse/tests.sh (+56/-52)
bin/tests/system/rrchecker/tests.sh (+12/-10)
bin/tests/system/rrl/broken.conf.in (+1/-0)
bin/tests/system/rrl/tests.sh (+24/-22)
bin/tests/system/rrsetorder/tests.sh (+7/-5)
bin/tests/system/rsabigexponent/ns1/root.db.in (+1/-1)
bin/tests/system/rsabigexponent/ns1/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/ns2/named.conf.in (+1/-0)
bin/tests/system/rsabigexponent/ns2/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/tests.sh (+6/-4)
bin/tests/system/runtime/ns2/named-alt4.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt5.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt6.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt7.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt9.conf.in (+1/-0)
bin/tests/system/runtime/setup.sh (+1/-1)
bin/tests/system/runtime/tests.sh (+4/-4)
bin/tests/system/serve-stale/ns1/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named2.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named3.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named8.conf.in (+1/-0)
bin/tests/system/serve-stale/ns4/named.conf.in (+1/-0)
bin/tests/system/serve-stale/ns5/named.conf.in (+1/-0)
bin/tests/system/serve-stale/tests.sh (+77/-19)
bin/tests/system/sfcache/tests.sh (+2/-2)
bin/tests/system/shutdown/tests_shutdown.py (+24/-24)
bin/tests/system/smartsign/tests.sh (+2/-0)
bin/tests/system/sortlist/ns1/named.conf.in (+1/-0)
bin/tests/system/sortlist/tests.sh (+2/-0)
bin/tests/system/spf/ns1/named.conf.in (+1/-0)
bin/tests/system/spf/tests.sh (+4/-2)
bin/tests/system/staticstub/ns3/sign.sh (+1/-1)
bin/tests/system/staticstub/tests.sh (+36/-34)
bin/tests/system/statistics/ns2/named2.conf.in (+1/-0)
bin/tests/system/statistics/tests.sh (+47/-43)
bin/tests/system/statschannel/fetch.pl (+1/-1)
bin/tests/system/statschannel/ns1/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named2.conf.in (+1/-0)
bin/tests/system/statschannel/ns3/named.conf.in (+1/-0)
bin/tests/system/statschannel/tests.sh (+90/-28)
bin/tests/system/stop.pl (+2/-8)
bin/tests/system/stress/setup.pl (+2/-2)
bin/tests/system/stress/tests.sh (+3/-1)
bin/tests/system/stub/ns1/named.conf.in (+1/-0)
bin/tests/system/stub/ns2/named.conf.in (+1/-0)
bin/tests/system/stub/ns3/named.conf.in (+1/-0)
bin/tests/system/stub/tests.sh (+2/-0)
bin/tests/system/synthfromdnssec/tests.sh (+2/-0)
bin/tests/system/tcp/ns1/named.conf.in (+1/-0)
bin/tests/system/tcp/ns2/named.conf.in (+1/-0)
bin/tests/system/tcp/ns3/named.conf.in (+1/-0)
bin/tests/system/tcp/ns4/named.conf.in (+1/-0)
bin/tests/system/tcp/ns7/named.conf.in (+1/-0)
bin/tests/system/timeouts/ns1/named.conf.in (+1/-0)
bin/tests/system/tkey/ns1/named.conf.in (+1/-0)
bin/tests/system/tools/tests.sh (+32/-29)
bin/tests/system/transport-acl/tests.sh (+2/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private (+7/-0)
bin/tests/system/tsig/ns1/named.conf.in (+27/-0)
bin/tests/system/tsig/setup.sh (+5/-0)
bin/tests/system/tsig/tests.sh (+63/-2)
bin/tests/system/tsiggss/ns1/example.nil.db.in (+1/-1)
bin/tests/system/tsiggss/ns1/named.conf.in (+1/-0)
bin/tests/system/tsiggss/setup.sh (+1/-1)
bin/tests/system/tsiggss/tests.sh (+9/-7)
bin/tests/system/tsiggss/tests_isc_spnego_flaws.py (+219/-0)
bin/tests/system/ttl/ns1/named.conf.in (+1/-0)
bin/tests/system/unknown/ns1/named.conf.in (+1/-0)
bin/tests/system/unknown/ns2/named.conf.in (+1/-0)
bin/tests/system/unknown/ns3/named.conf.in (+1/-0)
bin/tests/system/unknown/tests.sh (+20/-18)
bin/tests/system/upforwd/ans4/ans.pl (+5/-5)
bin/tests/system/upforwd/ns1/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns2/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named1.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named2.conf.in (+1/-0)
bin/tests/system/upforwd/tests.sh (+46/-44)
bin/tests/system/verify/tests.sh (+8/-6)
bin/tests/system/views/ns1/named.conf.in (+1/-0)
bin/tests/system/views/ns2/named1.conf.in (+1/-0)
bin/tests/system/views/ns2/named2.conf.in (+1/-0)
bin/tests/system/views/ns2/named3.conf.in (+1/-0)
bin/tests/system/views/ns3/named1.conf.in (+1/-0)
bin/tests/system/views/ns3/named2.conf.in (+1/-0)
bin/tests/system/views/ns5/named.conf.in (+1/-0)
bin/tests/system/wildcard/tests.sh (+54/-52)
bin/tests/system/xfer/ns1/named1.conf.in (+1/-0)
bin/tests/system/xfer/ns1/named2.conf.in (+1/-0)
bin/tests/system/xfer/ns1/named3.conf.in (+1/-0)
bin/tests/system/xfer/ns2/named.conf.in (+1/-0)
bin/tests/system/xfer/ns3/named.conf.in (+1/-0)
bin/tests/system/xfer/ns6/named.conf.in (+1/-0)
bin/tests/system/xfer/ns7/named.conf.in (+1/-0)
bin/tests/system/xfer/ns8/named.conf.in (+1/-0)
bin/tests/system/xfer/tests.sh (+8/-6)
bin/tests/system/xferquota/ns1/named.conf.in (+1/-0)
bin/tests/system/xferquota/ns2/named.conf.in (+1/-0)
bin/tests/system/xferquota/tests.sh (+6/-4)
bin/tests/system/zero/tests.sh (+3/-1)
bin/tests/system/zonechecks/tests.sh (+30/-28)
configure (+12/-12)
configure.ac (+1/-1)
contrib/README (+1/-1)
contrib/dlz/modules/bdbhpt/testing/bdbhpt-populate.pl (+3/-3)
contrib/dlz/modules/ldap/testing/slapd.conf (+2/-2)
contrib/dlz/modules/mysqldyn/README (+1/-1)
contrib/scripts/zone-edit.sh.in (+4/-4)
debian/changelog (+24/-0)
doc/arm/dns-ops.inc.rst (+1/-1)
doc/arm/index.rst (+3/-0)
doc/arm/intro-dns-bind.inc.rst (+53/-53)
doc/arm/intro-security.inc.rst (+31/-31)
doc/arm/introduction.inc.rst (+6/-6)
doc/arm/logging-categories.inc.rst (+10/-10)
doc/arm/notes.rst (+2/-0)
doc/arm/reference.rst (+16/-11)
doc/arm/requirements.txt (+3/-3)
doc/arm/security.inc.rst (+1/-1)
doc/arm/troubleshooting.inc.rst (+1/-1)
doc/dnssec-guide/introduction.rst (+2/-2)
doc/dnssec-guide/preface.rst (+1/-1)
doc/dnssec-guide/recipes.rst (+3/-3)
doc/dnssec-guide/signing.rst (+2/-2)
doc/dnssec-guide/troubleshooting.rst (+3/-3)
doc/man/named.conf.5in (+6/-6)
doc/misc/options (+3/-3)
doc/misc/primary.zoneopt (+1/-1)
doc/misc/secondary.zoneopt (+1/-1)
doc/misc/stub.zoneopt (+1/-1)
doc/notes/notes-9.18.17.rst (+42/-0)
doc/notes/notes-9.18.18.rst (+47/-0)
lib/dns/adb.c (+43/-25)
lib/dns/catz.c (+51/-22)
lib/dns/hmac_link.c (+12/-1)
lib/dns/include/dns/catz.h (+20/-0)
lib/dns/include/dns/kasp.h (+4/-2)
lib/dns/include/dns/message.h (+1/-0)
lib/dns/include/dns/resolver.h (+32/-45)
lib/dns/include/dst/dst.h (+9/-2)
lib/dns/kasp.c (+7/-1)
lib/dns/keymgr.c (+17/-13)
lib/dns/resolver.c (+131/-102)
lib/dns/result.c (+64/-33)
lib/dns/rpz.c (+2/-2)
lib/dns/tkey.c (+1/-1)
lib/dns/xfrin.c (+4/-2)
lib/dns/zone.c (+2/-4)
lib/isc/errno2result.c (+1/-0)
lib/isc/httpd.c (+34/-17)
lib/isc/include/isc/result.h (+6/-5)
lib/isc/netmgr/netmgr-int.h (+3/-2)
lib/isc/netmgr/netmgr.c (+10/-0)
lib/isc/result.c (+2/-0)
lib/isccfg/namedconf.c (+3/-2)
lib/ns/query.c (+0/-2)
srcid (+1/-1)
tests/dns/rbtdb_test.c (+169/-0)

CVE References

Wladimir Mutel (mwg) on 2023-04-04

description:

updated

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2023-04-05:

Thank you for taking the time to report this bug.

As you have noticed, bind9 has been updated to its latest version in the 9.18.x series. This was quite a leap, which brought many important bugfixes to Ubuntu users across many release. We do our best to guarantee that these bigger-than-normal updates go smooth, but unfortunately there are scenarios which are too complex or uncommon to cover. It seems that you've hit one of those bumps.

I was able to successfully reproduce the problem you reported after I generated an HMAC-MD5 key on Bionic (which is the only LTS distro that's still able to generate keys using this algorithm), by doing:

$ dnssec-keygen -a HMAC-MD5 -b 128 -n HOST bind9.lxd
$ cat Kbind9.lxd.+157+25064.key
bind9.lxd. IN KEY 512 3 157 0OaUhv7uRii9yrq6kdSnbA==
$ cat Kbind9.lxd.+157+25064.private
Private-key-format: v1.3
Algorithm: 157 (HMAC_MD5)
Key: 0OaUhv7uRii9yrq6kdSnbA==
Bits: AAA=
Created: 20230405201738
Publish: 20230405201738
Activate: 20230405201738

This effectively created a pair of keys, which I transferred to a Jammy container and then tried invoking "nsupdate -k":

# nsupdate -k /etc/bind/Kbind9.lxd.+157+25064
could not read key from /etc/bind/Kbind9.lxd.+157+25064.{private,key}: file not found

I spent some time debugging the problem, and was able to track down the issue to the fact that bind9 has chosen different numbers to represent key algorithms internally. These numbers happen to be hardcoded inside the keys, which means that, when nsupdate checks if the specified algorithm is supported (and HMAC-MD5 is still supported), it can't find the entry associated with the old number and bails out.

In order to make things work again, a quick workaround is to edit your key files and replace "157" with "160". For example, here are the two files listed above with the modifications in place:

# cat Kbind9.lxd.+157+25064.key
bind9.lxd. IN KEY 512 3 160 0OaUhv7uRii9yrq6kdSnbA==
# cat Kbind9.lxd.+157+25064.private
Private-key-format: v1.3
Algorithm: 160 (HMAC_MD5)
Key: 0OaUhv7uRii9yrq6kdSnbA==
Bits: AAA=
Created: 20230405201738
Publish: 20230405201738
Activate: 20230405201738

There is also a newer format for key files which you can use. For the example I'm using here, it looks like this:

# cat Kbind9.lxd.+157+25064
key "bind9.lxd" {
algorithm hmac-md5;
secret "0OaUhv7uRii9yrq6kdSnbA==";
};

Note that this format doesn't contain any internal references to how bind9 numbers the algorithms, which is more future-proof. An even better solution would be to move away from HMAC-MD5, but I understand that that's not always possible.

For reference, the upstream commit that broke things was:

https://gitlab.isc.org/isc-projects/bind9/-/commit/09f7e0607a34d90eae53f862954e98c31b5ae532

There's an upstream bug about this problem, which I will link in a moment.

Thank you for taking the time to report this bug.

As you have noticed, bind9 has been updated to its latest version in the 9.18.x series.  This was quite a leap, which brought many important bugfixes to Ubuntu users across many release.  We do our best to guarantee that these bigger-than-normal updates go smooth, but unfortunately there are scenarios which are too complex or uncommon to cover.  It seems that you've hit one of those bumps.

This effectively created a pair of keys, which I transferred to a Jammy container and then tried invoking "nsupdate -k":

# nsupdate -k /etc/bind/Kbind9.lxd.+157+25064
could not read key from /etc/bind/Kbind9.lxd.+157+25064.{private,key}: file not found

I spent some time debugging the problem, and was able to track down the issue to the fact that bind9 has chosen different numbers to represent key algorithms internally.  These numbers happen to be hardcoded inside the keys, which means that, when nsupdate checks if the specified algorithm is supported (and HMAC-MD5 is still supported), it can't find the entry associated with the old number and bails out.

In order to make things work again, a quick workaround is to edit your key files and replace "157" with "160".  For example, here are the two files listed above with the modifications in place:

# cat Kbind9.lxd.+157+25064.key 
bind9.lxd. IN KEY 512 3 160 0OaUhv7uRii9yrq6kdSnbA==
# cat Kbind9.lxd.+157+25064.private 
Private-key-format: v1.3
Algorithm: 160 (HMAC_MD5)
Key: 0OaUhv7uRii9yrq6kdSnbA==
Bits: AAA=
Created: 20230405201738
Publish: 20230405201738
Activate: 20230405201738

There is also a newer format for key files which you can use.  For the example I'm using here, it looks like this:

# cat Kbind9.lxd.+157+25064 
key "bind9.lxd" {
        algorithm hmac-md5;
        secret "0OaUhv7uRii9yrq6kdSnbA==";
};

Note that this format doesn't contain any internal references to how bind9 numbers the algorithms, which is more future-proof.  An even better solution would be to move away from HMAC-MD5, but I understand that that's not always possible.

For reference, the upstream commit that broke things was:

https://gitlab.isc.org/isc-projects/bind9/-/commit/09f7e0607a34d90eae53f862954e98c31b5ae532

There's an upstream bug about this problem, which I will link in a moment.

Revision history for this message

Sergio Durigan Junior (sergiodj) wrote on 2023-04-05:

Upstream bug: https://gitlab.isc.org/isc-projects/bind9/-/issues/3668

Changed in bind9 (Ubuntu):
status:	New → Triaged
Changed in bind9 (Ubuntu Jammy):
status:	New → Triaged
Changed in bind9 (Ubuntu Kinetic):
status:	New → Triaged

Andreas Hasenack (ahasenack) on 2023-04-10

tags:

added: regression-update

Revision history for this message

Robie Basak (racb) wrote on 2023-06-12:

I wonder if there are any plans to fix this, or are we going to have to leave it now that the damage is done?

tags:

added: server-triage-discuss

Christian Ehrhardt  (paelzer) on 2023-06-14

tags:

added: server-todo
removed: server-triage-discuss

Revision history for this message

Lena Voytek (lvoytek) wrote on 2023-06-14:

For now I would like to avoid a second regression for users of Ubuntu stable releases, so I will avoid updates unless there is enough demand for them. If anyone else has experienced this issue too and comes across this, please let me know. As for mantic, I'll wait and see if upstream comes up with a solution in 9.19.x and port it in accordingly for future consistency. Thanks!

Changed in bind9 (Ubuntu):
assignee:	nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Jammy):
assignee:	nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Kinetic):
assignee:	nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Lunar):
assignee:	nobody → Lena Voytek (lvoytek)

Revision history for this message

Lena Voytek (lvoytek) wrote on 2023-06-28:

Still waiting on upstream to make a decision, removing server-todo for now

tags:

removed: server-todo

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-09-16:

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu1

---------------
bind9 (1:9.18.18-0ubuntu1) mantic; urgency=medium

  * New upstream release 9.18.18 (LP: #2034367)
    - Updates:
      + Mark a primary server as temporarily unreachable when a TCP connection
        response to an SOA query times out, matching behavior of a refused TCP
        connection.
      + Mark dialup and heartbeat-interval options as deprecated.
      + Retry DNS queries without an EDNS COOKIE when the first response is
        FORMERR with the EDNS COOKIE that was sent originally.
      + Use NS records for the relaxed QNAME minimization mode to reduce the
        number of queries from named.
    - Bug Fixes:
      + Fix assertion failure from processing already-queued queries while
        server is being reconfigured or cache is being flushed.
      + Fix failure to load zones containing resource records with a TTL value
        larger than 86400 seconds when dnssec-policy is set to insecure.
      + Fix the ability to read HMAC-MD5 key files (LP: #2015176).
      + Fix stability issues with the catalog zone implementation.
    - See https://bind9.readthedocs.io/en/v9.18.18/notes.html for additional
      information.

-- Lena Voytek <email address hidden> Tue, 05 Sep 2023 13:20:06 -0700

Changed in bind9 (Ubuntu):
status:	Triaged → Fix Released

Revision history for this message

Wladimir Mutel (mwg) wrote on 2023-09-19:

great that it is fixed for mantic, how about fixing it for jammy as well ?

Lena Voytek (lvoytek) on 2023-09-19

Changed in bind9 (Ubuntu Kinetic):
status:	Triaged → Won't Fix
Changed in bind9 (Ubuntu Lunar):
status:	Triaged → In Progress
Changed in bind9 (Ubuntu Jammy):
status:	Triaged → In Progress

Lena Voytek (lvoytek) on 2023-09-20

description:

updated

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-09-29: Please test proposed package

Hello Wladimir, or anyone else affected,

Accepted bind9 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.18-0ubuntu0.22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind9 (Ubuntu Jammy):
status:	In Progress → Fix Committed
tags:	added: verification-needed verification-needed-jammy
Changed in bind9 (Ubuntu Lunar):
status:	In Progress → Fix Committed
tags:	added: verification-needed-lunar

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-09-29:

Hello Wladimir, or anyone else affected,

Accepted bind9 into lunar-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.18-0ubuntu0.23.04.1 in a few hours, and then in the -proposed repository.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-lunar to verification-done-lunar. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-lunar. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message

Lena Voytek (lvoytek) wrote on 2023-09-29:

#10

Verified for Lunar and Jammy

# lxc launch ubuntu:jammy test-bind9-jammy
# lxc exec test-bind9-jammy bash

cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

# apt update && apt dist-upgrade -y
# apt install bind9 -y

# cat <<EOF >Kexample.com.+157+15178.key
example.com. IN KEY 512 3 157 SItPKKvb7T9QEBRl9Mmrng==
EOF

# nsupdate -k Kexample.com.+157+15178.private

29-Sep-2023 22:23:44.897 Kexample.com.+157+15178.private: Use of K* file pairs for HMAC is deprecated

# lxc launch ubuntu:lunar test-bind9-lunar
# lxc exec test-bind9-lunar bash

# apt update && apt dist-upgrade -y
# apt install bind9 -y

# cat <<EOF >Kexample.com.+157+15178.key
example.com. IN KEY 512 3 157 SItPKKvb7T9QEBRl9Mmrng==
EOF

# nsupdate -k Kexample.com.+157+15178.private

29-Sep-2023 22:51:23.253 Kexample.com.+157+15178.private: Use of K* file pairs for HMAC is deprecated

tags:

added: verification-done verification-done-jammy verification-done-lunar
removed: verification-needed verification-needed-jammy verification-needed-lunar

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-26:

#11

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.23.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.23.04.1) lunar; urgency=medium

  * New upstream release 9.18.18 (LP: #2028413)
    - Updates:
      + Mark a primary server as temporarily unreachable when a TCP connection
        response to an SOA query times out, matching behavior of a refused TCP
        connection.
      + Mark dialup and heartbeat-interval options as deprecated.
      + Retry DNS queries without an EDNS COOKIE when the first response is
        FORMERR with the EDNS COOKIE that was sent originally.
      + Use NS records for the relaxed QNAME minimization mode to reduce the
        number of queries from named.
      + Mark TKEY mode 2 as deprecated.
      + Mark delegation-only and root-delegation-only as deprecated.
      + Run RPZ and catalog zone updates on specialized offload threads to
        reduce blocked query processing time.
    - Bug Fixes:
      + Fix assertion failure from processing already-queued queries while
        server is being reconfigured or cache is being flushed.
      + Fix failure to load zones containing resource records with a TTL value
        larger than 86400 seconds when dnssec-policy is set to insecure.
      + Fix the ability to read HMAC-MD5 key files (LP: #2015176).
      + Fix stability issues with the catalog zone implementation.
      + Fix bind9 getting stuck when listen-on statement for HTTP is removed
        from configuration.
      + Do not return delegation from cache after stale-answer-client-timeout.
      + Fix failure to auto-tune clients-per-query limit in some situations.
      + Fix proper timeouts when using max-transfer-time-in and
        max-transfer-idle-in statements.
      + Bring rndc read timeout back to 60 seconds from 30.
      + Treat libuv returning ISC_R_INVALIDPROTO as a network error.
      + Clean up empty-non-terminal NSEC3 records.
      + Fix log file rotation cleanup for absolute file path destinations.
      + Fix various catalog zone processing crashes.
      + Fix transfer hang when downloading large zones over TLS.
      + Fix named crash when adding a new zone into the configuration file for
        a name which was already configured as member zone for a catalog zone.
      + Delay DNSSEC key queries until all zones have finished loading.
    - See https://bind9.readthedocs.io/en/v9.18.18/notes.html for additional
      information.
  * d/p/CVE-2023-2828.patch, CVE-2023-2911.patch: Remove - fixed upstream in
    9.18.16.
  * d/p/CVE-2023-3341.patch: Refresh, matching upstream, to apply in 9.18.18.
  * d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)

-- Lena Voytek <email address hidden> Wed, 20 Sep 2023 14:52:27 -0700

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.23.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.23.04.1) lunar; urgency=medium

-- Lena Voytek <lena.voytek@canonical.com>  Wed, 20 Sep 2023 14:52:27 -0700

Changed in bind9 (Ubuntu Lunar):
status:	Fix Committed → Fix Released

Revision history for this message

Robie Basak (racb) wrote on 2023-10-26: Update Released

#12

The verification of the Stable Release Update for bind9 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-26:

#13

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.22.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.22.04.1) jammy; urgency=medium

-- Lena Voytek <email address hidden> Wed, 20 Sep 2023 15:15:41 -0700

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.22.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.22.04.1) jammy; urgency=medium

-- Lena Voytek <lena.voytek@canonical.com>  Wed, 20 Sep 2023 15:15:41 -0700

Changed in bind9 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

auto-gitlab.isc.org-isc-projects-bind9-- #3668
[closed Affects v9.18 Affects v9.19 Bug Customer Release Notes v9.18 v9.19] Edit

Bug watches keep track of this bug in other bug trackers.

Ubuntubind9 package

Ubuntu 22.04.2, nsupdate stopped recognizing HMAC-MD5 key after update from 1:9.18.1-1ubuntu1.3 to 1:9.18.12-0ubuntu0.22.04.1

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
bind9 package