Ubuntu
bind9 package

MRE updates of bind9 for focal, jammy and lunar

Bug #2028413 reported by Bryce Harrington on 2023-07-22

This bug affects 2 people

	Status	Importance	Assigned to	Milestone
bind-dyndb-ldap (Ubuntu)	Fix Released	Undecided	Unassigned	Ubuntu mantic-updates
Focal	Won't Fix	Undecided	Unassigned
Jammy	Fix Released	Undecided	Unassigned
Lunar	Fix Released	Undecided	Unassigned
bind9 (Ubuntu)	Fix Released	Undecided	Lena Voytek	Ubuntu ubuntu-23.09
Focal	Fix Committed	Undecided	Lena Voytek
Jammy	Fix Released	Undecided	Lena Voytek
Lunar	Fix Released	Undecided	Lena Voytek

Bug Description

This bug tracks an update for the bind9 package, moving to versions:

* lunar (23.04): bind9 9.18.18
* jammy (22.04): bind9 9.18.18
* focal (20.04): bind9 9.16.43

These updates include bug fixes following the SRU policy exception defined at https://wiki.ubuntu.com/Bind9Updates.

[Upstream changes]

9.18.13-9.18.18 for lunar and jammy:

Updates:

Mark a primary server as temporarily unreachable when a TCP connection response to an SOA query times out, matching behavior of a refused TCP connection.
Mark dialup and heartbeat-interval options as deprecated.
Retry DNS queries without an EDNS COOKIE when the first response is FORMERR with the EDNS COOKIE that was sent originally.
Use NS records for the relaxed QNAME minimization mode to reduce the number of queries from named.
Mark TKEY mode 2 as deprecated.
Mark delegation-only and root-delegation-only as deprecated.
Run RPZ and catalog zone updates on specialized offload threads to reduce blocked query processing time.

Bug Fixes:

Fix assertion failure from processing already-queued queries while server is being reconfigured or cache is being flushed.
Fix failure to load zones containing resource records with a TTL value larger than 86400 seconds when dnssec-policy is set to insecure.
Fix the ability to read HMAC-MD5 key files (LP: #2015176).
Fix stability issues with the catalog zone implementation.
Fix bind9 getting stuck when listen-on statement for HTTP is removed from configuration.
Do not return delegation from cache after stale-answer-client-timeout.
Fix failure to auto-tune clients-per-query limit in some situations.
Fix proper timeouts when using max-transfer-time-in and max-transfer-idle-in statements.
Bring rndc read timeout back to 60 seconds from 30.
Treat libuv returning ISC_R_INVALIDPROTO as a network error.
Clean up empty-non-terminal NSEC3 records.
Fix log file rotation cleanup for absolute file path destinations.
Fix various catalog zone processing crashes.
Fix transfer hang when downloading large zones over TLS.
Fix named crash when adding a new zone into the configuration file for a name which was already configured as a member zone for a catalog zone.
Delay DNSSEC key queries until all zones have finished loading.

CVE Fixes - already available as patches:

CVE-2023-2828
CVE-2023-2911

For full release notes, see: https://bind9.readthedocs.io/en/v9.18.18/notes.html#notes-for-bind-9-18-18

While there are behavioral changes in this release, I was unable to find any backwards-incompatible changes. Some features were marked as deprecated, but are still usable as they were before. Other changes are related to performance and timeout management, neither of which should change how bind9 works, but are worth keeping an eye on in case any regressions arise.

[Test Plan]

DEP-8 test results:

simpletest PASS
validation FLAKY non-zero exit status 1
zonetest PASS
dyndb-ldap PASS

validation is known to be broken in its current state, both due to a need for internet access and incorrect output checking, so the failure is expected.

[Other Information]

Note to SRU team: this update must happen together with src:bind-dyndb-ldap, and in a particular order:
- first src:bind9 must be accepted
- once src:bind9 is fully built in all architectures, *then* src:bind-dyndb-ldap can be accepted. In other words, src:bind-dyndb-ldap must build with the new src:bind9 version.
- it is expected that until both packages are in proposed and built in the correct order, DEP8 tests will fail. That's our safeguard against mistakenly releasing them out of sync

[Regression Potential]

Upstream has an extensive build and integration test suite. So regressions would likely arise from a change in interaction with Ubuntu-specific integrations.

See original description

Tags:

Related branches

~lvoytek/ubuntu/+source/bind-dyndb-ldap:MRE-jammy-9.18.18

Merged into ubuntu/+source/bind-dyndb-ldap:ubuntu/jammy-devel at revision 6df2c05c87fad2f73d917fbb694339c60e477755

git-ubuntu bot: Approve on 2023-09-22

Andreas Hasenack: Approve on 2023-09-22

Canonical Server Reporter: Pending requested 2023-09-19

~lvoytek/ubuntu/+source/bind-dyndb-ldap:MRE-lunar-9.18.18

Merged into ubuntu/+source/bind-dyndb-ldap:ubuntu/lunar-devel at revision 2f0515b3ff69b4141d62fa5322754260d4134979

Andreas Hasenack: Approve on 2023-09-22

git-ubuntu bot: Approve on 2023-09-22

Canonical Server Reporter: Pending requested 2023-09-19

~lvoytek/ubuntu/+source/bind9:MRE-jammy-9.18.18

Merged into ubuntu/+source/bind9:ubuntu/jammy-devel at revision 83178ed804297a060fd02dfe569b525e928d5df3

Andreas Hasenack: Approve on 2023-09-22

git-ubuntu bot: Approve on 2023-09-21

Canonical Server Reporter: Pending requested 2023-09-19

Diff: 49386 lines (+14938/-6786)

811 files modified

CHANGES (+264/-0)
CONTRIBUTING.md (+4/-4)
COPYRIGHT (+30/-30)
ChangeLog (+264/-0)
NEWS (+264/-0)
bin/check/named-checkconf.c (+2/-1)
bin/check/named-compilezone.rst (+1/-1)
bin/dig/dig.c (+2/-1)
bin/dig/dighost.c (+24/-17)
bin/dig/dighost.h (+3/-0)
bin/dnssec/dnssec-cds.c (+96/-56)
bin/dnssec/dnssec-settime.rst (+1/-1)
bin/named/builtin.c (+5/-9)
bin/named/config.c (+1/-0)
bin/named/include/named/os.h (+0/-3)
bin/named/include/named/server.h (+1/-1)
bin/named/main.c (+28/-0)
bin/named/os.c (+0/-8)
bin/named/server.c (+96/-50)
bin/named/statschannel.c (+2/-0)
bin/named/zoneconf.c (+98/-78)
bin/nsupdate/nsupdate.c (+28/-17)
bin/nsupdate/nsupdate.rst (+5/-1)
bin/plugins/filter-a.c (+1/-1)
bin/plugins/filter-aaaa.c (+1/-1)
bin/rndc/rndc.c (+7/-3)
bin/rndc/rndc.rst (+6/-2)
bin/tests/system/Makefile.am (+10/-2)
bin/tests/system/Makefile.in (+35/-13)
bin/tests/system/README (+155/-29)
bin/tests/system/acl/ns2/named1.conf.in (+1/-0)
bin/tests/system/acl/ns2/named2.conf.in (+1/-0)
bin/tests/system/acl/ns2/named3.conf.in (+1/-0)
bin/tests/system/acl/ns2/named4.conf.in (+1/-0)
bin/tests/system/acl/ns2/named5.conf.in (+1/-0)
bin/tests/system/acl/ns3/named.conf.in (+1/-0)
bin/tests/system/acl/ns4/named.conf.in (+1/-0)
bin/tests/system/acl/tests.sh (+33/-31)
bin/tests/system/acl/tests_sh_acl.py (+2/-9)
bin/tests/system/additional/ns2/named.conf.in (+1/-0)
bin/tests/system/additional/tests.sh (+28/-26)
bin/tests/system/additional/tests_sh_additional.py (+2/-24)
bin/tests/system/addzone/ns1/named.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named2.conf.in (+1/-0)
bin/tests/system/addzone/ns2/named3.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named1.conf.in (+1/-0)
bin/tests/system/addzone/ns3/named2.conf.in (+1/-0)
bin/tests/system/addzone/tests.sh (+134/-132)
bin/tests/system/addzone/tests_sh_addzone.py (+14/-0)
bin/tests/system/allow-query/ns1/named.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named01.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named02.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named03.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named04.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named05.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named06.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named07.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named08.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named09.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named10.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named11.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named12.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named21.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named22.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named23.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named24.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named25.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named26.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named27.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named28.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named29.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named30.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named31.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named32.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named33.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named34.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named40.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named53.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named54.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named55.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named56.conf.in (+1/-0)
bin/tests/system/allow-query/ns2/named57.conf.in (+1/-0)
bin/tests/system/allow-query/tests.sh (+100/-98)
bin/tests/system/allow-query/tests_sh_allowquery.py (+14/-0)
bin/tests/system/ans.pl (+5/-5)
bin/tests/system/auth/ns1/named.conf.in (+1/-0)
bin/tests/system/auth/ns2/named.conf.in (+1/-0)
bin/tests/system/auth/tests.sh (+31/-29)
bin/tests/system/auth/tests_sh_auth.py (+14/-0)
bin/tests/system/autosign/clean.sh (+1/-2)
bin/tests/system/autosign/ns2/keygen.sh (+8/-0)
bin/tests/system/autosign/ns2/named.conf.in (+9/-0)
bin/tests/system/autosign/ns2/optout-with-ent.db.in (+22/-0)
bin/tests/system/autosign/tests.sh (+58/-10)
bin/tests/system/autosign/tests_sh_autosign.py (+14/-0)
bin/tests/system/builtin/ns1/named.conf.in (+1/-0)
bin/tests/system/builtin/ns2/named.conf.in (+1/-0)
bin/tests/system/builtin/ns3/named.conf.in (+1/-0)
bin/tests/system/builtin/tests.sh (+33/-31)
bin/tests/system/builtin/tests_sh_builtin.py (+14/-0)
bin/tests/system/cacheclean/tests.sh (+39/-37)
bin/tests/system/cacheclean/tests_sh_cacheclean.py (+14/-0)
bin/tests/system/case/ns1/named.conf.in (+1/-0)
bin/tests/system/case/ns2/named.conf.in (+1/-0)
bin/tests/system/case/tests.sh (+23/-21)
bin/tests/system/case/tests_sh_case.py (+14/-0)
bin/tests/system/catz/clean.sh (+1/-0)
bin/tests/system/catz/ns1/named.conf.in (+1/-0)
bin/tests/system/catz/ns2/named1.conf.in (+11/-1)
bin/tests/system/catz/ns2/named2.conf.in (+1/-0)
bin/tests/system/catz/ns3/named.conf.in (+1/-0)
bin/tests/system/catz/ns4/catalog.example.db.in (+14/-0)
bin/tests/system/catz/ns4/named.conf.in (+11/-0)
bin/tests/system/catz/setup.sh (+1/-0)
bin/tests/system/catz/tests.sh (+49/-0)
bin/tests/system/catz/tests_sh_catz.py (+14/-0)
bin/tests/system/cds/setup.sh (+3/-1)
bin/tests/system/cds/tests.sh (+3/-2)
bin/tests/system/cds/tests_sh_cds.py (+14/-0)
bin/tests/system/chain/ans4/ans.py (+1/-1)
bin/tests/system/chain/tests.sh (+73/-71)
bin/tests/system/chain/tests_sh_chain.py (+14/-0)
bin/tests/system/checkconf/clean.sh (+1/-0)
bin/tests/system/checkconf/deprecated.conf (+17/-0)
bin/tests/system/checkconf/dnssec.2 (+1/-1)
bin/tests/system/checkconf/dnssec.3 (+1/-1)
bin/tests/system/checkconf/kasp-bad-keylen.conf (+1/-1)
bin/tests/system/checkconf/tests.sh (+168/-163)
bin/tests/system/checkconf/tests_sh_checkconf.py (+14/-0)
bin/tests/system/checkds/ns2/named.conf.in (+1/-0)
bin/tests/system/checkds/ns4/named.conf.in (+1/-0)
bin/tests/system/checkds/ns5/named.conf.in (+1/-0)
bin/tests/system/checkds/ns6/named.conf.in (+1/-0)
bin/tests/system/checkds/ns7/named.conf.in (+1/-0)
bin/tests/system/checkds/ns9/named.conf.in (+1/-0)
bin/tests/system/checknames/tests.sh (+24/-22)
bin/tests/system/checknames/tests_sh_checknames.py (+14/-0)
bin/tests/system/checkzone/tests.sh (+2/-0)
bin/tests/system/checkzone/tests_sh_checkzone.py (+14/-0)
bin/tests/system/ckdnsrps.sh (+2/-2)
bin/tests/system/conf.sh.common (+18/-16)
bin/tests/system/conf.sh.in (+7/-2)
bin/tests/system/conftest.py (+592/-7)
bin/tests/system/cookie/ans9/ans.py (+2/-0)
bin/tests/system/cookie/ns7/named.conf.in (+1/-0)
bin/tests/system/cookie/tests.sh (+83/-81)
bin/tests/system/cookie/tests_sh_cookie.py (+14/-0)
bin/tests/system/database/tests.sh (+7/-5)
bin/tests/system/database/tests_sh_database.py (+14/-0)
bin/tests/system/dialup/tests.sh (+6/-4)
bin/tests/system/dialup/tests_sh_dialup.py (+14/-0)
bin/tests/system/digdelv/tests.sh (+14/-15)
bin/tests/system/digdelv/tests_sh_digdelv.py (+14/-0)
bin/tests/system/dispatch/ns1/named.conf.in (+1/-0)
bin/tests/system/dispatch/ns2/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/ns1/named.conf.in (+1/-0)
bin/tests/system/dlzexternal/tests.sh (+40/-38)
bin/tests/system/dlzexternal/tests_sh_dlzexternal.py (+14/-0)
bin/tests/system/dns64/tests.sh (+313/-311)
bin/tests/system/dns64/tests_sh_dns64.py (+14/-0)
bin/tests/system/dnssec/ans10/ans.py (+1/-0)
bin/tests/system/dnssec/ns4/named5.conf.in (+1/-0)
bin/tests/system/dnssec/ns5/named2.conf.in (+1/-0)
bin/tests/system/dnssec/tests.sh (+32/-35)
bin/tests/system/dnssec/tests_sh_dnssec.py (+14/-0)
bin/tests/system/dnstap/tests.sh (+177/-150)
bin/tests/system/dnstap/tests_dnstap.py (+2/-2)
bin/tests/system/dnstap/tests_sh_dnstap.py (+14/-0)
bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem (+1/-1)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem (+1/-1)
bin/tests/system/doth/example.axfr.good (+1/-1)
bin/tests/system/doth/example8.axfr.good (+1/-1)
bin/tests/system/doth/tests.sh (+29/-34)
bin/tests/system/doth/tests_sh_doth.py (+14/-0)
bin/tests/system/dsdigest/tests.sh (+5/-3)
bin/tests/system/dsdigest/tests_sh_dsdigest.py (+14/-0)
bin/tests/system/dupsigs/ns1/named.conf.in (+1/-0)
bin/tests/system/dupsigs/ns1/reset_keys.sh (+23/-23)
bin/tests/system/dupsigs/tests.sh (+27/-12)
bin/tests/system/dupsigs/tests_sh_dupsigs.py (+14/-0)
bin/tests/system/dyndb/driver/driver.c (+0/-11)
bin/tests/system/dyndb/ns1/named.conf.in (+1/-0)
bin/tests/system/dyndb/tests.sh (+25/-23)
bin/tests/system/dyndb/tests_sh_dyndb.py (+14/-0)
bin/tests/system/ecdsa/setup.sh (+1/-1)
bin/tests/system/ecdsa/tests_sh_ecdsa.py (+14/-0)
bin/tests/system/eddsa/tests_sh_eddsa.py (+14/-0)
bin/tests/system/ednscompliance/ns1/named.conf.in (+1/-0)
bin/tests/system/ednscompliance/tests.sh (+21/-19)
bin/tests/system/ednscompliance/tests_sh_ednscompliance.py (+14/-0)
bin/tests/system/emptyzones/ns1/named1.conf.in (+1/-0)
bin/tests/system/emptyzones/ns1/named2.conf.in (+1/-0)
bin/tests/system/emptyzones/tests.sh (+6/-4)
bin/tests/system/emptyzones/tests_sh_emptyzones.py (+14/-0)
bin/tests/system/enginepkcs11/tests.sh (+2/-0)
bin/tests/system/enginepkcs11/tests_sh_enginepkcs11.py (+14/-0)
bin/tests/system/feature-test.c (+16/-0)
bin/tests/system/fetchlimit/ans4/ans.pl (+4/-0)
bin/tests/system/fetchlimit/clean.sh (+5/-3)
bin/tests/system/fetchlimit/ns5/named1.conf.in (+46/-0)
bin/tests/system/fetchlimit/ns5/named2.conf.in (+49/-0)
bin/tests/system/fetchlimit/ns5/root.hint (+14/-0)
bin/tests/system/fetchlimit/setup.sh (+1/-0)
bin/tests/system/fetchlimit/tests.sh (+185/-59)
bin/tests/system/fetchlimit/tests_sh_fetchlimit.py (+14/-0)
bin/tests/system/filter-aaaa/ns1/sign.sh (+1/-1)
bin/tests/system/filter-aaaa/tests.sh (+280/-278)
bin/tests/system/filter-aaaa/tests_sh_filter_aaaa.py (+14/-0)
bin/tests/system/formerr/clean.sh (+3/-3)
bin/tests/system/formerr/formerr.pl (+1/-1)
bin/tests/system/formerr/ns1/named.conf.in (+1/-0)
bin/tests/system/formerr/tests.sh (+8/-6)
bin/tests/system/formerr/tests_sh_formerr.py (+14/-0)
bin/tests/system/forward/ans11/ans.py (+1/-0)
bin/tests/system/forward/ns10/named.conf.in (+1/-0)
bin/tests/system/forward/tests.sh (+4/-2)
bin/tests/system/forward/tests_sh_forward.py (+14/-0)
bin/tests/system/genzone.sh (+7/-7)
bin/tests/system/geoip2/tests.sh (+75/-73)
bin/tests/system/geoip2/tests_sh_geoip2.py (+14/-0)
bin/tests/system/get_algorithms.py (+3/-4)
bin/tests/system/get_core_dumps.sh (+12/-8)
bin/tests/system/glue/ns1/named.conf.in (+1/-0)
bin/tests/system/glue/tests.sh (+2/-0)
bin/tests/system/glue/tests_sh_glue.py (+14/-0)
bin/tests/system/hooks/tests_async_plugin.py (+27/-0)
bin/tests/system/host/ns1/named.conf.in (+1/-0)
bin/tests/system/host/tests_sh_host.py (+14/-0)
bin/tests/system/idna/tests.sh (+8/-7)
bin/tests/system/idna/tests_sh_idna.py (+14/-0)
bin/tests/system/ifconfig.sh.in (+0/-8)
bin/tests/system/include-multiplecfg/ns2/named.conf.in (+1/-0)
bin/tests/system/include-multiplecfg/tests.sh (+9/-8)
bin/tests/system/include-multiplecfg/tests_sh_include_multiplecfg.py (+14/-0)
bin/tests/system/inline/ns2/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/named.conf.in (+1/-0)
bin/tests/system/inline/ns3/sign.sh (+2/-2)
bin/tests/system/inline/ns4/named.conf.in (+1/-0)
bin/tests/system/inline/ns6/named.conf.in (+1/-0)
bin/tests/system/inline/ns8/named.conf.in (+1/-0)
bin/tests/system/inline/tests.sh (+155/-141)
bin/tests/system/inline/tests_sh_inline.py (+14/-0)
bin/tests/system/inline/tests_signed_zone_files.py (+0/-1)
bin/tests/system/integrity/ns1/named.conf.in (+1/-0)
bin/tests/system/integrity/tests.sh (+26/-24)
bin/tests/system/integrity/tests_sh_integrity.py (+14/-0)
bin/tests/system/ixfr/ns1/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns3/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns4/named.conf.in (+1/-0)
bin/tests/system/ixfr/ns5/named.conf.in (+1/-0)
bin/tests/system/ixfr/tests.sh (+6/-4)
bin/tests/system/ixfr/tests_sh_ixfr.py (+14/-0)
bin/tests/system/journal/tests.sh (+45/-43)
bin/tests/system/journal/tests_sh_journal.py (+14/-0)
bin/tests/system/kasp.sh (+11/-4)
bin/tests/system/kasp/ns2/named.conf.in (+1/-0)
bin/tests/system/kasp/ns3/named-fips.conf.in (+12/-0)
bin/tests/system/kasp/ns3/setup.sh (+41/-0)
bin/tests/system/kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/kasp/ns5/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named.conf.in (+1/-0)
bin/tests/system/kasp/ns6/named2.conf.in (+1/-0)
bin/tests/system/kasp/tests.sh (+78/-5)
bin/tests/system/kasp/tests_sh_kasp.py (+14/-0)
bin/tests/system/keepalive/ns1/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns2/named.conf.in (+1/-0)
bin/tests/system/keepalive/ns3/named.conf.in (+1/-0)
bin/tests/system/keepalive/tests.sh (+22/-20)
bin/tests/system/keepalive/tests_sh_keepalive.py (+14/-0)
bin/tests/system/keyfromlabel/tests.sh (+2/-0)
bin/tests/system/keyfromlabel/tests_sh_keyfromlabel.py (+14/-0)
bin/tests/system/keymgr2kasp/ns3/kasp.conf.in (+20/-0)
bin/tests/system/keymgr2kasp/ns3/named.conf.in (+8/-0)
bin/tests/system/keymgr2kasp/ns3/named2.conf.in (+8/-0)
bin/tests/system/keymgr2kasp/ns3/setup.sh (+17/-0)
bin/tests/system/keymgr2kasp/ns4/named.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/ns4/named2.conf.in (+1/-0)
bin/tests/system/keymgr2kasp/tests.sh (+139/-0)
bin/tests/system/keymgr2kasp/tests_sh_keymgr2kasp.py (+14/-0)
bin/tests/system/legacy.run.sh.in (+2/-2)
bin/tests/system/legacy/ns6/sign.sh (+2/-2)
bin/tests/system/legacy/ns7/sign.sh (+2/-2)
bin/tests/system/legacy/tests.sh (+45/-43)
bin/tests/system/legacy/tests_sh_legacy.py (+14/-0)
bin/tests/system/limits/ns1/named.conf.in (+1/-0)
bin/tests/system/limits/tests.sh (+2/-0)
bin/tests/system/limits/tests_sh_limits.py (+14/-0)
bin/tests/system/logfileconfig/clean.sh (+2/-0)
bin/tests/system/logfileconfig/ns1/named.abspathconf.in (+52/-0)
bin/tests/system/logfileconfig/ns1/named.incconf.in (+52/-0)
bin/tests/system/logfileconfig/tests.sh (+58/-0)
bin/tests/system/logfileconfig/tests_sh_logfileconfig.py (+14/-0)
bin/tests/system/masterfile/ns1/named.conf.in (+1/-0)
bin/tests/system/masterfile/tests.sh (+10/-8)
bin/tests/system/masterfile/tests_sh_masterfile.py (+14/-0)
bin/tests/system/masterformat/ns1/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns2/named.conf.in (+1/-0)
bin/tests/system/masterformat/ns3/named.conf.in (+1/-0)
bin/tests/system/masterformat/tests.sh (+3/-2)
bin/tests/system/masterformat/tests_sh_masterformat.py (+14/-0)
bin/tests/system/metadata/clean.sh (+1/-1)
bin/tests/system/metadata/tests.sh (+12/-15)
bin/tests/system/metadata/tests_sh_metadata.py (+14/-0)
bin/tests/system/mirror/ns1/named.conf.in (+1/-0)
bin/tests/system/mirror/ns2/named.conf.in (+1/-0)
bin/tests/system/mirror/ns3/named.conf.in (+1/-0)
bin/tests/system/mirror/tests.sh (+2/-0)
bin/tests/system/mirror/tests_sh_mirror.py (+14/-0)
bin/tests/system/mkeys/clean.sh (+7/-2)
bin/tests/system/mkeys/ns1/named1.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/named2.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/named3.conf.in (+10/-0)
bin/tests/system/mkeys/ns1/root.db (+3/-0)
bin/tests/system/mkeys/ns1/sign.sh (+18/-0)
bin/tests/system/mkeys/ns1/sub.tld.db (+21/-0)
bin/tests/system/mkeys/ns1/tld.db (+23/-0)
bin/tests/system/mkeys/ns4/named.conf.in (+5/-0)
bin/tests/system/mkeys/ns4/sign.sh (+24/-0)
bin/tests/system/mkeys/ns4/sub.foo.db (+21/-0)
bin/tests/system/mkeys/ns5/foo.db (+23/-0)
bin/tests/system/mkeys/ns5/named.conf.in (+8/-0)
bin/tests/system/mkeys/setup.sh (+1/-0)
bin/tests/system/mkeys/tests.sh (+60/-14)
bin/tests/system/mkeys/tests_sh_mkeys.py (+14/-0)
bin/tests/system/names/ns1/named.conf.in (+1/-0)
bin/tests/system/names/tests.sh (+8/-7)
bin/tests/system/names/tests_sh_names.py (+14/-0)
bin/tests/system/notify/ns1/named.conf.in (+1/-0)
bin/tests/system/notify/ns2/named.conf.in (+6/-4)
bin/tests/system/notify/ns3/named.conf.in (+7/-0)
bin/tests/system/notify/ns3/notify-source-port-test.db (+22/-0)
bin/tests/system/notify/ns4/named.conf.in (+1/-0)
bin/tests/system/notify/ns5/named.conf.in (+1/-0)
bin/tests/system/notify/tests.sh (+6/-1)
bin/tests/system/notify/tests_sh_notify.py (+14/-0)
bin/tests/system/nsec3/ns2/named.conf.in (+1/-0)
bin/tests/system/nsec3/tests.sh (+3/-7)
bin/tests/system/nsec3/tests_sh_nsec3.py (+14/-0)
bin/tests/system/nslookup/ns1/named.conf.in (+1/-0)
bin/tests/system/nslookup/tests.sh (+18/-0)
bin/tests/system/nslookup/tests_sh_nslookup.py (+14/-0)
bin/tests/system/nsupdate/ans4/ans.pl (+5/-0)
bin/tests/system/nsupdate/clean.sh (+2/-0)
bin/tests/system/nsupdate/krb/setup.sh (+4/-4)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-157.+157+23571.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-161.+161+23350.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-162.+162+00032.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-163.+163+48857.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-164.+164+09001.private (+7/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.key (+1/-0)
bin/tests/system/nsupdate/ns1/legacy/Klegacy-165.+165+61012.private (+7/-0)
bin/tests/system/nsupdate/ns1/named.conf.in (+13/-0)
bin/tests/system/nsupdate/ns10/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns2/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns5/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns6/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns7/named1.conf.in (+52/-0)
bin/tests/system/nsupdate/ns7/named2.conf.in (+1/-0)
bin/tests/system/nsupdate/ns8/named.conf.in (+1/-0)
bin/tests/system/nsupdate/ns9/named.conf.in (+1/-0)
bin/tests/system/nsupdate/setup.sh (+17/-2)
bin/tests/system/nsupdate/tests.sh (+239/-99)
bin/tests/system/nsupdate/tests_sh_nsupdate.py (+14/-0)
bin/tests/system/nzd2nzf/ns1/named.conf.in (+1/-0)
bin/tests/system/nzd2nzf/tests.sh (+2/-0)
bin/tests/system/nzd2nzf/tests_sh_nzd2nzf.py (+14/-0)
bin/tests/system/padding/ns1/named.conf.in (+1/-0)
bin/tests/system/padding/ns2/named.conf.in (+1/-0)
bin/tests/system/padding/ns3/named.conf.in (+1/-0)
bin/tests/system/padding/ns4/named.conf.in (+1/-0)
bin/tests/system/padding/tests.sh (+27/-25)
bin/tests/system/padding/tests_sh_padding.py (+14/-0)
bin/tests/system/parallel.sh (+1/-1)
bin/tests/system/pending/ns1/named.conf.in (+1/-0)
bin/tests/system/pending/ns1/sign.sh (+1/-1)
bin/tests/system/pending/ns4/named.conf.in (+1/-0)
bin/tests/system/pending/tests.sh (+36/-34)
bin/tests/system/pending/tests_sh_pending.py (+14/-0)
bin/tests/system/pipelined/tests.sh (+8/-6)
bin/tests/system/pipelined/tests_sh_pipelined.py (+14/-0)
bin/tests/system/pytest.ini (+20/-0)
bin/tests/system/qmin/tests.sh (+14/-15)
bin/tests/system/qmin/tests_sh_qmin.py (+14/-0)
bin/tests/system/reclimit/tests.sh (+29/-27)
bin/tests/system/reclimit/tests_sh_reclimit.py (+14/-0)
bin/tests/system/redirect/ns5/named.conf.in (+1/-0)
bin/tests/system/redirect/ns6/named.conf.in (+1/-0)
bin/tests/system/redirect/tests.sh (+122/-120)
bin/tests/system/redirect/tests_sh_redirect.py (+14/-0)
bin/tests/system/resolver/ans10/ans.py (+152/-0)
bin/tests/system/resolver/ns4/root.db (+2/-0)
bin/tests/system/resolver/tests.sh (+29/-15)
bin/tests/system/resolver/tests_sh_resolver.py (+14/-0)
bin/tests/system/rndc/ns2/named.conf.in (+1/-0)
bin/tests/system/rndc/ns3/named.conf.in (+1/-0)
bin/tests/system/rndc/ns5/named.conf.in (+1/-0)
bin/tests/system/rndc/ns6/named.args (+1/-1)
bin/tests/system/rndc/ns6/named.conf.in (+1/-0)
bin/tests/system/rndc/ns7/named.conf.in (+1/-0)
bin/tests/system/rndc/setup.sh (+1/-1)
bin/tests/system/rndc/tests.sh (+26/-20)
bin/tests/system/rndc/tests_sh_rndc.py (+14/-0)
bin/tests/system/rootkeysentinel/ns2/sign.sh (+4/-7)
bin/tests/system/rootkeysentinel/tests.sh (+46/-46)
bin/tests/system/rootkeysentinel/tests_sh_rootkeysentinel.py (+14/-0)
bin/tests/system/rpz/clean.sh (+1/-1)
bin/tests/system/rpz/ns1/named.conf.in (+1/-0)
bin/tests/system/rpz/ns3/named.conf.in (+10/-0)
bin/tests/system/rpz/qperf.sh (+2/-2)
bin/tests/system/rpz/tests.sh (+77/-61)
bin/tests/system/rpz/tests_sh_rpz.py (+14/-0)
bin/tests/system/rpzextra/clean.sh (+1/-0)
bin/tests/system/rpzextra/ns2/gooddomain.db (+27/-0)
bin/tests/system/rpzextra/ns2/named.conf.in (+11/-0)
bin/tests/system/rpzextra/ns2/rpz-external.local.db (+26/-0)
bin/tests/system/rpzextra/ns3/external-rpz.local.db (+29/-0)
bin/tests/system/rpzextra/ns3/fourth-rpz-extra.local.db (+32/-0)
bin/tests/system/rpzextra/ns3/named.conf.in (+147/-0)
bin/tests/system/rpzextra/ns3/root.db (+3/-0)
bin/tests/system/rpzextra/ns3/third-rpz-extra.local.db (+26/-0)
bin/tests/system/rpzextra/setup.sh (+1/-1)
bin/tests/system/rpzextra/tests_rpzextra.py (+143/-0)
bin/tests/system/rpzrecurse/setup.sh (+6/-6)
bin/tests/system/rpzrecurse/tests.sh (+56/-52)
bin/tests/system/rpzrecurse/tests_sh_rpzrecurse.py (+14/-0)
bin/tests/system/rrchecker/tests.sh (+12/-10)
bin/tests/system/rrchecker/tests_sh_rrchecker.py (+14/-0)
bin/tests/system/rrl/broken.conf.in (+1/-0)
bin/tests/system/rrl/tests.sh (+24/-22)
bin/tests/system/rrl/tests_sh_rrl.py (+14/-0)
bin/tests/system/rrsetorder/tests.sh (+7/-5)
bin/tests/system/rrsetorder/tests_sh_rrsetorder.py (+14/-0)
bin/tests/system/rsabigexponent/ns1/root.db.in (+1/-1)
bin/tests/system/rsabigexponent/ns1/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/ns2/named.conf.in (+1/-0)
bin/tests/system/rsabigexponent/ns2/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/tests.sh (+6/-4)
bin/tests/system/rsabigexponent/tests_sh_rsabigexponent.py (+14/-0)
bin/tests/system/run.sh (+27/-0)
bin/tests/system/runall.sh (+1/-1)
bin/tests/system/runsequential.sh (+1/-1)
bin/tests/system/runtime/ns2/named-alt4.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt5.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt6.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt7.conf.in (+1/-0)
bin/tests/system/runtime/ns2/named-alt9.conf.in (+1/-0)
bin/tests/system/runtime/setup.sh (+1/-1)
bin/tests/system/runtime/tests.sh (+9/-9)
bin/tests/system/runtime/tests_sh_runtime.py (+14/-0)
bin/tests/system/serve-stale/ans2/ans.pl (+54/-0)
bin/tests/system/serve-stale/ns1/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named2.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named3.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns1/root.db (+2/-0)
bin/tests/system/serve-stale/ns3/named1.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named2.conf.in (+4/-3)
bin/tests/system/serve-stale/ns3/named4.conf.in (+1/-0)
bin/tests/system/serve-stale/ns3/named8.conf.in (+1/-0)
bin/tests/system/serve-stale/ns4/named.conf.in (+1/-0)
bin/tests/system/serve-stale/ns5/named.conf.in (+1/-0)
bin/tests/system/serve-stale/tests.sh (+142/-31)
bin/tests/system/serve-stale/tests_sh_serve_stale.py (+14/-0)
bin/tests/system/sfcache/tests.sh (+2/-2)
bin/tests/system/sfcache/tests_sh_sfcache.py (+14/-0)
bin/tests/system/shutdown/tests_shutdown.py (+49/-47)
bin/tests/system/smartsign/tests.sh (+2/-0)
bin/tests/system/smartsign/tests_sh_smartsign.py (+14/-0)
bin/tests/system/sortlist/ns1/named.conf.in (+1/-0)
bin/tests/system/sortlist/tests.sh (+2/-0)
bin/tests/system/sortlist/tests_sh_sortlist.py (+14/-0)
bin/tests/system/spf/ns1/named.conf.in (+1/-0)
bin/tests/system/spf/tests.sh (+4/-2)
bin/tests/system/spf/tests_sh_spf.py (+14/-0)
bin/tests/system/start.pl (+2/-2)
bin/tests/system/staticstub/ns3/sign.sh (+1/-1)
bin/tests/system/staticstub/tests.sh (+36/-34)
bin/tests/system/staticstub/tests_sh_staticstub.py (+14/-0)
bin/tests/system/statistics/ns2/named2.conf.in (+1/-0)
bin/tests/system/statistics/tests.sh (+47/-43)
bin/tests/system/statistics/tests_sh_statistics.py (+14/-0)
bin/tests/system/statschannel/fetch.pl (+1/-1)
bin/tests/system/statschannel/generic.py (+0/-4)
bin/tests/system/statschannel/generic_dnspython.py (+0/-3)
bin/tests/system/statschannel/ns1/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named.conf.in (+1/-0)
bin/tests/system/statschannel/ns2/named2.conf.in (+1/-0)
bin/tests/system/statschannel/ns3/named.conf.in (+1/-0)
bin/tests/system/statschannel/tests.sh (+90/-28)
bin/tests/system/statschannel/tests_json.py (+2/-3)
bin/tests/system/statschannel/tests_sh_statschannel.py (+14/-0)
bin/tests/system/statschannel/tests_xml.py (+2/-2)
bin/tests/system/stop.pl (+2/-8)
bin/tests/system/stress/setup.pl (+2/-2)
bin/tests/system/stress/tests.sh (+3/-1)
bin/tests/system/stress/tests_sh_stress.py (+14/-0)
bin/tests/system/stub/ns1/named.conf.in (+1/-0)
bin/tests/system/stub/ns2/named.conf.in (+1/-0)
bin/tests/system/stub/ns3/named.conf.in (+1/-0)
bin/tests/system/stub/tests.sh (+2/-0)
bin/tests/system/stub/tests_sh_stub.py (+14/-0)
bin/tests/system/synthfromdnssec/tests.sh (+2/-0)
bin/tests/system/synthfromdnssec/tests_sh_synthfromdnssec.py (+14/-0)
bin/tests/system/tcp/ns1/named.conf.in (+1/-0)
bin/tests/system/tcp/ns2/named.conf.in (+1/-0)
bin/tests/system/tcp/ns3/named.conf.in (+1/-0)
bin/tests/system/tcp/ns4/named.conf.in (+1/-0)
bin/tests/system/tcp/ns7/named.conf.in (+1/-0)
bin/tests/system/tcp/tests_sh_tcp.py (+14/-0)
bin/tests/system/tcp/tests_tcp.py (+0/-4)
bin/tests/system/timeouts/ns1/named.conf.in (+1/-0)
bin/tests/system/tkey/ns1/named.conf.in (+1/-0)
bin/tests/system/tkey/tests_sh_tkey.py (+14/-0)
bin/tests/system/tools/tests.sh (+32/-29)
bin/tests/system/tools/tests_sh_tools.py (+14/-0)
bin/tests/system/transport-acl/tests.sh (+2/-0)
bin/tests/system/transport-acl/tests_sh_transport_acl.py (+14/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-md5-legacy.+157+22023.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha1-legacy.+161+50591.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha224-legacy.+162+50865.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha256-legacy.+163+38999.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha384-legacy.+164+56610.private (+7/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.key (+1/-0)
bin/tests/system/tsig/ns1/legacy/Khmac-sha512-legacy.+165+22767.private (+7/-0)
bin/tests/system/tsig/ns1/named.conf.in (+28/-7)
bin/tests/system/tsig/setup.sh (+21/-0)
bin/tests/system/tsig/tests.sh (+102/-26)
bin/tests/system/tsig/tests_sh_tsig.py (+14/-0)
bin/tests/system/tsiggss/ns1/example.nil.db.in (+1/-1)
bin/tests/system/tsiggss/ns1/named.conf.in (+1/-0)
bin/tests/system/tsiggss/setup.sh (+1/-1)
bin/tests/system/tsiggss/tests.sh (+9/-7)
bin/tests/system/tsiggss/tests_isc_spnego_flaws.py (+219/-0)
bin/tests/system/tsiggss/tests_sh_tsiggss.py (+14/-0)
bin/tests/system/ttl/clean.sh (+1/-5)
bin/tests/system/ttl/ns1/named.conf.in (+1/-0)
bin/tests/system/ttl/setup.sh (+0/-1)
bin/tests/system/ttl/tests_cache_ttl.py (+32/-0)
bin/tests/system/unknown/ns1/named.conf.in (+1/-0)
bin/tests/system/unknown/ns2/named.conf.in (+1/-0)
bin/tests/system/unknown/ns3/named.conf.in (+1/-0)
bin/tests/system/unknown/tests.sh (+40/-33)
bin/tests/system/unknown/tests_sh_unknown.py (+14/-0)
bin/tests/system/upforwd/ans4/ans.pl (+5/-5)
bin/tests/system/upforwd/ns1/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns2/named.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named1.conf.in (+1/-0)
bin/tests/system/upforwd/ns3/named2.conf.in (+1/-0)
bin/tests/system/upforwd/tests.sh (+74/-72)
bin/tests/system/upforwd/tests_sh_upforwd.py (+14/-0)
bin/tests/system/verify/tests.sh (+8/-6)
bin/tests/system/verify/tests_sh_verify.py (+14/-0)
bin/tests/system/views/ns1/named.conf.in (+1/-0)
bin/tests/system/views/ns2/named1.conf.in (+1/-0)
bin/tests/system/views/ns2/named2.conf.in (+1/-0)
bin/tests/system/views/ns2/named3.conf.in (+1/-0)
bin/tests/system/views/ns3/named1.conf.in (+1/-0)
bin/tests/system/views/ns3/named2.conf.in (+1/-0)
bin/tests/system/views/ns5/named.conf.in (+1/-0)
bin/tests/system/views/tests_sh_views.py (+14/-0)
bin/tests/system/wildcard/tests.sh (+54/-52)
bin/tests/system/wildcard/tests_sh_wildcard.py (+14/-0)
bin/tests/system/xfer/clean.sh (+1/-0)
bin/tests/system/xfer/ns1/axfr-max-idle-time.db (+15/-0)
bin/tests/system/xfer/ns1/axfr-max-transfer-time.db (+15/-0)
bin/tests/system/xfer/ns1/named1.conf.in (+11/-0)
bin/tests/system/xfer/ns1/named2.conf.in (+10/-43)
bin/tests/system/xfer/ns1/named3.conf.in (+41/-0)
bin/tests/system/xfer/ns2/named.conf.in (+1/-0)
bin/tests/system/xfer/ns3/named.conf.in (+2/-0)
bin/tests/system/xfer/ns6/named.args (+1/-0)
bin/tests/system/xfer/ns6/named.conf.in (+16/-0)
bin/tests/system/xfer/ns7/named.conf.in (+1/-0)
bin/tests/system/xfer/ns8/named.conf.in (+1/-0)
bin/tests/system/xfer/setup.sh (+1/-1)
bin/tests/system/xfer/tests.sh (+54/-4)
bin/tests/system/xfer/tests_sh_xfer.py (+14/-0)
bin/tests/system/xferquota/ns1/named.conf.in (+1/-0)
bin/tests/system/xferquota/ns2/named.conf.in (+1/-0)
bin/tests/system/xferquota/tests.sh (+6/-4)
bin/tests/system/xferquota/tests_sh_xferquota.py (+14/-0)
bin/tests/system/zero/tests.sh (+3/-1)
bin/tests/system/zero/tests_sh_zero.py (+14/-0)
bin/tests/system/zonechecks/tests.sh (+30/-28)
bin/tests/system/zonechecks/tests_sh_zonechecks.py (+14/-0)
bin/tools/named-rrchecker.c (+13/-3)
config.h.in (+0/-12)
configure (+187/-120)
configure.ac (+16/-47)
contrib/README (+1/-1)
contrib/dlz/modules/bdbhpt/testing/bdbhpt-populate.pl (+3/-3)
contrib/dlz/modules/ldap/testing/slapd.conf (+2/-2)
contrib/dlz/modules/mysqldyn/README (+1/-1)
contrib/scripts/zone-edit.sh.in (+4/-4)
debian/changelog (+47/-0)
debian/patches/CVE-2023-3341.patch (+11/-14)
debian/patches/series (+0/-2)
debian/tests/control (+9/-0)
debian/tests/dyndb-ldap (+280/-0)
dev/null (+0/-171)
doc/Makefile.am (+2/-0)
doc/Makefile.in (+6/-5)
doc/arm/Makefile.in (+1/-1)
doc/arm/build.inc.rst (+6/-4)
doc/arm/dns-ops.inc.rst (+1/-1)
doc/arm/index.rst (+3/-0)
doc/arm/intro-dns-bind.inc.rst (+53/-53)
doc/arm/intro-security.inc.rst (+31/-31)
doc/arm/introduction.inc.rst (+6/-6)
doc/arm/logging-categories.inc.rst (+10/-10)
doc/arm/notes.rst (+6/-0)
doc/arm/platforms.inc.rst (+5/-5)
doc/arm/reference.rst (+111/-33)
doc/arm/requirements.txt (+3/-3)
doc/arm/security.inc.rst (+1/-1)
doc/arm/troubleshooting.inc.rst (+1/-1)
doc/arm/zones.inc.rst (+1/-0)
doc/dnssec-guide/introduction.rst (+2/-2)
doc/dnssec-guide/preface.rst (+1/-1)
doc/dnssec-guide/recipes.rst (+3/-3)
doc/dnssec-guide/signing.rst (+2/-2)
doc/dnssec-guide/troubleshooting.rst (+3/-3)
doc/dnssec-guide/validation.rst (+0/-2)
doc/man/Makefile.am (+6/-5)
doc/man/Makefile.in (+31/-34)
doc/man/ddns-confgen.8in (+4/-4)
doc/man/delv.1in (+13/-13)
doc/man/dig.1in (+6/-6)
doc/man/dnssec-dsfromkey.1in (+1/-1)
doc/man/dnssec-importkey.1in (+1/-1)
doc/man/dnssec-keygen.1in (+1/-1)
doc/man/dnssec-signzone.1in (+5/-5)
doc/man/filter-a.8in (+2/-2)
doc/man/filter-aaaa.8in (+2/-2)
doc/man/host.1in (+3/-3)
doc/man/mdig.1in (+10/-10)
doc/man/named-checkconf.1in (+1/-1)
doc/man/named-checkzone.1in (+2/-2)
doc/man/named-compilezone.1in (+3/-3)
doc/man/named.conf.5in (+12/-12)
doc/man/nsec3hash.1in (+1/-1)
doc/man/nsupdate.1in (+5/-1)
doc/man/rndc.8in (+15/-11)
doc/man/rndc.conf.5in (+7/-7)
doc/man/tsig-keygen.8in (+1/-1)
doc/misc/forward.zoneopt (+1/-1)
doc/misc/hint.zoneopt (+1/-1)
doc/misc/options (+6/-6)
doc/misc/primary.zoneopt (+1/-1)
doc/misc/secondary.zoneopt (+1/-1)
doc/misc/stub.zoneopt (+2/-2)
doc/notes/notes-9.18.13.rst (+75/-0)
doc/notes/notes-9.18.14.rst (+46/-0)
doc/notes/notes-9.18.15.rst (+57/-0)
doc/notes/notes-9.18.16.rst (+72/-0)
doc/notes/notes-9.18.17.rst (+42/-0)
doc/notes/notes-9.18.18.rst (+47/-0)
doc/notes/notes-known-issues.rst (+11/-0)
lib/bind9/check.c (+15/-7)
lib/bind9/include/bind9/check.h (+3/-1)
lib/dns/adb.c (+43/-25)
lib/dns/catz.c (+710/-487)
lib/dns/clientinfo.c (+6/-2)
lib/dns/dispatch.c (+48/-33)
lib/dns/dnssec.c (+11/-5)
lib/dns/dst_api.c (+126/-66)
lib/dns/dst_internal.h (+10/-0)
lib/dns/dst_parse.c (+20/-18)
lib/dns/dyndb.c (+5/-5)
lib/dns/hmac_link.c (+13/-1)
lib/dns/include/dns/catz.h (+86/-95)
lib/dns/include/dns/clientinfo.h (+12/-2)
lib/dns/include/dns/dnssec.h (+2/-1)
lib/dns/include/dns/dyndb.h (+1/-1)
lib/dns/include/dns/kasp.h (+4/-2)
lib/dns/include/dns/message.h (+1/-0)
lib/dns/include/dns/rdataset.h (+8/-0)
lib/dns/include/dns/resolver.h (+32/-45)
lib/dns/include/dns/rpz.h (+59/-51)
lib/dns/include/dns/stats.h (+4/-3)
lib/dns/include/dns/tsig.h (+3/-1)
lib/dns/include/dns/view.h (+14/-1)
lib/dns/include/dns/xfrin.h (+1/-0)
lib/dns/include/dns/zone.h (+6/-0)
lib/dns/include/dst/dst.h (+16/-6)
lib/dns/kasp.c (+7/-1)
lib/dns/keymgr.c (+39/-20)
lib/dns/keytable.c (+7/-4)
lib/dns/master.c (+1/-1)
lib/dns/nsec3.c (+3/-2)
lib/dns/rbtdb.c (+65/-41)
lib/dns/rdataset.c (+0/-2)
lib/dns/request.c (+13/-8)
lib/dns/resolver.c (+165/-116)
lib/dns/result.c (+64/-33)
lib/dns/rpz.c (+595/-755)
lib/dns/tkey.c (+1/-1)
lib/dns/tsig.c (+18/-8)
lib/dns/validator.c (+35/-11)
lib/dns/view.c (+97/-10)
lib/dns/xfrin.c (+122/-18)
lib/dns/zone.c (+90/-47)
lib/irs/resconf.c (+4/-4)
lib/isc/Makefile.am (+0/-6)
lib/isc/Makefile.in (+40/-80)
lib/isc/errno2result.c (+1/-0)
lib/isc/hmac.c (+1/-0)
lib/isc/httpd.c (+34/-17)
lib/isc/include/isc/os.h (+9/-2)
lib/isc/include/isc/result.h (+7/-5)
lib/isc/include/isc/types.h (+0/-2)
lib/isc/include/isc/util.h (+10/-0)
lib/isc/lib.c (+0/-1)
lib/isc/log.c (+91/-68)
lib/isc/mem.c (+0/-1)
lib/isc/netmgr/netmgr-int.h (+4/-3)
lib/isc/netmgr/netmgr.c (+23/-9)
lib/isc/netmgr/tlsstream.c (+6/-2)
lib/isc/netmgr/uverr2result.c (+7/-5)
lib/isc/os.c (+14/-0)
lib/isc/radix.c (+3/-3)
lib/isc/result.c (+3/-0)
lib/isccfg/namedconf.c (+8/-5)
lib/ns/client.c (+17/-11)
lib/ns/include/ns/client.h (+1/-0)
lib/ns/include/ns/server.h (+19/-16)
lib/ns/query.c (+84/-49)
lib/ns/server.c (+0/-1)
lib/ns/update.c (+2/-2)
lib/ns/xfrout.c (+33/-0)
srcid (+1/-1)
tests/dns/acl_test.c (+1/-0)
tests/dns/db_test.c (+1/-0)
tests/dns/dbdiff_test.c (+1/-0)
tests/dns/dbiterator_test.c (+1/-0)
tests/dns/dbversion_test.c (+1/-0)
tests/dns/dh_test.c (+8/-0)
tests/dns/dns64_test.c (+1/-0)
tests/dns/dst_test.c (+8/-0)
tests/dns/geoip_test.c (+1/-0)
tests/dns/master_test.c (+1/-0)
tests/dns/nsec3_test.c (+1/-0)
tests/dns/nsec3param_test.c (+1/-0)
tests/dns/rbtdb_test.c (+170/-0)
tests/dns/rdata_test.c (+1/-0)
tests/dns/rdataset_test.c (+1/-0)
tests/dns/resolver_test.c (+1/-0)
tests/dns/rsa_test.c (+8/-0)
tests/dns/sigs_test.c (+1/-0)
tests/dns/tsig_test.c (+1/-0)
tests/dns/zonemgr_test.c (+1/-0)
tests/dns/zt_test.c (+1/-0)
tests/irs/resconf_test.c (+1/-0)
tests/isc/aes_test.c (+1/-0)
tests/isc/buffer_test.c (+1/-0)
tests/isc/counter_test.c (+1/-0)
tests/isc/crc64_test.c (+1/-0)
tests/isc/doh_test.c (+31/-25)
tests/isc/errno_test.c (+1/-0)
tests/isc/file_test.c (+1/-0)
tests/isc/heap_test.c (+1/-0)
tests/isc/hmac_test.c (+8/-0)
tests/isc/ht_test.c (+2/-2)
tests/isc/lex_test.c (+1/-0)
tests/isc/md_test.c (+1/-0)
tests/isc/netaddr_test.c (+1/-0)
tests/isc/netmgr_test.c (+8/-0)
tests/isc/pool_test.c (+1/-0)
tests/isc/quota_test.c (+1/-0)
tests/isc/radix_test.c (+51/-0)
tests/isc/regex_test.c (+1/-0)
tests/isc/result_test.c (+1/-0)
tests/isc/safe_test.c (+1/-0)
tests/isc/siphash_test.c (+1/-0)
tests/isc/sockaddr_test.c (+1/-0)
tests/isc/stats_test.c (+1/-0)
tests/isc/symtab_test.c (+1/-0)
tests/isc/taskpool_test.c (+1/-0)
tests/isc/time_test.c (+1/-0)
tests/isccfg/duration_test.c (+1/-1)
tests/isccfg/parser_test.c (+1/-0)
tests/ns/listenlist_test.c (+2/-2)
tests/ns/notify_test.c (+2/-2)
tests/ns/plugin_test.c (+1/-0)
tests/ns/query_test.c (+1/-2)
tests/unit-test-driver.sh.in (+2/-2)

~lvoytek/ubuntu/+source/bind9:MRE-lunar-9.18.18

Merged into ubuntu/+source/bind9:ubuntu/lunar-devel at revision e394e1303d42519ca36879abe5301394d7e8bc4a

Andreas Hasenack: Approve on 2023-09-22

git-ubuntu bot: Approve on 2023-09-20

Canonical Server Reporter: Pending requested 2023-09-19

Diff: 49388 lines (+14938/-6786)

811 files modified

CVE References

Bryce Harrington (bryce) on 2023-07-22

Changed in bind9 (Ubuntu):
milestone:	none → ubuntu-23.08

Lena Voytek (lvoytek) on 2023-08-02

Changed in bind9 (Ubuntu Focal):
assignee:	nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Jammy):
assignee:	nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu Lunar):
assignee:	nobody → Lena Voytek (lvoytek)
Changed in bind9 (Ubuntu):
assignee:	nobody → Lena Voytek (lvoytek)

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-08-06:

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bind9 (Ubuntu Focal):
status:	New → Confirmed
Changed in bind9 (Ubuntu Jammy):
status:	New → Confirmed
Changed in bind9 (Ubuntu Lunar):
status:	New → Confirmed
Changed in bind9 (Ubuntu):
status:	New → Confirmed

Lena Voytek (lvoytek) on 2023-09-01

Changed in bind9 (Ubuntu):
milestone:	ubuntu-23.08 → ubuntu-23.09
Changed in bind9 (Ubuntu Lunar):
status:	Confirmed → In Progress

Lena Voytek (lvoytek) on 2023-09-05

description:	updated
Changed in bind9 (Ubuntu):
status:	Confirmed → In Progress

Lena Voytek (lvoytek) on 2023-09-19

Changed in bind9 (Ubuntu):
status:	In Progress → Fix Released

Lena Voytek (lvoytek) on 2023-09-19

Changed in bind9 (Ubuntu Jammy):
status:	Confirmed → In Progress

Lena Voytek (lvoytek) on 2023-09-19

description:

updated

Lena Voytek (lvoytek) on 2023-09-19

Changed in bind-dyndb-ldap (Ubuntu Jammy):
status:	New → In Progress
Changed in bind-dyndb-ldap (Ubuntu Lunar):
status:	New → In Progress
Changed in bind-dyndb-ldap (Ubuntu):
status:	New → Fix Released
Changed in bind-dyndb-ldap (Ubuntu Focal):
status:	New → Triaged
Changed in bind9 (Ubuntu Focal):
status:	Confirmed → Triaged

Lena Voytek (lvoytek) on 2023-09-19

description:

updated

Lena Voytek (lvoytek) on 2023-09-21

description:

updated

Andreas Hasenack (ahasenack) on 2023-09-22

description:	updated
description:	updated

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-09-29: Please test proposed package

Hello Bryce, or anyone else affected,

Accepted bind9 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.18-0ubuntu0.22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind9 (Ubuntu Jammy):
status:	In Progress → Fix Committed
tags:	added: verification-needed verification-needed-jammy
Changed in bind9 (Ubuntu Lunar):
status:	In Progress → Fix Committed
tags:	added: verification-needed-lunar

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-09-29:

Hello Bryce, or anyone else affected,

Accepted bind9 into lunar-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.18-0ubuntu0.23.04.1 in a few hours, and then in the -proposed repository.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-lunar to verification-done-lunar. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-lunar. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-09-30:

Hello Bryce, or anyone else affected,

Accepted bind-dyndb-ldap into lunar-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind-dyndb-ldap/11.10-4ubuntu0.3 in a few hours, and then in the -proposed repository.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-lunar to verification-done-lunar. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-lunar. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind-dyndb-ldap (Ubuntu Lunar):
status:	In Progress → Fix Committed
Changed in bind-dyndb-ldap (Ubuntu Jammy):
status:	In Progress → Fix Committed

Revision history for this message

Steve Langasek (vorlon) wrote on 2023-09-30:

Hello Bryce, or anyone else affected,

Accepted bind-dyndb-ldap into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind-dyndb-ldap/11.9-5ubuntu0.22.04.4 in a few hours, and then in the -proposed repository.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Revision history for this message

Lena Voytek (lvoytek) wrote on 2023-10-02:

Verified for lunar and jammy through general installation and autopkgtest runs

https://autopkgtest.ubuntu.com/results/autopkgtest-jammy/jammy/amd64/b/bind9/20230930_080730_efc3c@/log.gz

https://autopkgtest.ubuntu.com/results/autopkgtest-lunar/lunar/amd64/b/bind9/20230930_080744_bd93f@/log.gz

tags:

added: verification-done verification-done-jammy verification-done-lunar
removed: verification-needed verification-needed-jammy verification-needed-lunar

Bryce Harrington (bryce) on 2023-10-25

Changed in bind-dyndb-ldap (Ubuntu):
milestone:	none → mantic-updates

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-26:

#10

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.23.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.23.04.1) lunar; urgency=medium

  * New upstream release 9.18.18 (LP: #2028413)
    - Updates:
      + Mark a primary server as temporarily unreachable when a TCP connection
        response to an SOA query times out, matching behavior of a refused TCP
        connection.
      + Mark dialup and heartbeat-interval options as deprecated.
      + Retry DNS queries without an EDNS COOKIE when the first response is
        FORMERR with the EDNS COOKIE that was sent originally.
      + Use NS records for the relaxed QNAME minimization mode to reduce the
        number of queries from named.
      + Mark TKEY mode 2 as deprecated.
      + Mark delegation-only and root-delegation-only as deprecated.
      + Run RPZ and catalog zone updates on specialized offload threads to
        reduce blocked query processing time.
    - Bug Fixes:
      + Fix assertion failure from processing already-queued queries while
        server is being reconfigured or cache is being flushed.
      + Fix failure to load zones containing resource records with a TTL value
        larger than 86400 seconds when dnssec-policy is set to insecure.
      + Fix the ability to read HMAC-MD5 key files (LP: #2015176).
      + Fix stability issues with the catalog zone implementation.
      + Fix bind9 getting stuck when listen-on statement for HTTP is removed
        from configuration.
      + Do not return delegation from cache after stale-answer-client-timeout.
      + Fix failure to auto-tune clients-per-query limit in some situations.
      + Fix proper timeouts when using max-transfer-time-in and
        max-transfer-idle-in statements.
      + Bring rndc read timeout back to 60 seconds from 30.
      + Treat libuv returning ISC_R_INVALIDPROTO as a network error.
      + Clean up empty-non-terminal NSEC3 records.
      + Fix log file rotation cleanup for absolute file path destinations.
      + Fix various catalog zone processing crashes.
      + Fix transfer hang when downloading large zones over TLS.
      + Fix named crash when adding a new zone into the configuration file for
        a name which was already configured as member zone for a catalog zone.
      + Delay DNSSEC key queries until all zones have finished loading.
    - See https://bind9.readthedocs.io/en/v9.18.18/notes.html for additional
      information.
  * d/p/CVE-2023-2828.patch, CVE-2023-2911.patch: Remove - fixed upstream in
    9.18.16.
  * d/p/CVE-2023-3341.patch: Refresh, matching upstream, to apply in 9.18.18.
  * d/t/control, d/t/dyndb-ldap: add DEP8 test (LP: #2032650)

-- Lena Voytek <email address hidden> Wed, 20 Sep 2023 14:52:27 -0700

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.23.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.23.04.1) lunar; urgency=medium

-- Lena Voytek <lena.voytek@canonical.com>  Wed, 20 Sep 2023 14:52:27 -0700

Changed in bind9 (Ubuntu Lunar):
status:	Fix Committed → Fix Released

Revision history for this message

Robie Basak (racb) wrote on 2023-10-26: Update Released

#11

The verification of the Stable Release Update for bind9 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-26:

#12

This bug was fixed in the package bind-dyndb-ldap - 11.9-5ubuntu0.22.04.4

---------------
bind-dyndb-ldap (11.9-5ubuntu0.22.04.4) jammy; urgency=medium

* d/p/remove-rpz_attach.patch: Remove rpz_attach to fix build failure against
bind9 9.18.13+ (LP: #2028413)

-- Lena Voytek <email address hidden> Thu, 21 Sep 2023 07:26:59 -0700

Changed in bind-dyndb-ldap (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-26:

#13

This bug was fixed in the package bind-dyndb-ldap - 11.10-4ubuntu0.3

---------------
bind-dyndb-ldap (11.10-4ubuntu0.3) lunar; urgency=medium

* d/p/remove-rpz_attach.patch: Remove rpz_attach to fix build failure against
bind9 9.18.13+ (LP: #2028413)

-- Lena Voytek <email address hidden> Thu, 21 Sep 2023 07:24:11 -0700

Changed in bind-dyndb-ldap (Ubuntu Lunar):
status:	Fix Committed → Fix Released

Revision history for this message

Launchpad Janitor (janitor) wrote on 2023-10-26:

#14

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.22.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.22.04.1) jammy; urgency=medium

-- Lena Voytek <email address hidden> Wed, 20 Sep 2023 15:15:41 -0700

This bug was fixed in the package bind9 - 1:9.18.18-0ubuntu0.22.04.1

---------------
bind9 (1:9.18.18-0ubuntu0.22.04.1) jammy; urgency=medium

-- Lena Voytek <lena.voytek@canonical.com>  Wed, 20 Sep 2023 15:15:41 -0700

Changed in bind9 (Ubuntu Jammy):
status:	Fix Committed → Fix Released

Revision history for this message

Marc Deslauriers (mdeslaur) wrote on 2024-02-28 (last edit on 2024-02-28):

#15

bind9 9.16.48 is now in focal with the latest security update.

Changed in bind-dyndb-ldap (Ubuntu Focal):
status:	Triaged → Fix Released
Changed in bind9 (Ubuntu Focal):
status:	Triaged → Fix Committed
Changed in bind-dyndb-ldap (Ubuntu Focal):
status:	Fix Released → Won't Fix

Report a bug

This report contains Public information

Everyone can see this information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.

Ubuntubind9 package

MRE updates of bind9 for focal, jammy and lunar

Bug Description

Related branches

CVE References

Other bug subscribers

Remote bug watches

Ubuntu
bind9 package