Ubuntu
bind9 package

DiG crashes on +nssearch with +tcp in bind9 9.18

  1. Kinetic (22.10)
  2. Bug #1258003
Bug #1258003 reported by Joshua Rogers
24
This bug affects 2 people
Affects Status Importance Assigned to Milestone
bind9 (Ubuntu)
Fix Released
High
Unassigned
Jammy
Fix Released
High
Lena Voytek
Kinetic
Fix Released
Undecided
Unassigned

Bug Description

[Impact]

When using dig with the +nssearch and +tcp options, the application will crash with a core dump.

The fix should be backported to Kinetic and Jammy to allow users to get all results of an nssearch through tcp on a domain.

The bug will be fixed by the minor release update described in (LP: #2003586) through upstream correcting IPv6 functionality.

[Test Plan]

# lxc launch images:ubuntu/{kinetic, jammy} test-bind9
# lxc exec test-bind9
# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp
- Before the update this leads to a crash ending in "Aborted (core dumped)" without showing all addresses while after it will show that there was a communication error with addresses it did not get a response from and finish running through all addresses

[Where problems could occur]

Problems could occour in multiple areas outside of this fix because it is being added in a minor release update. Issues directly related to this fix would arise in the functionality of dig +nssearch +tcp, likely related to the handling of domains containing IPv6 addresses.

[Original Description]

Precursor: 'DiG' is provided in the package "bind9", and the version in DiG is the same version of bind9.
Whilst running 'DiG', with +ssearch, AND +tcp, on the DiG version that is available in the repo's("DiG 9.8.1-P1"), the program segfaults with a core dump.

Example:

13:13:14 (toil@laptop) ~ $ dig -v
DiG 9.8.1-P1
13:13:37 (toil@laptop) ~ $ dig +time=3 +nssearch +tcp internot.info
socket.c:2535: REQUIRE(socketp != ((void *)0) && *socketp == ((void *)0)) failed, back trace
#0 0x4f877b in ??
#1 0x4f86c4 in ??
#2 0x52b062 in ??
#3 0xfd03ef in ??
#4 0xfd07c3 in ??
#5 0x51b9ac in ??
#6 0x7cdd4c in ??
#7 0x1ffbae in ??
Aborted (core dumped)

It's strange that it gives a back trace, but that's irrelevant anyways.

Although I'm unsure of which version exactly it's fixed in, but it doesn't work in "DiG 9.10.0a1".
It also seems to be patched in "DiG 9.8.4-P2", but that probably isn't useful (due to the P2)..

ProblemType: Bug
DistroRelease: Ubuntu 12.04
Package: bind9-host 1:9.8.1.dfsg.P1-4ubuntu0.7
ProcVersionSignature: Ubuntu 3.2.0-56.86-generic 3.2.51
Uname: Linux 3.2.0-56-generic i686
NonfreeKernelModules: wl
ApportVersion: 2.0.1-0ubuntu17.6
Architecture: i386
Date: Thu Dec 5 13:11:08 2013
EcryptfsInUse: Yes
InstallationMedia: Ubuntu 10.04 LTS "Lucid Lynx" - Release i386 (20100429)
MarkForUpload: True
ProcEnviron:
 TERM=xterm
 PATH=(custom, no user)
 LANG=en_AU.UTF-8
 SHELL=/bin/bash
SourcePackage: bind9
UpgradeStatus: Upgraded to precise on 2013-08-26 (100 days ago)

See original description

Related branches

~lvoytek/ubuntu/+source/bind9:MRE-jammy-9.18.11
git-ubuntu bot: Approve
Sergio Durigan Junior (community): Approve
Canonical Server Reporter: Pending requested
Diff: 198829 lines (+67192/-35110)
1489 files modified
CHANGES (+690/-2)
COPYRIGHT (+1/-1)
ChangeLog (+690/-2)
Makefile.am (+5/-1)
Makefile.docs (+2/-13)
Makefile.in (+16/-6)
Makefile.tests (+10/-4)
Makefile.top (+2/-1)
NEWS (+690/-2)
OPTIONS.md (+1/-0)
README.md (+1/-1)
aclocal.m4 (+2/-1)
bin/Makefile.in (+12/-3)
bin/check/Makefile.in (+13/-4)
bin/check/check-tool.c (+6/-3)
bin/check/named-checkconf.c (+20/-16)
bin/check/named-checkconf.rst (+41/-28)
bin/check/named-checkzone.c (+7/-6)
bin/check/named-checkzone.rst (+87/-67)
bin/check/named-compilezone.rst (+224/-0)
bin/confgen/Makefile.in (+13/-4)
bin/confgen/ddns-confgen.rst (+96/-0)
bin/confgen/keygen.c (+1/-24)
bin/confgen/rndc-confgen.c (+2/-2)
bin/confgen/rndc-confgen.rst (+51/-38)
bin/confgen/tsig-keygen.c (+5/-5)
bin/confgen/tsig-keygen.rst (+19/-56)
bin/confgen/util.h (+1/-1)
bin/delv/Makefile.in (+13/-4)
bin/delv/delv.c (+22/-15)
bin/delv/delv.rst (+124/-86)
bin/dig/Makefile.in (+13/-4)
bin/dig/dig.c (+214/-73)
bin/dig/dig.rst (+316/-183)
bin/dig/dighost.c (+706/-206)
bin/dig/dighost.h (+27/-13)
bin/dig/host.c (+19/-17)
bin/dig/host.rst (+75/-53)
bin/dig/nslookup.c (+2/-1)
bin/dig/nslookup.rst (+13/-11)
bin/dnssec/Makefile.in (+13/-4)
bin/dnssec/dnssec-cds.c (+12/-7)
bin/dnssec/dnssec-cds.rst (+55/-42)
bin/dnssec/dnssec-dsfromkey.c (+4/-4)
bin/dnssec/dnssec-dsfromkey.rst (+46/-31)
bin/dnssec/dnssec-importkey.c (+2/-2)
bin/dnssec/dnssec-importkey.rst (+55/-26)
bin/dnssec/dnssec-keyfromlabel.c (+9/-7)
bin/dnssec/dnssec-keyfromlabel.rst (+101/-60)
bin/dnssec/dnssec-keygen.c (+14/-9)
bin/dnssec/dnssec-keygen.rst (+117/-69)
bin/dnssec/dnssec-revoke.c (+4/-3)
bin/dnssec/dnssec-revoke.rst (+21/-11)
bin/dnssec/dnssec-settime.c (+6/-4)
bin/dnssec/dnssec-settime.rst (+100/-57)
bin/dnssec/dnssec-signzone.c (+72/-46)
bin/dnssec/dnssec-signzone.rst (+122/-69)
bin/dnssec/dnssec-verify.c (+3/-3)
bin/dnssec/dnssec-verify.rst (+27/-15)
bin/dnssec/dnssectool.c (+24/-5)
bin/dnssec/dnssectool.h (+2/-2)
bin/named/Makefile.am (+0/-3)
bin/named/Makefile.in (+13/-8)
bin/named/bind9.xsl (+1/-1)
bin/named/builtin.c (+2/-1)
bin/named/config.c (+85/-133)
bin/named/control.c (+1/-1)
bin/named/controlconf.c (+5/-3)
bin/named/dlz_dlopen_driver.c (+1/-2)
bin/named/include/named/config.h (+5/-6)
bin/named/include/named/globals.h (+0/-1)
bin/named/include/named/main.h (+2/-2)
bin/named/include/named/server.h (+7/-7)
bin/named/include/named/zoneconf.h (+3/-7)
bin/named/log.c (+2/-1)
bin/named/logconf.c (+1/-2)
bin/named/main.c (+153/-46)
bin/named/named.conf.rst (+25/-865)
bin/named/named.rst (+94/-58)
bin/named/os.c (+4/-2)
bin/named/server.c (+374/-385)
bin/named/statschannel.c (+146/-170)
bin/named/transportconf.c (+10/-21)
bin/named/tsigconf.c (+2/-1)
bin/named/zoneconf.c (+53/-170)
bin/nsupdate/Makefile.in (+13/-4)
bin/nsupdate/nsupdate.c (+51/-39)
bin/nsupdate/nsupdate.rst (+80/-51)
bin/plugins/Makefile.in (+13/-4)
bin/plugins/filter-a.c (+6/-4)
bin/plugins/filter-a.rst (+3/-2)
bin/plugins/filter-aaaa.c (+4/-3)
bin/plugins/filter-aaaa.rst (+5/-4)
bin/rndc/Makefile.in (+13/-4)
bin/rndc/rndc.c (+18/-14)
bin/rndc/rndc.conf.rst (+17/-15)
bin/rndc/rndc.rst (+199/-134)
bin/rndc/util.h (+1/-1)
bin/tests/Makefile.am (+5/-0)
bin/tests/Makefile.in (+15/-7)
bin/tests/convert-trs-to-junit.py (+148/-0)
bin/tests/system/Makefile.am (+11/-18)
bin/tests/system/Makefile.in (+97/-74)
bin/tests/system/acl/ns2/named1.conf.in (+1/-1)
bin/tests/system/acl/ns2/named2.conf.in (+1/-1)
bin/tests/system/acl/ns2/named3.conf.in (+1/-1)
bin/tests/system/acl/ns2/named4.conf.in (+1/-1)
bin/tests/system/acl/ns2/named5.conf.in (+1/-1)
bin/tests/system/acl/ns3/named.conf.in (+1/-1)
bin/tests/system/acl/ns4/named.conf.in (+1/-1)
bin/tests/system/acl/tests.sh (+2/-1)
bin/tests/system/addzone/ns1/named.conf.in (+1/-1)
bin/tests/system/addzone/tests.sh (+11/-11)
bin/tests/system/addzone/tests_rndc_deadlock.py (+24/-22)
bin/tests/system/allow-query/ns3/named1.conf.in (+1/-1)
bin/tests/system/allow-query/ns3/named2.conf.in (+1/-1)
bin/tests/system/allow-query/ns3/named3.conf.in (+1/-1)
bin/tests/system/allow-query/ns3/named4.conf.in (+1/-1)
bin/tests/system/allow-query/tests.sh (+7/-0)
bin/tests/system/auth/clean.sh (+2/-0)
bin/tests/system/autosign/clean.sh (+3/-1)
bin/tests/system/autosign/ns1/keygen.sh (+12/-12)
bin/tests/system/autosign/ns1/named.conf.in (+1/-1)
bin/tests/system/autosign/ns2/Xbar.+013+59973.key (+5/-0)
bin/tests/system/autosign/ns2/Xbar.+013+59973.private (+6/-0)
bin/tests/system/autosign/ns2/Xbar.+013+60101.key (+5/-0)
bin/tests/system/autosign/ns2/Xbar.+013+60101.private (+6/-0)
bin/tests/system/autosign/ns2/keygen.sh (+12/-11)
bin/tests/system/autosign/ns2/named.conf.in (+1/-1)
bin/tests/system/autosign/ns3/cdnskey-delete.example.db.in (+28/-0)
bin/tests/system/autosign/ns3/cds-delete.example.db.in (+28/-0)
bin/tests/system/autosign/ns3/keygen.sh (+74/-48)
bin/tests/system/autosign/ns3/named.conf.in (+17/-3)
bin/tests/system/autosign/tests.sh (+388/-288)
bin/tests/system/builtin/tests.sh (+8/-6)
bin/tests/system/cacheclean/ns2/named.conf.in (+1/-1)
bin/tests/system/cacheclean/tests.sh (+3/-3)
bin/tests/system/case/setup.sh (+2/-0)
bin/tests/system/catz/clean.sh (+13/-6)
bin/tests/system/catz/ns1/catalog-bad1.example.db (+2/-5)
bin/tests/system/catz/ns1/catalog-bad2.example.db (+14/-0)
bin/tests/system/catz/ns1/catalog-bad3.example.db (+15/-0)
bin/tests/system/catz/ns1/catalog-bad4.example.db (+14/-0)
bin/tests/system/catz/ns1/catalog-bad5.example.db (+14/-0)
bin/tests/system/catz/ns1/catalog.example.db.in (+1/-1)
bin/tests/system/catz/ns1/named.conf.in (+101/-25)
bin/tests/system/catz/ns2/dom-existing.example.db (+2/-5)
bin/tests/system/catz/ns2/named1.conf.in (+118/-28)
bin/tests/system/catz/ns2/named2.conf.in (+85/-21)
bin/tests/system/catz/ns3/catalog.example.db.in (+14/-0)
bin/tests/system/catz/ns4/named.conf.in (+55/-0)
bin/tests/system/catz/setup.sh (+3/-1)
bin/tests/system/catz/tests.sh (+1163/-323)
bin/tests/system/cds/checktime.pl (+1/-1)
bin/tests/system/cds/setup.sh (+13/-13)
bin/tests/system/cds/tests.sh (+5/-5)
bin/tests/system/chain/ans4/ans.py (+121/-82)
bin/tests/system/chain/ns2/sign.sh (+10/-10)
bin/tests/system/chain/ns7/named.conf.in (+1/-1)
bin/tests/system/chain/tests.sh (+2/-0)
bin/tests/system/checkconf/bad-duration.conf (+2/-8)
bin/tests/system/checkconf/bad-kasp-keydir1.conf.in (+2/-2)
bin/tests/system/checkconf/bad-kasp-keydir2.conf.in (+2/-2)
bin/tests/system/checkconf/bad-kasp-keydir3.conf.in (+2/-2)
bin/tests/system/checkconf/bad-kasp-keydir4.conf.in (+2/-2)
bin/tests/system/checkconf/bad-kasp-keydir5.conf.in (+2/-2)
bin/tests/system/checkconf/bad-kasp-nsec3-alg.conf (+25/-0)
bin/tests/system/checkconf/bad-ksk-without-zsk.conf (+24/-0)
bin/tests/system/checkconf/bad-unpaired-keys.conf (+27/-0)
bin/tests/system/checkconf/bad-zsk-without-ksk.conf (+24/-0)
bin/tests/system/checkconf/check-wildcard-no.conf (+18/-0)
bin/tests/system/checkconf/check-wildcard.conf (+18/-0)
bin/tests/system/checkconf/check-wildcard.db (+4/-7)
bin/tests/system/checkconf/clean.sh (+9/-4)
bin/tests/system/checkconf/deprecated.conf (+9/-0)
bin/tests/system/checkconf/dnssec.3 (+18/-0)
bin/tests/system/checkconf/good-dot-doh-tls-nokeycert.conf (+1/-0)
bin/tests/system/checkconf/good-kasp.conf (+5/-0)
bin/tests/system/checkconf/good-key-directory.conf (+3/-0)
bin/tests/system/checkconf/good.conf (+14/-3)
bin/tests/system/checkconf/kasp-and-other-dnssec-options.conf (+0/-1)
bin/tests/system/checkconf/kasp-bad-lifetime.conf (+91/-0)
bin/tests/system/checkconf/kasp-bad-nsec3-iter.conf (+1/-0)
bin/tests/system/checkconf/kasp-bad-signatures-refresh.conf (+46/-0)
bin/tests/system/checkconf/kasp-ignore-keylen.conf (+1/-0)
bin/tests/system/checkconf/kasp-warning.conf (+62/-0)
bin/tests/system/checkconf/range.conf (+0/-9)
bin/tests/system/checkconf/setup.sh (+7/-0)
bin/tests/system/checkconf/tests.sh (+141/-62)
bin/tests/system/checkconf/warn-kasp-max-zone-ttl.conf (+27/-0)
bin/tests/system/checkconf/warn-random-device.conf (+1/-21)
bin/tests/system/checkds/clean.sh (+1/-0)
bin/tests/system/checkds/ns1/named.conf.in (+4/-4)
bin/tests/system/checkds/ns1/root.db.in (+24/-0)
bin/tests/system/checkds/ns1/setup.sh (+46/-0)
bin/tests/system/checkds/ns10/named.conf.in (+8/-7)
bin/tests/system/checkds/ns10/root.db.in (+24/-0)
bin/tests/system/checkds/ns2/named.conf.in (+1/-1)
bin/tests/system/checkds/ns2/setup.sh (+3/-1)
bin/tests/system/checkds/ns2/template.db.in (+2/-1)
bin/tests/system/checkds/ns3/named.conf.in (+15/-5)
bin/tests/system/checkds/ns4/named.conf.in (+1/-1)
bin/tests/system/checkds/ns5/named.conf.in (+1/-1)
bin/tests/system/checkds/ns5/template.db.in (+2/-0)
bin/tests/system/checkds/ns6/named.conf.in (+1/-1)
bin/tests/system/checkds/ns7/named.conf.in (+1/-1)
bin/tests/system/checkds/ns8/named.conf.in (+17/-7)
bin/tests/system/checkds/ns8/root.hint (+14/-0)
bin/tests/system/checkds/ns9/named.conf.in (+37/-1)
bin/tests/system/checkds/ns9/setup.sh (+6/-4)
bin/tests/system/checkds/setup.sh (+8/-0)
bin/tests/system/checkds/tests_checkds.py (+190/-102)
bin/tests/system/checknames/setup.sh (+2/-0)
bin/tests/system/checkzone/clean.sh (+3/-0)
bin/tests/system/checkzone/setup.sh (+4/-0)
bin/tests/system/checkzone/tests.sh (+42/-31)
bin/tests/system/checkzone/zones/bad-generate-garbage.db (+1/-1)
bin/tests/system/checkzone/zones/bad-generate-missing-brace.db (+17/-0)
bin/tests/system/checkzone/zones/bad-generate-range.db (+18/-0)
bin/tests/system/checkzone/zones/bad-tsig.db.in (+17/-0)
bin/tests/system/checkzone/zones/generate-overflow.db (+17/-0)
bin/tests/system/checkzone/zones/good-generate-modifier.db (+20/-0)
bin/tests/system/checkzone/zones/good-svcb.db (+1/-0)
bin/tests/system/ckdnsrps.sh (+1/-1)
bin/tests/system/common/controls.conf.in (+1/-1)
bin/tests/system/conf.sh.common (+73/-86)
bin/tests/system/conf.sh.in (+72/-85)
bin/tests/system/conftest.py (+19/-1)
bin/tests/system/cookie/ans9/ans.py (+82/-53)
bin/tests/system/cookie/clean.sh (+2/-0)
bin/tests/system/cookie/ns1/named.conf.in (+4/-4)
bin/tests/system/cookie/ns2/named.conf.in (+3/-3)
bin/tests/system/cookie/ns3/named.conf.in (+4/-4)
bin/tests/system/cookie/ns4/named.conf.in (+1/-1)
bin/tests/system/cookie/ns5/named.conf.in (+1/-1)
bin/tests/system/cookie/ns6/named.conf.in (+1/-1)
bin/tests/system/cookie/ns7/named.conf.in (+3/-3)
bin/tests/system/cookie/ns8/named.conf.in (+1/-1)
bin/tests/system/custom-test-driver (+2/-1)
bin/tests/system/database/ns1/named1.conf.in (+1/-1)
bin/tests/system/database/ns1/named2.conf.in (+1/-1)
bin/tests/system/dialup/clean.sh (+2/-0)
bin/tests/system/dialup/ns1/named.conf.in (+1/-1)
bin/tests/system/dialup/ns2/named.conf.in (+1/-1)
bin/tests/system/dialup/ns3/named.conf.in (+1/-1)
bin/tests/system/dialup/setup.sh (+1/-4)
bin/tests/system/dialup/tests.sh (+1/-1)
bin/tests/system/digdelv/ans8/ans.py (+202/-0)
bin/tests/system/digdelv/clean.sh (+2/-0)
bin/tests/system/digdelv/ns3/named.conf.in (+1/-1)
bin/tests/system/digdelv/tests.sh (+110/-11)
bin/tests/system/digdelv/yamlget.py (+0/-1)
bin/tests/system/dispatch/ans3/ans.py (+4/-4)
bin/tests/system/dispatch/ns1/named.conf.in (+1/-1)
bin/tests/system/dispatch/ns2/named.conf.in (+1/-1)
bin/tests/system/dispatch/tests_connreset.py (+5/-4)
bin/tests/system/dlzexternal/driver/Makefile.in (+13/-4)
bin/tests/system/dlzexternal/driver/driver.c (+4/-2)
bin/tests/system/dlzexternal/ns1/named.conf.in (+1/-1)
bin/tests/system/dlzexternal/tests.sh (+1/-1)
bin/tests/system/dns64/ns1/sign.sh (+2/-2)
bin/tests/system/dnssec/ans10/ans.py (+27/-15)
bin/tests/system/dnssec/clean.sh (+1/-2)
bin/tests/system/dnssec/ns2/example.db.in (+4/-0)
bin/tests/system/dnssec/ns2/named.conf.in (+1/-1)
bin/tests/system/dnssec/ns3/insecure2.example.db (+8/-7)
bin/tests/system/dnssec/ns3/named.conf.in (+7/-1)
bin/tests/system/dnssec/ns3/sign.sh (+3/-3)
bin/tests/system/dnssec/ns4/managed-keys.bind.in (+21/-0)
bin/tests/system/dnssec/ns4/named1.conf.in (+4/-4)
bin/tests/system/dnssec/ns4/named2.conf.in (+4/-5)
bin/tests/system/dnssec/ns4/named3.conf.in (+1/-1)
bin/tests/system/dnssec/ns4/named4.conf.in (+2/-2)
bin/tests/system/dnssec/ns4/named5.conf.in (+1/-1)
bin/tests/system/dnssec/ns5/named1.conf.in (+1/-1)
bin/tests/system/dnssec/ns5/named2.conf.in (+1/-1)
bin/tests/system/dnssec/ns8/named.conf.in (+1/-1)
bin/tests/system/dnssec/ns9/named.conf.in (+1/-1)
bin/tests/system/dnssec/signer/general/Kexample.com.+010+18240.key (+5/-0)
bin/tests/system/dnssec/signer/general/Kexample.com.+010+18240.private (+13/-0)
bin/tests/system/dnssec/signer/general/Kexample.com.+010+28633.key (+5/-0)
bin/tests/system/dnssec/signer/general/Kexample.com.+010+28633.private (+13/-0)
bin/tests/system/dnssec/signer/general/bogus-ksk.key (+2/-2)
bin/tests/system/dnssec/signer/general/bogus-zsk.key (+2/-2)
bin/tests/system/dnssec/signer/general/test1.zone (+2/-2)
bin/tests/system/dnssec/signer/general/test2.zone (+1/-1)
bin/tests/system/dnssec/signer/general/test3.zone (+1/-1)
bin/tests/system/dnssec/signer/general/test4.zone (+2/-2)
bin/tests/system/dnssec/signer/general/test5.zone (+2/-2)
bin/tests/system/dnssec/signer/general/test6.zone (+2/-2)
bin/tests/system/dnssec/signer/general/test8.zone (+1/-1)
bin/tests/system/dnssec/tests.sh (+80/-55)
bin/tests/system/dnstap/clean.sh (+1/-2)
bin/tests/system/dnstap/ns1/named.conf.in (+1/-1)
bin/tests/system/dnstap/ns2/named.conf.in (+1/-1)
bin/tests/system/dnstap/ns3/named.conf.in (+1/-1)
bin/tests/system/dnstap/ns4/named.conf.in (+1/-1)
bin/tests/system/dnstap/prereq.sh (+20/-0)
bin/tests/system/dnstap/tests.sh (+8/-2)
bin/tests/system/dnstap/tests_dnstap.py (+83/-0)
bin/tests/system/dnstap/ydump.py (+1/-1)
bin/tests/system/doth/CA/CA.cfg (+121/-0)
bin/tests/system/doth/CA/CA.pem (+29/-0)
bin/tests/system/doth/CA/README (+2/-0)
bin/tests/system/doth/CA/certs/srv01.client01.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv01.client01.example.com.pem (+68/-0)
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv01.client02-ns2.example.com.pem (+68/-0)
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv01.client03-ns2-expired.example.com.pem (+69/-0)
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv01.crt01.example.com.pem (+69/-0)
bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv01.crt02-no-san.example.com.pem (+64/-0)
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv01.crt03-expired.example.com.pem (+69/-0)
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv02.crt01.example.com.pem (+69/-0)
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv03.crt01.example.com.pem (+69/-0)
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.key (+6/-0)
bin/tests/system/doth/CA/certs/srv04.crt01.example.com.pem (+69/-0)
bin/tests/system/doth/CA/index.txt (+9/-0)
bin/tests/system/doth/CA/index.txt.attr (+1/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52001.pem (+69/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52002.pem (+64/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52003.pem (+69/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52004.pem (+69/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52005.pem (+69/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52006.pem (+69/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52007.pem (+68/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52008.pem (+68/-0)
bin/tests/system/doth/CA/newcerts/6BB3183CDEF52009.pem (+69/-0)
bin/tests/system/doth/CA/private/CA.key (+39/-0)
bin/tests/system/doth/CA/serial (+1/-0)
bin/tests/system/doth/clean.sh (+1/-0)
bin/tests/system/doth/conftest.py (+17/-13)
bin/tests/system/doth/example8.axfr.good (+2676/-0)
bin/tests/system/doth/get_openssl_version.py (+5/-13)
bin/tests/system/doth/ns1/named.conf.in (+96/-6)
bin/tests/system/doth/ns2/named.conf.in (+123/-4)
bin/tests/system/doth/ns3/named.conf.in (+3/-3)
bin/tests/system/doth/ns4/named.conf.in (+3/-3)
bin/tests/system/doth/prereq.sh (+20/-0)
bin/tests/system/doth/stress_http_quota.py (+27/-26)
bin/tests/system/doth/tests.sh (+320/-8)
bin/tests/system/doth/tests_gnutls.py (+32/-17)
bin/tests/system/doth/tests_sslyze.py (+65/-0)
bin/tests/system/dsdigest/ns1/sign.sh (+2/-2)
bin/tests/system/dsdigest/ns2/sign.sh (+4/-4)
bin/tests/system/dupsigs/check_journal.pl (+0/-5)
bin/tests/system/dupsigs/clean.sh (+3/-0)
bin/tests/system/dupsigs/ns1/named.conf.in (+1/-1)
bin/tests/system/dupsigs/ns1/reset_keys.sh (+8/-7)
bin/tests/system/dupsigs/ns1/signing.test.db.in (+1/-1)
bin/tests/system/dupsigs/setup.sh (+2/-0)
bin/tests/system/dupsigs/tests.sh (+29/-9)
bin/tests/system/dyndb/driver/Makefile.in (+13/-4)
bin/tests/system/dyndb/driver/db.c (+11/-8)
bin/tests/system/dyndb/driver/log.h (+0/-2)
bin/tests/system/dyndb/driver/syncptr.c (+1/-1)
bin/tests/system/dyndb/ns1/named.conf.in (+1/-1)
bin/tests/system/dyndb/prereq.sh (+2/-0)
bin/tests/system/ednscompliance/tests.sh (+1/-1)
bin/tests/system/emptyzones/clean.sh (+2/-0)
bin/tests/system/emptyzones/ns1/named1.conf.in (+4/-4)
bin/tests/system/emptyzones/ns1/named2.conf.in (+4/-4)
bin/tests/system/emptyzones/setup.sh (+2/-0)
bin/tests/system/enginepkcs11/clean.sh (+3/-3)
bin/tests/system/enginepkcs11/ns1/named.args (+1/-0)
bin/tests/system/enginepkcs11/ns1/named.conf.in (+1/-1)
bin/tests/system/enginepkcs11/setup.sh (+4/-4)
bin/tests/system/feature-test.c (+31/-11)
bin/tests/system/fetchlimit/ns2/named.conf.in (+1/-1)
bin/tests/system/fetchlimit/ns3/named1.conf.in (+5/-1)
bin/tests/system/fetchlimit/ns3/named2.conf.in (+5/-1)
bin/tests/system/fetchlimit/ns3/named3.conf.in (+5/-1)
bin/tests/system/fetchlimit/tests.sh (+22/-19)
bin/tests/system/filter-aaaa/ns1/named1.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns1/named2.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns2/named1.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns2/named2.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns3/named1.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns3/named2.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns4/named1.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns4/named2.conf.in (+1/-1)
bin/tests/system/filter-aaaa/ns5/named.conf.in (+1/-1)
bin/tests/system/formerr/clean.sh (+2/-0)
bin/tests/system/forward/ans11/ans.py (+271/-0)
bin/tests/system/forward/clean.sh (+4/-1)
bin/tests/system/forward/ns1/diditwork.net.db (+7/-11)
bin/tests/system/forward/ns1/named.conf.in (+20/-0)
bin/tests/system/forward/ns1/net.example.lll (+15/-0)
bin/tests/system/forward/ns1/spoofed.net.db (+22/-0)
bin/tests/system/forward/ns1/sub.local.net.db (+22/-0)
bin/tests/system/forward/ns10/fakenet.zone (+17/-0)
bin/tests/system/forward/ns10/fakenet2.zone (+15/-0)
bin/tests/system/forward/ns10/fakesublocalnet.zone (+15/-0)
bin/tests/system/forward/ns10/fakesublocaltld.zone (+15/-0)
bin/tests/system/forward/ns10/named.conf.in (+53/-0)
bin/tests/system/forward/ns10/net.example.lll (+15/-0)
bin/tests/system/forward/ns10/spoofednet.zone (+16/-0)
bin/tests/system/forward/ns2/tld.db (+6/-0)
bin/tests/system/forward/ns3/named1.conf.in (+1/-1)
bin/tests/system/forward/ns3/named2.conf.in (+1/-1)
bin/tests/system/forward/ns3/root2.db (+21/-0)
bin/tests/system/forward/ns4/named.conf.in (+5/-0)
bin/tests/system/forward/ns4/sibling.tld.db (+22/-0)
bin/tests/system/forward/ns8/named.conf.in (+5/-0)
bin/tests/system/forward/ns8/sub.local.tld.db (+15/-0)
bin/tests/system/forward/ns9/local.net.db (+16/-0)
bin/tests/system/forward/ns9/local.tld.db (+15/-0)
bin/tests/system/forward/ns9/named1.conf.in (+67/-0)
bin/tests/system/forward/ns9/named2.conf.in (+70/-0)
bin/tests/system/forward/ns9/named3.conf.in (+50/-0)
bin/tests/system/forward/ns9/named4.conf.in (+21/-9)
bin/tests/system/forward/ns9/root.db (+2/-8)
bin/tests/system/forward/setup.sh (+2/-0)
bin/tests/system/forward/tests.sh (+157/-11)
bin/tests/system/geoip2/conf/bad-regiondb.conf (+1/-1)
bin/tests/system/geoip2/ns2/named1.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named10.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named11.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named12.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named2.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named3.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named4.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named5.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named6.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named7.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named8.conf.in (+1/-1)
bin/tests/system/geoip2/ns2/named9.conf.in (+1/-1)
bin/tests/system/get_algorithms.py (+242/-0)
bin/tests/system/get_core_dumps.sh (+66/-0)
bin/tests/system/get_ports.sh (+6/-2)
bin/tests/system/hooks/driver/Makefile.in (+13/-4)
bin/tests/system/hooks/driver/test-async.c (+1/-9)
bin/tests/system/hooks/ns1/named.conf.in (+1/-1)
bin/tests/system/host/clean.sh (+8/-5)
bin/tests/system/host/ns1/example.net.db (+31/-0)
bin/tests/system/host/ns1/named.conf.in (+9/-10)
bin/tests/system/host/setup.sh (+6/-0)
bin/tests/system/host/tests.sh (+128/-0)
bin/tests/system/idna/tests.sh (+7/-5)
bin/tests/system/ifconfig.sh.in (+217/-192)
bin/tests/system/inline/clean.sh (+2/-0)
bin/tests/system/inline/ns1/sign.sh (+2/-2)
bin/tests/system/inline/ns3/sign.sh (+39/-39)
bin/tests/system/inline/ns7/sign.sh (+3/-3)
bin/tests/system/inline/ns8/sign.sh (+4/-4)
bin/tests/system/inline/setup.sh (+2/-0)
bin/tests/system/inline/tests.sh (+237/-242)
bin/tests/system/inline/tests_signed_zone_files.py (+16/-16)
bin/tests/system/ixfr/ns1/named.conf.in (+1/-1)
bin/tests/system/ixfr/ns3/named.conf.in (+1/-1)
bin/tests/system/ixfr/ns4/named.conf.in (+1/-1)
bin/tests/system/ixfr/ns5/named.conf.in (+1/-1)
bin/tests/system/ixfr/tests.sh (+4/-0)
bin/tests/system/journal/clean.sh (+2/-0)
bin/tests/system/journal/ns1/named.conf.in (+1/-1)
bin/tests/system/journal/ns2/named.conf.in (+1/-1)
bin/tests/system/kasp.sh (+77/-23)
bin/tests/system/kasp/clean.sh (+3/-2)
bin/tests/system/kasp/kasp.conf (+2/-2)
bin/tests/system/kasp/ns2/named.conf.in (+3/-2)
bin/tests/system/kasp/ns3/ed25519.conf (+1/-0)
bin/tests/system/kasp/ns3/ed448.conf (+1/-0)
bin/tests/system/kasp/ns3/named-fips.conf.in (+508/-0)
bin/tests/system/kasp/ns3/named.conf.in (+2/-426)
bin/tests/system/kasp/ns3/policies/kasp-fips.conf.in (+118/-0)
bin/tests/system/kasp/ns3/policies/kasp.conf.in (+1/-101)
bin/tests/system/kasp/ns3/setup.sh (+120/-65)
bin/tests/system/kasp/ns4/named.conf.in (+18/-10)
bin/tests/system/kasp/ns5/named.conf.in (+11/-7)
bin/tests/system/kasp/ns6/named.conf.in (+16/-3)
bin/tests/system/kasp/ns6/named2.conf.in (+26/-2)
bin/tests/system/kasp/ns6/policies/csk1.conf.in (+1/-1)
bin/tests/system/kasp/ns6/policies/kasp-fips.conf.in (+63/-0)
bin/tests/system/kasp/ns6/policies/kasp.conf.in (+1/-27)
bin/tests/system/kasp/ns6/setup.sh (+57/-39)
bin/tests/system/kasp/setup.sh (+17/-1)
bin/tests/system/kasp/tests.sh (+258/-119)
bin/tests/system/keepalive/clean.sh (+2/-0)
bin/tests/system/keepalive/ns1/named.conf.in (+1/-1)
bin/tests/system/keepalive/ns2/named.conf.in (+1/-1)
bin/tests/system/keepalive/ns3/named.conf.in (+1/-1)
bin/tests/system/keyfromlabel/prereq.sh (+2/-2)
bin/tests/system/keyfromlabel/tests.sh (+4/-4)
bin/tests/system/keymgr2kasp/clean.sh (+1/-0)
bin/tests/system/keymgr2kasp/ns3/kasp.conf.in (+4/-4)
bin/tests/system/keymgr2kasp/ns3/named.conf.in (+1/-1)
bin/tests/system/keymgr2kasp/ns3/named2.conf.in (+1/-1)
bin/tests/system/keymgr2kasp/ns3/setup.sh (+7/-7)
bin/tests/system/keymgr2kasp/ns4/named.conf.in (+3/-3)
bin/tests/system/keymgr2kasp/ns4/named2.conf.in (+6/-4)
bin/tests/system/keymgr2kasp/ns4/setup.sh (+1/-1)
bin/tests/system/keymgr2kasp/tests.sh (+14/-14)
bin/tests/system/legacy/clean.sh (+2/-0)
bin/tests/system/legacy/ns1/named1.conf.in (+1/-1)
bin/tests/system/legacy/tests.sh (+14/-9)
bin/tests/system/logfileconfig/ns1/named.dirconf.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.iso8601-utc.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.iso8601.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.pipeconf.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.plain.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.plainconf.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.symconf.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.tsconf.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.unlimited.in (+1/-1)
bin/tests/system/logfileconfig/ns1/named.versconf.in (+1/-1)
bin/tests/system/logfileconfig/tests.sh (+4/-4)
bin/tests/system/masterformat/ns1/named.conf.in (+1/-1)
bin/tests/system/masterformat/ns3/named.conf.in (+1/-1)
bin/tests/system/masterformat/tests.sh (+3/-3)
bin/tests/system/metadata/setup.sh (+11/-11)
bin/tests/system/metadata/tests.sh (+79/-55)
bin/tests/system/mirror/clean.sh (+2/-0)
bin/tests/system/mirror/ns1/sign.sh (+2/-2)
bin/tests/system/mirror/ns2/named.conf.in (+1/-1)
bin/tests/system/mirror/ns2/sign.sh (+8/-8)
bin/tests/system/mirror/ns3/named.conf.in (+1/-1)
bin/tests/system/mirror/tests.sh (+73/-73)
bin/tests/system/mkeys/clean.sh (+1/-0)
bin/tests/system/mkeys/ns1/named1.conf.in (+1/-1)
bin/tests/system/mkeys/ns1/named2.conf.in (+1/-1)
bin/tests/system/mkeys/ns1/named3.conf.in (+1/-1)
bin/tests/system/mkeys/ns1/sign.sh (+35/-2)
bin/tests/system/mkeys/ns2/named.conf.in (+1/-1)
bin/tests/system/mkeys/ns3/named.conf.in (+2/-5)
bin/tests/system/mkeys/ns4/named.conf.in (+1/-1)
bin/tests/system/mkeys/ns5/named.conf.in (+1/-1)
bin/tests/system/mkeys/ns6/named.conf.in (+1/-1)
bin/tests/system/mkeys/ns6/setup.sh (+4/-4)
bin/tests/system/mkeys/ns7/named.conf.in (+1/-1)
bin/tests/system/mkeys/setup.sh (+7/-0)
bin/tests/system/mkeys/tests.sh (+23/-22)
bin/tests/system/names/setup.sh (+2/-0)
bin/tests/system/notify/clean.sh (+4/-4)
bin/tests/system/notify/ns2/named.conf.in (+1/-1)
bin/tests/system/notify/ns3/named.conf.in (+2/-0)
bin/tests/system/notify/tests.sh (+76/-97)
bin/tests/system/nsec3/clean.sh (+3/-2)
bin/tests/system/nsec3/ns2/named.conf.in (+21/-7)
bin/tests/system/nsec3/ns2/setup.sh (+22/-0)
bin/tests/system/nsec3/ns2/template.db.in (+28/-0)
bin/tests/system/nsec3/ns3/named.conf.in (+96/-1)
bin/tests/system/nsec3/ns3/named2.conf.in (+84/-1)
bin/tests/system/nsec3/ns3/setup.sh (+28/-1)
bin/tests/system/nsec3/setup.sh (+5/-1)
bin/tests/system/nsec3/tests.sh (+277/-59)
bin/tests/system/nslookup/clean.sh (+2/-0)
bin/tests/system/nslookup/tests.sh (+15/-0)
bin/tests/system/nsupdate/krb/setup.sh (+2/-0)
bin/tests/system/nsupdate/ns1/named.conf.in (+6/-4)
bin/tests/system/nsupdate/ns10/named.conf.in (+1/-1)
bin/tests/system/nsupdate/ns2/named.conf.in (+4/-4)
bin/tests/system/nsupdate/ns3/named.conf.in (+3/-3)
bin/tests/system/nsupdate/ns3/sign.sh (+6/-6)
bin/tests/system/nsupdate/ns5/named.conf.in (+1/-1)
bin/tests/system/nsupdate/ns6/named.conf.in (+1/-1)
bin/tests/system/nsupdate/ns7/named.conf.in (+1/-1)
bin/tests/system/nsupdate/ns8/named.conf.in (+1/-1)
bin/tests/system/nsupdate/ns9/named.conf.in (+1/-1)
bin/tests/system/nsupdate/tests.sh (+191/-137)
bin/tests/system/nzd2nzf/ns1/named.conf.in (+1/-1)
bin/tests/system/nzd2nzf/prereq.sh (+7/-12)
bin/tests/system/nzd2nzf/tests.sh (+5/-4)
bin/tests/system/org.isc.bind.system (+14/-3)
bin/tests/system/padding/clean.sh (+2/-0)
bin/tests/system/padding/ns1/named.conf.in (+1/-1)
bin/tests/system/padding/ns2/named.conf.in (+1/-1)
bin/tests/system/padding/ns3/named.conf.in (+1/-1)
bin/tests/system/padding/ns4/named.conf.in (+1/-1)
bin/tests/system/pending/ns1/sign.sh (+2/-2)
bin/tests/system/pending/ns2/sign.sh (+2/-2)
bin/tests/system/pipelined/ans5/ans.py (+44/-30)
bin/tests/system/pipelined/ns1/named.conf.in (+1/-1)
bin/tests/system/pipelined/ns2/named.conf.in (+1/-1)
bin/tests/system/pipelined/ns3/named.conf.in (+1/-1)
bin/tests/system/pipelined/ns4/named.conf.in (+1/-1)
bin/tests/system/pipelined/pipequeries.c (+4/-4)
bin/tests/system/pytest_custom_markers.py (+42/-0)
bin/tests/system/qmin/ans2/ans.py (+154/-44)
bin/tests/system/qmin/ans3/ans.py (+72/-21)
bin/tests/system/qmin/ans4/ans.py (+101/-27)
bin/tests/system/qmin/clean.sh (+1/-1)
bin/tests/system/qmin/ns5/named.conf.in (+1/-1)
bin/tests/system/qmin/ns6/named.conf.in (+1/-1)
bin/tests/system/qmin/ns7/named.conf.in (+1/-1)
bin/tests/system/qmin/tests.sh (+1/-1)
bin/tests/system/reclimit/ns3/named1.conf.in (+1/-1)
bin/tests/system/reclimit/ns3/named2.conf.in (+1/-1)
bin/tests/system/reclimit/ns3/named3.conf.in (+1/-1)
bin/tests/system/reclimit/ns3/named4.conf.in (+1/-1)
bin/tests/system/redirect/ns1/sign.sh (+4/-4)
bin/tests/system/redirect/ns2/named.conf.in (+1/-1)
bin/tests/system/redirect/ns3/sign.sh (+4/-4)
bin/tests/system/redirect/ns4/named.conf.in (+1/-1)
bin/tests/system/redirect/ns5/sign.sh (+4/-4)
bin/tests/system/redirect/tests.sh (+9/-0)
bin/tests/system/resolve.c (+7/-4)
bin/tests/system/resolver/ans2/ans.pl (+11/-0)
bin/tests/system/resolver/ans3/ans.pl (+64/-10)
bin/tests/system/resolver/ns1/named.conf.in (+16/-3)
bin/tests/system/resolver/ns4/named.conf.in (+9/-4)
bin/tests/system/resolver/ns4/root.db (+3/-0)
bin/tests/system/resolver/ns4/tld1.db (+3/-0)
bin/tests/system/resolver/ns4/tld2.db (+5/-2)
bin/tests/system/resolver/ns4/v4only.net.db (+22/-0)
bin/tests/system/resolver/ns5/named.conf.in (+4/-4)
bin/tests/system/resolver/ns6/keygen.sh (+7/-4)
bin/tests/system/resolver/ns6/named.conf.in (+15/-5)
bin/tests/system/resolver/ns6/redirect.com.db (+27/-0)
bin/tests/system/resolver/ns6/root.db (+3/-0)
bin/tests/system/resolver/ns6/tld1.db (+17/-0)
bin/tests/system/resolver/ns7/named1.conf.in (+15/-5)
bin/tests/system/resolver/ns7/named2.conf.in (+15/-5)
bin/tests/system/resolver/ns7/sub.tld1.db (+17/-0)
bin/tests/system/resolver/ns7/tld2.db (+18/-0)
bin/tests/system/resolver/ns9/named.args (+2/-0)
bin/tests/system/resolver/ns9/named.conf.in (+39/-0)
bin/tests/system/resolver/ns9/named.ipv6-only (+0/-0)
bin/tests/system/resolver/ns9/root.hint (+15/-0)
bin/tests/system/resolver/setup.sh (+1/-0)
bin/tests/system/resolver/tests.sh (+95/-18)
bin/tests/system/rndc/ns2/named.conf.in (+1/-1)
bin/tests/system/rndc/ns3/named.conf.in (+1/-1)
bin/tests/system/rndc/ns5/named.conf.in (+1/-1)
bin/tests/system/rndc/ns6/named.conf.in (+1/-1)
bin/tests/system/rndc/ns7/named.conf.in (+3/-3)
bin/tests/system/rndc/setup.sh (+1/-1)
bin/tests/system/rndc/tests.sh (+14/-14)
bin/tests/system/rootkeysentinel/ns1/sign.sh (+2/-2)
bin/tests/system/rootkeysentinel/ns2/sign.sh (+8/-6)
bin/tests/system/rpz/clean.sh (+3/-1)
bin/tests/system/rpz/dnsrps.c (+4/-5)
bin/tests/system/rpz/ns1/named.conf.in (+1/-1)
bin/tests/system/rpz/ns10/hints (+2/-8)
bin/tests/system/rpz/ns10/named.conf.in (+42/-0)
bin/tests/system/rpz/ns10/stub.db (+21/-0)
bin/tests/system/rpz/ns2/base-tld2s.db (+1/-0)
bin/tests/system/rpz/ns2/named.conf.in (+5/-1)
bin/tests/system/rpz/ns2/stub.db (+20/-0)
bin/tests/system/rpz/ns2/tld2.db (+3/-0)
bin/tests/system/rpz/ns3/named.conf.in (+21/-1)
bin/tests/system/rpz/ns4/named.conf.in (+1/-1)
bin/tests/system/rpz/ns5/named.conf.in (+1/-1)
bin/tests/system/rpz/ns6/bl.tld2s.db.in (+20/-0)
bin/tests/system/rpz/ns6/named.conf.in (+7/-1)
bin/tests/system/rpz/ns7/named.conf.in (+1/-1)
bin/tests/system/rpz/ns8/named.conf.in (+1/-1)
bin/tests/system/rpz/ns9/named.conf.in (+1/-1)
bin/tests/system/rpz/qperf.sh (+1/-1)
bin/tests/system/rpz/setup.sh (+8/-6)
bin/tests/system/rpz/tests.sh (+61/-16)
bin/tests/system/rpzextra/clean.sh (+2/-0)
bin/tests/system/rpzextra/ns1/named.conf.in (+1/-1)
bin/tests/system/rpzextra/ns2/named.conf.in (+1/-1)
bin/tests/system/rpzextra/setup.sh (+1/-1)
bin/tests/system/rpzextra/tests_rpz_passthru_logging.py (+8/-6)
bin/tests/system/rpzrecurse/clean.sh (+2/-0)
bin/tests/system/rpzrecurse/ns1/named.conf.in (+1/-1)
bin/tests/system/rpzrecurse/ns2/named.conf.header.in (+1/-1)
bin/tests/system/rpzrecurse/ns4/named.conf.in (+1/-1)
bin/tests/system/rpzrecurse/tests.sh (+4/-4)
bin/tests/system/rrchecker/clean.sh (+2/-0)
bin/tests/system/rrl/broken.conf.in (+2/-2)
bin/tests/system/rrl/clean.sh (+3/-0)
bin/tests/system/rrl/ns2/named.conf.in (+1/-1)
bin/tests/system/rrl/ns4/named.conf.in (+1/-1)
bin/tests/system/rrl/setup.sh (+1/-0)
bin/tests/system/rrl/tests.sh (+12/-15)
bin/tests/system/rrsetorder/tests.sh (+144/-139)
bin/tests/system/rsabigexponent/README.md (+8/-0)
bin/tests/system/rsabigexponent/bigkey.c (+2/-2)
bin/tests/system/rsabigexponent/ns1/sign.sh (+1/-1)
bin/tests/system/rsabigexponent/ns2/Xexample.+008+51650.key (+5/-0)
bin/tests/system/rsabigexponent/ns2/Xexample.+008+51650.private (+13/-0)
bin/tests/system/rsabigexponent/ns2/Xexample.+008+52810.key (+2/-0)
bin/tests/system/rsabigexponent/ns2/Xexample.+008+52810.private (+10/-0)
bin/tests/system/rsabigexponent/ns2/dsset-example.in (+1/-2)
bin/tests/system/rsabigexponent/ns2/example.db.bad (+135/-91)
bin/tests/system/rsabigexponent/ns2/sign.sh (+3/-3)
bin/tests/system/run.sh.in (+6/-48)
bin/tests/system/runtime/ns2/named1.conf.in (+1/-1)
bin/tests/system/serve-stale/ans2/ans.pl (+24/-0)
bin/tests/system/serve-stale/clean.sh (+2/-0)
bin/tests/system/serve-stale/ns1/named1.conf.in (+1/-1)
bin/tests/system/serve-stale/ns1/named2.conf.in (+4/-3)
bin/tests/system/serve-stale/ns1/named3.conf.in (+1/-2)
bin/tests/system/serve-stale/ns1/named4.conf.in (+48/-0)
bin/tests/system/serve-stale/ns1/stale.test.db (+19/-0)
bin/tests/system/serve-stale/ns3/named1.conf.in (+1/-1)
bin/tests/system/serve-stale/ns3/named2.conf.in (+1/-1)
bin/tests/system/serve-stale/ns3/named3.conf.in (+1/-1)
bin/tests/system/serve-stale/ns3/named4.conf.in (+1/-1)
bin/tests/system/serve-stale/ns3/named5.conf.in (+1/-1)
bin/tests/system/serve-stale/ns3/named6.conf.in (+1/-5)
bin/tests/system/serve-stale/ns3/named7.conf.in (+1/-1)
bin/tests/system/serve-stale/ns3/named8.conf.in (+1/-1)
bin/tests/system/serve-stale/ns4/named.conf.in (+1/-1)
bin/tests/system/serve-stale/ns5/named.conf.in (+1/-1)
bin/tests/system/serve-stale/tests.sh (+372/-141)
bin/tests/system/sfcache/ns2/named.conf.in (+1/-1)
bin/tests/system/sfcache/ns5/named.conf.in (+1/-1)
bin/tests/system/shutdown/clean.sh (+2/-0)
bin/tests/system/shutdown/ns1/named.conf.in (+1/-1)
bin/tests/system/shutdown/ns2/named.conf.in (+1/-1)
bin/tests/system/shutdown/resolver/named.conf.in (+2/-1)
bin/tests/system/shutdown/setup.sh (+1/-1)
bin/tests/system/shutdown/tests_shutdown.py (+46/-41)
bin/tests/system/smartsign/tests.sh (+38/-38)
bin/tests/system/sortlist/tests.sh (+4/-4)
bin/tests/system/spf/clean.sh (+2/-0)
bin/tests/system/start.pl (+27/-17)
bin/tests/system/staticstub/ns2/named.conf.in (+1/-1)
bin/tests/system/staticstub/ns3/named.conf.in (+1/-1)
bin/tests/system/staticstub/ns3/sign.sh (+4/-4)
bin/tests/system/staticstub/ns4/sign.sh (+2/-2)
bin/tests/system/statistics/clean.sh (+1/-1)
bin/tests/system/statistics/ns2/named.conf.in (+1/-1)
bin/tests/system/statistics/ns2/named2.conf.in (+1/-1)
bin/tests/system/statistics/ns3/named.conf.in (+1/-1)
bin/tests/system/statistics/ns3/root.hint (+7/-0)
bin/tests/system/statistics/tests.sh (+5/-5)
bin/tests/system/statschannel/clean.sh (+1/-2)
bin/tests/system/statschannel/conftest.py (+1/-83)
bin/tests/system/statschannel/generic.py (+72/-57)
bin/tests/system/statschannel/generic_dnspython.py (+55/-70)
bin/tests/system/statschannel/ns1/named.conf.in (+1/-1)
bin/tests/system/statschannel/ns2/named.conf.in (+1/-1)
bin/tests/system/statschannel/ns2/named2.conf.in (+1/-1)
bin/tests/system/statschannel/ns3/named.conf.in (+1/-1)
bin/tests/system/statschannel/tests.sh (+155/-81)
bin/tests/system/statschannel/tests_json.py (+108/-0)
bin/tests/system/statschannel/tests_xml.py (+48/-54)
bin/tests/system/stop.pl (+4/-0)
bin/tests/system/stress/clean.sh (+3/-0)
bin/tests/system/stress/ns1/named.conf.in (+2/-1)
bin/tests/system/stress/ns2/named.conf.in (+1/-1)
bin/tests/system/stress/ns3/named.conf.in (+3/-3)
bin/tests/system/stress/ns4/named.conf.in (+1/-1)
bin/tests/system/stress/setup.sh (+5/-0)
bin/tests/system/stress/tests.sh (+6/-2)
bin/tests/system/stub/tests.sh (+2/-2)
bin/tests/system/synthfromdnssec/ns1/dnamed.db.in (+2/-1)
bin/tests/system/synthfromdnssec/ns1/named.conf.in (+1/-1)
bin/tests/system/synthfromdnssec/ns1/root.db.in (+1/-0)
bin/tests/system/synthfromdnssec/ns1/sign.sh (+5/-5)
bin/tests/system/synthfromdnssec/ns2/example.internal.db (+16/-0)
bin/tests/system/synthfromdnssec/ns2/named.conf.in (+11/-1)
bin/tests/system/synthfromdnssec/ns3/named.conf.in (+1/-1)
bin/tests/system/synthfromdnssec/ns4/named.conf.in (+1/-2)
bin/tests/system/synthfromdnssec/ns5/internal2.db (+17/-0)
bin/tests/system/synthfromdnssec/ns5/named.conf.in (+13/-1)
bin/tests/system/synthfromdnssec/ns6/named.conf.in (+1/-1)
bin/tests/system/synthfromdnssec/tests.sh (+49/-1)
bin/tests/system/tcp/ans6/ans.py (+25/-24)
bin/tests/system/tcp/ns1/named.conf.in (+1/-1)
bin/tests/system/tcp/ns2/named.conf.in (+1/-1)
bin/tests/system/tcp/ns3/named.conf.in (+1/-1)
bin/tests/system/tcp/ns4/named.conf.in (+1/-1)
bin/tests/system/tcp/ns5/named.conf.in (+1/-1)
bin/tests/system/tcp/ns7/named.conf.in (+1/-1)
bin/tests/system/tcp/ns7/named.dropedns (+1/-0)
bin/tests/system/tcp/tests_tcp.py (+46/-20)
bin/tests/system/testcrypto.sh (+67/-45)
bin/tests/system/testsock.pl (+12/-1)
bin/tests/system/timeouts/tests_tcp_timeouts.py (+69/-86)
bin/tests/system/tkey/keycreate.c (+3/-3)
bin/tests/system/tkey/keydelete.c (+3/-3)
bin/tests/system/tkey/ns1/named.conf.in (+1/-1)
bin/tests/system/tsiggss/ns1/named.conf.in (+1/-1)
bin/tests/system/tsiggss/tests.sh (+1/-1)
bin/tests/system/ttl/ns1/named.conf.in (+1/-1)
bin/tests/system/ttl/ns2/named.conf.in (+1/-1)
bin/tests/system/unknown/ns3/sign.sh (+2/-2)
bin/tests/system/unknown/setup.sh (+2/-0)
bin/tests/system/unknown/tests.sh (+4/-4)
bin/tests/system/upforwd/clean.sh (+2/-0)
bin/tests/system/upforwd/ns3/named1.conf.in (+12/-5)
bin/tests/system/upforwd/ns3/named2.conf.in (+20/-10)
bin/tests/system/upforwd/setup.sh (+2/-2)
bin/tests/system/upforwd/tests.sh (+39/-0)
bin/tests/system/verify/clean.sh (+2/-0)
bin/tests/system/verify/tests.sh (+2/-0)
bin/tests/system/verify/zones/genzones.sh (+56/-53)
bin/tests/system/views/ns2/named1.conf.in (+1/-1)
bin/tests/system/views/ns2/named2.conf.in (+1/-1)
bin/tests/system/views/ns2/named3.conf.in (+1/-1)
bin/tests/system/views/ns3/named1.conf.in (+1/-1)
bin/tests/system/views/ns3/named2.conf.in (+1/-1)
bin/tests/system/views/ns5/named.conf.in (+1/-1)
bin/tests/system/views/setup.sh (+6/-6)
bin/tests/system/wildcard/ns1/sign.sh (+10/-10)
bin/tests/system/wildcard/tests.sh (+1/-1)
bin/tests/system/wildcard/tests_wildcard.py (+24/-16)
bin/tests/system/xfer/clean.sh (+2/-1)
bin/tests/system/xfer/dig3.good (+6/-0)
bin/tests/system/xfer/ns1/dot-fallback.db.in (+19/-0)
bin/tests/system/xfer/ns1/named.conf.in (+5/-0)
bin/tests/system/xfer/ns2/named.conf.in (+10/-1)
bin/tests/system/xfer/ns3/named.conf.in (+1/-1)
bin/tests/system/xfer/ns4/named.conf.base (+1/-1)
bin/tests/system/xfer/prereq.sh (+26/-0)
bin/tests/system/xfer/setup.sh (+2/-0)
bin/tests/system/xfer/tests.sh (+18/-7)
bin/tests/system/xferquota/ns1/named.conf.in (+1/-1)
bin/tests/system/zero/clean.sh (+2/-0)
bin/tests/system/zero/setup.sh (+2/-0)
bin/tests/system/zero/tests.sh (+13/-13)
bin/tests/system/zonechecks/ns1/named.conf.in (+1/-1)
bin/tests/system/zonechecks/ns2/named.conf.in (+1/-1)
bin/tests/system/zonechecks/setup.sh (+2/-2)
bin/tests/test_client.c (+5/-5)
bin/tests/test_server.c (+4/-5)
bin/tests/wire_test.c (+3/-3)
bin/tools/Makefile.am (+1/-1)
bin/tools/Makefile.in (+19/-13)
bin/tools/arpaname.rst (+3/-1)
bin/tools/dnstap-read.c (+3/-3)
bin/tools/dnstap-read.rst (+13/-7)
bin/tools/mdig.c (+26/-37)
bin/tools/mdig.rst (+128/-75)
bin/tools/named-journalprint.rst (+9/-7)
bin/tools/named-nzd2nzf.rst (+6/-3)
bin/tools/named-rrchecker.c (+2/-2)
bin/tools/named-rrchecker.rst (+14/-7)
bin/tools/nsec3hash.c (+1/-1)
bin/tools/nsec3hash.rst (+13/-6)
config.h.in (+18/-3)
configure (+1444/-134)
configure.ac (+44/-37)
contrib/dlz/example/Makefile (+1/-1)
contrib/dlz/example/dlz_example.c (+2/-1)
contrib/dlz/modules/bdbhpt/Makefile (+1/-1)
contrib/dlz/modules/bdbhpt/dlz_bdbhpt_dynamic.c (+4/-2)
contrib/dlz/modules/filesystem/Makefile (+1/-1)
contrib/dlz/modules/filesystem/dlz_filesystem_dynamic.c (+12/-6)
contrib/dlz/modules/include/dlz_dbi.h (+1/-1)
contrib/dlz/modules/include/dlz_list.h (+14/-0)
contrib/dlz/modules/include/dlz_minimal.h (+25/-6)
contrib/dlz/modules/ldap/Makefile (+1/-1)
contrib/dlz/modules/ldap/dlz_ldap_dynamic.c (+3/-0)
contrib/dlz/modules/mysql/Makefile (+2/-2)
contrib/dlz/modules/mysql/dlz_mysql_dynamic.c (+11/-9)
contrib/dlz/modules/mysqldyn/Makefile (+2/-2)
contrib/dlz/modules/mysqldyn/dlz_mysqldyn_mod.c (+11/-7)
contrib/dlz/modules/perl/Makefile (+4/-0)
contrib/dlz/modules/perl/dlz_perl_driver.c (+20/-15)
contrib/dlz/modules/sqlite3/Makefile (+1/-1)
contrib/dlz/modules/sqlite3/dlz_sqlite3_dynamic.c (+49/-48)
contrib/dlz/modules/wildcard/Makefile (+1/-1)
contrib/dlz/modules/wildcard/dlz_wildcard_dynamic.c (+14/-12)
debian/bind9-doc.docs (+0/-1)
debian/changelog (+62/-0)
debian/tests/control (+6/-0)
debian/tests/zonetest (+49/-0)
dev/null (+0/-79)
doc/Makefile.in (+12/-3)
doc/arm/Makefile.am (+68/-38)
doc/arm/Makefile.in (+83/-52)
doc/arm/_ext/iscconf.py (+605/-0)
doc/arm/_ext/mergegrammar.py (+63/-0)
doc/arm/_ext/namedconf.py (+35/-0)
doc/arm/_ext/rndcconf.py (+36/-0)
doc/arm/_static/custom.css (+25/-0)
doc/arm/advanced.inc.rst (+37/-460)
doc/arm/build.inc.rst (+7/-5)
doc/arm/catz.inc.rst (+115/-62)
doc/arm/chapter1.rst (+3/-6)
doc/arm/chapter10.rst (+1/-3)
doc/arm/chapter2.rst (+2/-5)
doc/arm/chapter3.rst (+5/-6)
doc/arm/chapter4.rst (+2/-5)
doc/arm/chapter5.rst (+3/-6)
doc/arm/chapter6.rst (+5/-7)
doc/arm/chapter7.rst (+4/-6)
doc/arm/chapter9.rst (+1/-4)
doc/arm/conf.py (+62/-66)
doc/arm/config-auth.inc.rst (+268/-0)
doc/arm/config-intro.inc.rst (+205/-0)
doc/arm/config-resolve.inc.rst (+566/-0)
doc/arm/dlz.inc.rst (+18/-9)
doc/arm/dns-ops.inc.rst (+243/-0)
doc/arm/dnssec-guide.rst (+2/-0)
doc/arm/dnssec.inc.rst (+520/-0)
doc/arm/dyndb.inc.rst (+7/-4)
doc/arm/general.rst (+3/-3)
doc/arm/index.rst (+10/-7)
doc/arm/intro-dns-bind.inc.rst (+197/-0)
doc/arm/intro-security.inc.rst (+76/-0)
doc/arm/introduction.inc.rst (+100/-0)
doc/arm/logging-categories.inc.rst (+7/-7)
doc/arm/managed-keys.inc.rst (+10/-10)
doc/arm/manpages.rst (+2/-2)
doc/arm/notes.rst (+17/-6)
doc/arm/pkcs11.inc.rst (+16/-16)
doc/arm/platforms.inc.rst (+31/-22)
doc/arm/plugins.inc.rst (+14/-11)
doc/arm/reference.rst (+3751/-2763)
doc/arm/requirements.inc.rst (+4/-6)
doc/arm/requirements.txt (+5/-0)
doc/arm/rpz.inc.rst (+786/-0)
doc/arm/security.inc.rst (+28/-22)
doc/arm/sig0.inc.rst (+16/-6)
doc/arm/tkey.inc.rst (+40/-0)
doc/arm/troubleshooting.inc.rst (+10/-11)
doc/arm/tsig.inc.rst (+165/-0)
doc/arm/zones.inc.rst (+500/-0)
doc/dnssec-guide/advanced-discussions.rst (+150/-132)
doc/dnssec-guide/commonly-asked-questions.rst (+51/-48)
doc/dnssec-guide/getting-started.rst (+30/-120)
doc/dnssec-guide/introduction.rst (+5/-5)
doc/dnssec-guide/recipes.rst (+110/-143)
doc/dnssec-guide/signing.rst (+167/-314)
doc/dnssec-guide/troubleshooting.rst (+23/-21)
doc/dnssec-guide/validation.rst (+32/-34)
doc/man/Makefile.am (+3/-0)
doc/man/Makefile.in (+18/-14)
doc/man/arpaname.1in (+1/-1)
doc/man/conf.py (+143/-50)
doc/man/ddns-confgen.8in (+37/-34)
doc/man/ddns-confgen.rst (+1/-1)
doc/man/delv.1in (+123/-57)
doc/man/dig.1in (+378/-153)
doc/man/dnssec-cds.1in (+52/-30)
doc/man/dnssec-dsfromkey.1in (+52/-28)
doc/man/dnssec-importkey.1in (+48/-22)
doc/man/dnssec-keyfromlabel.1in (+108/-52)
doc/man/dnssec-keygen.1in (+124/-57)
doc/man/dnssec-revoke.1in (+24/-10)
doc/man/dnssec-settime.1in (+99/-46)
doc/man/dnssec-signzone.1in (+161/-59)
doc/man/dnssec-verify.1in (+32/-14)
doc/man/dnstap-read.1in (+13/-7)
doc/man/filter-a.8in (+3/-3)
doc/man/filter-aaaa.8in (+5/-5)
doc/man/host.1in (+80/-42)
doc/man/mdig.1in (+159/-64)
doc/man/named-checkconf.1in (+44/-24)
doc/man/named-checkzone.1in (+100/-61)
doc/man/named-compilezone.1in (+106/-65)
doc/man/named-compilezone.rst (+1/-1)
doc/man/named-journalprint.1in (+6/-6)
doc/man/named-nzd2nzf.1in (+3/-3)
doc/man/named-rrchecker.1in (+15/-7)
doc/man/named.8in (+90/-42)
doc/man/named.conf.5in (+834/-1138)
doc/man/nsec3hash.1in (+14/-6)
doc/man/nslookup.1in (+5/-5)
doc/man/nsupdate.1in (+90/-38)
doc/man/rndc-confgen.8in (+57/-37)
doc/man/rndc.8in (+238/-128)
doc/man/rndc.conf.5in (+14/-14)
doc/man/tsig-keygen.8in (+12/-55)
doc/misc/Makefile.am (+20/-126)
doc/misc/Makefile.in (+40/-148)
doc/misc/cfg_test.c (+4/-2)
doc/misc/checkgrammar.py (+167/-0)
doc/misc/forward.zoneopt (+1/-1)
doc/misc/mirror.zoneopt (+9/-9)
doc/misc/options (+555/-719)
doc/misc/parsegrammar.py (+194/-0)
doc/misc/primary.zoneopt (+12/-11)
doc/misc/redirect.zoneopt (+1/-1)
doc/misc/rndc.grammar (+21/-0)
doc/misc/secondary.zoneopt (+15/-14)
doc/misc/static-stub.zoneopt (+1/-1)
doc/misc/stub.zoneopt (+5/-5)
doc/notes/notes-9.18.0.rst (+32/-29)
doc/notes/notes-9.18.1.rst (+18/-11)
doc/notes/notes-9.18.10.rst (+80/-0)
doc/notes/notes-9.18.11.rst (+112/-0)
doc/notes/notes-9.18.12.rst (+54/-0)
doc/notes/notes-9.18.2.rst (+53/-0)
doc/notes/notes-9.18.3.rst (+73/-0)
doc/notes/notes-9.18.4.rst (+44/-0)
doc/notes/notes-9.18.5.rst (+59/-0)
doc/notes/notes-9.18.6.rst (+62/-0)
doc/notes/notes-9.18.7.rst (+80/-0)
doc/notes/notes-9.18.8.rst (+68/-0)
doc/notes/notes-9.18.9.rst (+61/-0)
doc/notes/notes-known-issues.rst (+51/-0)
fuzz/Makefile.am (+5/-0)
fuzz/Makefile.in (+45/-14)
fuzz/dns_message_checksig.c (+542/-0)
fuzz/main.c (+11/-2)
lib/Makefile.in (+15/-9)
lib/bind9/Makefile.in (+13/-4)
lib/bind9/check.c (+161/-109)
lib/bind9/getaddresses.c (+3/-2)
lib/dns/Makefile.am (+3/-8)
lib/dns/Makefile.in (+58/-164)
lib/dns/acl.c (+50/-20)
lib/dns/adb.c (+172/-128)
lib/dns/badcache.c (+2/-1)
lib/dns/byaddr.c (+3/-2)
lib/dns/cache.c (+10/-16)
lib/dns/catz.c (+549/-150)
lib/dns/client.c (+7/-5)
lib/dns/compress.c (+5/-3)
lib/dns/db.c (+18/-5)
lib/dns/diff.c (+21/-15)
lib/dns/dispatch.c (+916/-677)
lib/dns/dlz.c (+1/-1)
lib/dns/dns64.c (+2/-2)
lib/dns/dnsrps.c (+8/-5)
lib/dns/dnssec.c (+72/-42)
lib/dns/dnstap.c (+15/-11)
lib/dns/ds.c (+1/-2)
lib/dns/dst_api.c (+66/-2)
lib/dns/dst_internal.h (+1/-0)
lib/dns/dst_parse.c (+2/-1)
lib/dns/ecs.c (+3/-3)
lib/dns/forward.c (+17/-25)
lib/dns/gen.c (+65/-13)
lib/dns/gssapi_link.c (+2/-7)
lib/dns/gssapictx.c (+1/-1)
lib/dns/hmac_link.c (+22/-24)
lib/dns/include/dns/acl.h (+21/-11)
lib/dns/include/dns/adb.h (+1/-2)
lib/dns/include/dns/callbacks.h (+1/-1)
lib/dns/include/dns/catz.h (+5/-8)
lib/dns/include/dns/clientinfo.h (+3/-3)
lib/dns/include/dns/db.h (+30/-20)
lib/dns/include/dns/dbiterator.h (+1/-1)
lib/dns/include/dns/diff.h (+2/-2)
lib/dns/include/dns/dispatch.h (+39/-52)
lib/dns/include/dns/dlz.h (+15/-15)
lib/dns/include/dns/dlz_dlopen.h (+1/-1)
lib/dns/include/dns/dns64.h (+2/-2)
lib/dns/include/dns/dnsrps.h (+2/-2)
lib/dns/include/dns/dnssec.h (+6/-3)
lib/dns/include/dns/dyndb.h (+6/-6)
lib/dns/include/dns/forward.h (+5/-3)
lib/dns/include/dns/geoip.h (+2/-2)
lib/dns/include/dns/ipkeylist.h (+5/-6)
lib/dns/include/dns/iptable.h (+1/-1)
lib/dns/include/dns/kasp.h (+13/-13)
lib/dns/include/dns/keytable.h (+6/-2)
lib/dns/include/dns/librpz.h (+50/-50)
lib/dns/include/dns/log.h (+1/-1)
lib/dns/include/dns/lookup.h (+2/-2)
lib/dns/include/dns/masterdump.h (+5/-5)
lib/dns/include/dns/message.h (+13/-7)
lib/dns/include/dns/name.h (+3/-8)
lib/dns/include/dns/nsec.h (+6/-1)
lib/dns/include/dns/nsec3.h (+3/-3)
lib/dns/include/dns/nta.h (+2/-2)
lib/dns/include/dns/peer.h (+1/-19)
lib/dns/include/dns/rbt.h (+3/-3)
lib/dns/include/dns/rdata.h (+1/-1)
lib/dns/include/dns/rdatalist.h (+1/-1)
lib/dns/include/dns/rdataset.h (+16/-11)
lib/dns/include/dns/rdatasetiter.h (+5/-4)
lib/dns/include/dns/request.h (+9/-46)
lib/dns/include/dns/resolver.h (+9/-26)
lib/dns/include/dns/rpz.h (+18/-18)
lib/dns/include/dns/rriterator.h (+4/-4)
lib/dns/include/dns/rrl.h (+2/-2)
lib/dns/include/dns/sdb.h (+4/-4)
lib/dns/include/dns/sdlz.h (+4/-4)
lib/dns/include/dns/ssu.h (+1/-1)
lib/dns/include/dns/tkey.h (+4/-4)
lib/dns/include/dns/transport.h (+5/-4)
lib/dns/include/dns/tsig.h (+5/-5)
lib/dns/include/dns/types.h (+1/-0)
lib/dns/include/dns/validator.h (+11/-11)
lib/dns/include/dns/view.h (+73/-35)
lib/dns/include/dns/xfrin.h (+3/-4)
lib/dns/include/dns/zone.h (+23/-138)
lib/dns/include/dns/zt.h (+2/-1)
lib/dns/include/dst/dst.h (+57/-26)
lib/dns/ipkeylist.c (+0/-24)
lib/dns/journal.c (+26/-18)
lib/dns/kasp.c (+6/-24)
lib/dns/key.c (+4/-2)
lib/dns/keymgr.c (+63/-23)
lib/dns/keytable.c (+18/-5)
lib/dns/lookup.c (+1/-1)
lib/dns/master.c (+77/-52)
lib/dns/masterdump.c (+36/-28)
lib/dns/message.c (+74/-45)
lib/dns/name.c (+154/-185)
lib/dns/ncache.c (+6/-3)
lib/dns/nsec.c (+35/-5)
lib/dns/nsec3.c (+17/-9)
lib/dns/nta.c (+5/-2)
lib/dns/openssl_link.c (+10/-2)
lib/dns/openssldh_link.c (+94/-81)
lib/dns/opensslecdsa_link.c (+69/-120)
lib/dns/openssleddsa_link.c (+10/-5)
lib/dns/opensslrsa_link.c (+326/-103)
lib/dns/order.c (+3/-2)
lib/dns/peer.c (+10/-81)
lib/dns/private.c (+12/-6)
lib/dns/rbt.c (+38/-32)
lib/dns/rbtdb.c (+312/-288)
lib/dns/rcode.c (+2/-1)
lib/dns/rdata.c (+30/-22)
lib/dns/rdata/any_255/tsig_250.c (+15/-14)
lib/dns/rdata/ch_3/a_1.c (+13/-13)
lib/dns/rdata/generic/afsdb_18.c (+13/-13)
lib/dns/rdata/generic/amtrelay_260.c (+17/-18)
lib/dns/rdata/generic/avc_258.c (+13/-13)
lib/dns/rdata/generic/caa_257.c (+15/-14)
lib/dns/rdata/generic/cdnskey_60.c (+13/-13)
lib/dns/rdata/generic/cds_59.c (+13/-13)
lib/dns/rdata/generic/cert_37.c (+13/-13)
lib/dns/rdata/generic/cname_5.c (+13/-13)
lib/dns/rdata/generic/csync_62.c (+13/-13)
lib/dns/rdata/generic/dlv_32769.c (+13/-13)
lib/dns/rdata/generic/dname_39.c (+13/-13)
lib/dns/rdata/generic/dnskey_48.c (+13/-13)
lib/dns/rdata/generic/doa_259.c (+13/-13)
lib/dns/rdata/generic/ds_43.c (+18/-18)
lib/dns/rdata/generic/eui48_108.c (+13/-13)
lib/dns/rdata/generic/eui64_109.c (+13/-13)
lib/dns/rdata/generic/gpos_27.c (+15/-14)
lib/dns/rdata/generic/hinfo_13.c (+13/-13)
lib/dns/rdata/generic/hip_55.c (+16/-14)
lib/dns/rdata/generic/ipseckey_45.c (+13/-13)
lib/dns/rdata/generic/isdn_20.c (+15/-14)
lib/dns/rdata/generic/key_25.c (+22/-21)
lib/dns/rdata/generic/keydata_65533.c (+13/-13)
lib/dns/rdata/generic/l32_105.c (+13/-13)
lib/dns/rdata/generic/l64_106.c (+13/-13)
lib/dns/rdata/generic/loc_29.c (+32/-29)
lib/dns/rdata/generic/lp_107.c (+13/-13)
lib/dns/rdata/generic/mb_7.c (+13/-13)
lib/dns/rdata/generic/md_3.c (+13/-13)
lib/dns/rdata/generic/mf_4.c (+13/-13)
lib/dns/rdata/generic/mg_8.c (+13/-13)
lib/dns/rdata/generic/minfo_14.c (+13/-13)
lib/dns/rdata/generic/mr_9.c (+13/-13)
lib/dns/rdata/generic/mx_15.c (+13/-13)
lib/dns/rdata/generic/naptr_35.c (+14/-14)
lib/dns/rdata/generic/nid_104.c (+13/-13)
lib/dns/rdata/generic/ninfo_56.c (+13/-13)
lib/dns/rdata/generic/ns_2.c (+13/-13)
lib/dns/rdata/generic/nsec3_50.c (+13/-13)
lib/dns/rdata/generic/nsec3param_51.c (+13/-13)
lib/dns/rdata/generic/nsec_47.c (+13/-13)
lib/dns/rdata/generic/null_10.c (+13/-13)
lib/dns/rdata/generic/nxt_30.c (+13/-13)
lib/dns/rdata/generic/openpgpkey_61.c (+13/-13)
lib/dns/rdata/generic/opt_41.c (+14/-14)
lib/dns/rdata/generic/proforma.c (+13/-13)
lib/dns/rdata/generic/ptr_12.c (+13/-13)
lib/dns/rdata/generic/rkey_57.c (+13/-13)
lib/dns/rdata/generic/rp_17.c (+13/-13)
lib/dns/rdata/generic/rrsig_46.c (+14/-14)
lib/dns/rdata/generic/rt_21.c (+13/-13)
lib/dns/rdata/generic/sig_24.c (+14/-14)
lib/dns/rdata/generic/sink_40.c (+13/-13)
lib/dns/rdata/generic/smimea_53.c (+13/-13)
lib/dns/rdata/generic/soa_6.c (+13/-13)
lib/dns/rdata/generic/spf_99.c (+13/-13)
lib/dns/rdata/generic/sshfp_44.c (+13/-13)
lib/dns/rdata/generic/ta_32768.c (+13/-13)
lib/dns/rdata/generic/talink_58.c (+13/-13)
lib/dns/rdata/generic/tkey_249.c (+15/-14)
lib/dns/rdata/generic/tlsa_52.c (+19/-19)
lib/dns/rdata/generic/txt_16.c (+21/-20)
lib/dns/rdata/generic/uri_256.c (+13/-13)
lib/dns/rdata/generic/x25_19.c (+13/-13)
lib/dns/rdata/generic/zonemd_63.c (+13/-13)
lib/dns/rdata/hs_4/a_1.c (+13/-13)
lib/dns/rdata/in_1/a6_38.c (+13/-13)
lib/dns/rdata/in_1/a_1.c (+15/-14)
lib/dns/rdata/in_1/aaaa_28.c (+15/-14)
lib/dns/rdata/in_1/apl_42.c (+13/-13)
lib/dns/rdata/in_1/atma_34.c (+13/-13)
lib/dns/rdata/in_1/dhcid_49.c (+13/-13)
lib/dns/rdata/in_1/eid_31.c (+13/-13)
lib/dns/rdata/in_1/https_65.c (+13/-13)
lib/dns/rdata/in_1/kx_36.c (+13/-13)
lib/dns/rdata/in_1/nimloc_32.c (+13/-13)
lib/dns/rdata/in_1/nsap-ptr_23.c (+13/-13)
lib/dns/rdata/in_1/nsap_22.c (+13/-13)
lib/dns/rdata/in_1/px_26.c (+13/-13)
lib/dns/rdata/in_1/srv_33.c (+13/-13)
lib/dns/rdata/in_1/svcb_64.c (+82/-35)
lib/dns/rdata/in_1/wks_11.c (+13/-13)
lib/dns/rdatalist.c (+12/-6)
lib/dns/rdataset.c (+3/-2)
lib/dns/rdataslab.c (+4/-3)
lib/dns/request.c (+89/-95)
lib/dns/resolver.c (+588/-478)
lib/dns/rootns.c (+6/-4)
lib/dns/rpz.c (+36/-52)
lib/dns/rriterator.c (+2/-2)
lib/dns/rrl.c (+70/-51)
lib/dns/sdb.c (+11/-7)
lib/dns/sdlz.c (+15/-9)
lib/dns/soa.c (+2/-2)
lib/dns/ssu.c (+31/-19)
lib/dns/stats.c (+12/-7)
lib/dns/tkey.c (+17/-1)
lib/dns/transport.c (+12/-12)
lib/dns/tsec.c (+3/-6)
lib/dns/tsig.c (+30/-22)
lib/dns/update.c (+26/-25)
lib/dns/validator.c (+39/-25)
lib/dns/view.c (+107/-16)
lib/dns/xfrin.c (+248/-111)
lib/dns/zone.c (+885/-924)
lib/dns/zonekey.c (+2/-1)
lib/dns/zoneverify.c (+33/-57)
lib/dns/zt.c (+21/-13)
lib/irs/Makefile.am (+0/-4)
lib/irs/Makefile.in (+51/-159)
lib/isc/Makefile.am (+2/-8)
lib/isc/Makefile.in (+106/-225)
lib/isc/app.c (+25/-45)
lib/isc/assertions.c (+0/-2)
lib/isc/base32.c (+3/-3)
lib/isc/base64.c (+3/-3)
lib/isc/buffer.c (+0/-298)
lib/isc/condition.c (+1/-5)
lib/isc/entropy.c (+1/-1)
lib/isc/error.c (+15/-18)
lib/isc/file.c (+2/-1)
lib/isc/heap.c (+7/-12)
lib/isc/hex.c (+3/-3)
lib/isc/ht.c (+371/-140)
lib/isc/httpd.c (+477/-593)
lib/isc/include/isc/assertions.h (+6/-2)
lib/isc/include/isc/atomic.h (+6/-0)
lib/isc/include/isc/attributes.h (+5/-3)
lib/isc/include/isc/barrier.h (+1/-1)
lib/isc/include/isc/buffer.h (+547/-587)
lib/isc/include/isc/condition.h (+3/-8)
lib/isc/include/isc/dir.h (+1/-1)
lib/isc/include/isc/error.h (+7/-13)
lib/isc/include/isc/glob.h (+2/-2)
lib/isc/include/isc/heap.h (+2/-6)
lib/isc/include/isc/ht.h (+22/-15)
lib/isc/include/isc/httpd.h (+18/-17)
lib/isc/include/isc/lex.h (+1/-1)
lib/isc/include/isc/list.h (+37/-8)
lib/isc/include/isc/log.h (+2/-2)
lib/isc/include/isc/mutex.h (+10/-4)
lib/isc/include/isc/net.h (+0/-14)
lib/isc/include/isc/netmgr.h (+91/-6)
lib/isc/include/isc/quota.h (+1/-1)
lib/isc/include/isc/radix.h (+7/-7)
lib/isc/include/isc/refcount.h (+92/-0)
lib/isc/include/isc/region.h (+1/-1)
lib/isc/include/isc/result.h (+4/-1)
lib/isc/include/isc/stdatomic.h (+0/-2)
lib/isc/include/isc/string.h (+5/-0)
lib/isc/include/isc/symtab.h (+1/-1)
lib/isc/include/isc/task.h (+17/-48)
lib/isc/include/isc/thread.h (+2/-2)
lib/isc/include/isc/time.h (+9/-0)
lib/isc/include/isc/timer.h (+12/-24)
lib/isc/include/isc/tls.h (+308/-17)
lib/isc/include/isc/types.h (+6/-17)
lib/isc/include/isc/url.h (+1/-0)
lib/isc/include/isc/util.h (+57/-22)
lib/isc/interfaceiter.c (+2/-4)
lib/isc/iterated_hash.c (+86/-28)
lib/isc/jemalloc_shim.h (+8/-0)
lib/isc/lex.c (+41/-24)
lib/isc/log.c (+22/-13)
lib/isc/managers.c (+2/-14)
lib/isc/mem.c (+30/-28)
lib/isc/mutex.c (+4/-13)
lib/isc/net.c (+4/-366)
lib/isc/netaddr.c (+3/-3)
lib/isc/netmgr/http.c (+208/-64)
lib/isc/netmgr/netmgr-int.h (+235/-46)
lib/isc/netmgr/netmgr.c (+529/-241)
lib/isc/netmgr/tcp.c (+113/-122)
lib/isc/netmgr/tcpdns.c (+115/-104)
lib/isc/netmgr/timer.c (+3/-1)
lib/isc/netmgr/tlsdns.c (+358/-173)
lib/isc/netmgr/tlsstream.c (+360/-83)
lib/isc/netmgr/udp.c (+61/-78)
lib/isc/netmgr/uv-compat.h (+17/-0)
lib/isc/netmgr/uverr2result.c (+0/-1)
lib/isc/openssl_shim.c (+27/-0)
lib/isc/openssl_shim.h (+15/-0)
lib/isc/os.c (+1/-1)
lib/isc/picohttpparser.c (+727/-0)
lib/isc/picohttpparser.h (+100/-0)
lib/isc/portset.c (+3/-3)
lib/isc/quota.c (+4/-1)
lib/isc/radix.c (+4/-2)
lib/isc/random.c (+2/-2)
lib/isc/ratelimiter.c (+7/-2)
lib/isc/result.c (+6/-0)
lib/isc/rwlock.c (+12/-11)
lib/isc/siphash.c (+20/-16)
lib/isc/sockaddr.c (+6/-9)
lib/isc/stdtime.c (+3/-8)
lib/isc/string.c (+28/-0)
lib/isc/symtab.c (+1/-1)
lib/isc/task.c (+38/-41)
lib/isc/thread.c (+4/-12)
lib/isc/time.c (+35/-45)
lib/isc/timer.c (+83/-80)
lib/isc/tls.c (+601/-38)
lib/isc/tm.c (+2/-2)
lib/isc/trampoline.c (+42/-40)
lib/isc/url.c (+8/-8)
lib/isc/utf8.c (+2/-1)
lib/isccc/Makefile.am (+1/-0)
lib/isccc/Makefile.in (+14/-4)
lib/isccc/alist.c (+2/-1)
lib/isccc/cc.c (+4/-2)
lib/isccc/include/isccc/cc.h (+11/-8)
lib/isccc/include/isccc/ccmsg.h (+2/-2)
lib/isccc/include/isccc/sexpr.h (+1/-1)
lib/isccc/include/isccc/symtab.h (+3/-3)
lib/isccc/sexpr.c (+1/-2)
lib/isccc/symtab.c (+10/-6)
lib/isccfg/Makefile.am (+2/-4)
lib/isccfg/Makefile.in (+67/-162)
lib/isccfg/aclconf.c (+25/-15)
lib/isccfg/duration.c (+239/-0)
lib/isccfg/include/isccfg/cfg.h (+4/-18)
lib/isccfg/include/isccfg/duration.h (+87/-0)
lib/isccfg/include/isccfg/grammar.h (+18/-41)
lib/isccfg/include/isccfg/kaspconf.h (+8/-9)
lib/isccfg/kaspconf.c (+234/-48)
lib/isccfg/namedconf.c (+68/-67)
lib/isccfg/parser.c (+58/-219)
lib/ns/Makefile.am (+1/-5)
lib/ns/Makefile.in (+47/-155)
lib/ns/client.c (+81/-92)
lib/ns/hooks.c (+2/-1)
lib/ns/include/ns/client.h (+19/-19)
lib/ns/include/ns/hooks.h (+2/-2)
lib/ns/include/ns/interfacemgr.h (+5/-5)
lib/ns/include/ns/listenlist.h (+13/-14)
lib/ns/include/ns/log.h (+1/-1)
lib/ns/include/ns/query.h (+24/-23)
lib/ns/include/ns/server.h (+16/-4)
lib/ns/include/ns/sortlist.h (+4/-4)
lib/ns/include/ns/stats.h (+3/-1)
lib/ns/interfacemgr.c (+247/-234)
lib/ns/listenlist.c (+94/-25)
lib/ns/query.c (+401/-209)
lib/ns/server.c (+15/-0)
lib/ns/sortlist.c (+61/-45)
lib/ns/update.c (+371/-311)
lib/ns/xfrout.c (+9/-8)
m4/ax_check_link_flag.m4 (+55/-0)
m4/ax_prog_cc_for_build.m4 (+157/-0)
srcid (+1/-1)
tests/Makefile.am (+16/-0)
tests/Makefile.in (+808/-0)
tests/dns/Krsa.+008+29238.key (+1/-1)
tests/dns/Makefile.am (+16/-9)
tests/dns/Makefile.in (+178/-177)
tests/dns/acl_test.c (+12/-52)
tests/dns/db_test.c (+26/-83)
tests/dns/dbdiff_test.c (+19/-61)
tests/dns/dbiterator_test.c (+41/-96)
tests/dns/dbversion_test.c (+33/-72)
tests/dns/dh_test.c (+94/-0)
tests/dns/dispatch_test.c (+34/-87)
tests/dns/dns64_test.c (+7/-24)
tests/dns/dnstap_test.c (+49/-94)
tests/dns/dst_test.c (+40/-61)
tests/dns/geoip_test.c (+27/-59)
tests/dns/keytable_test.c (+68/-99)
tests/dns/master_test.c (+67/-138)
tests/dns/name_test.c (+37/-102)
tests/dns/nsec3_test.c (+13/-55)
tests/dns/nsec3param_test.c (+11/-50)
tests/dns/private_test.c (+20/-42)
tests/dns/rbt_test.c (+57/-146)
tests/dns/rbtdb_test.c (+15/-49)
tests/dns/rdata_test.c (+90/-222)
tests/dns/rdataset_test.c (+107/-0)
tests/dns/rdatasetstats_test.c (+9/-56)
tests/dns/resolver_test.c (+21/-51)
tests/dns/rsa_test.c (+36/-48)
tests/dns/sigs_test.c (+36/-52)
tests/dns/testdata/dbiterator/zone1.data (+30/-0)
tests/dns/testdata/dnstap/response.auth (+19/-0)
tests/dns/testdata/dnstap/response.recursive (+19/-0)
tests/dns/testdata/dst/Ktest.+008+11349.private (+13/-0)
tests/dns/testdata/master/master10.data (+7/-0)
tests/dns/testdata/master/master14.data.in (+1/-0)
tests/dns/testdata/master/master18.data.in (+2/-2)
tests/dns/testdata/master/master6.data (+33/-0)
tests/dns/testdata/master/master7.data (+17/-0)
tests/dns/testdata/master/master8.data (+4/-0)
tests/dns/testdata/master/master9.data (+4/-0)
tests/dns/testdata/nsec3/1024.db (+16/-0)
tests/dns/testdata/nsec3/2048.db (+16/-0)
tests/dns/testdata/nsec3/4096.db (+16/-0)
tests/dns/testdata/nsec3/min-1024.db (+20/-0)
tests/dns/testdata/nsec3/min-2048.db (+18/-0)
tests/dns/testdata/nsec3param/nsec3.db.signed (+73/-0)
tests/dns/testdata/zt/zone1.db (+22/-0)
tests/dns/testkeys/Kexample.+008+20386.key (+5/-0)
tests/dns/testkeys/Kexample.+008+20386.private (+13/-0)
tests/dns/testkeys/Kexample.+008+37464.key (+5/-0)
tests/dns/testkeys/Kexample.+008+37464.private (+13/-0)
tests/dns/time_test.c (+169/-0)
tests/dns/tsig_test.c (+49/-77)
tests/dns/update_test.c (+38/-87)
tests/dns/zonemgr_test.c (+21/-63)
tests/dns/zt_test.c (+32/-57)
tests/include/tests/dns.h (+10/-22)
tests/include/tests/isc.h (+119/-0)
tests/include/tests/ns.h (+132/-0)
tests/irs/Makefile.am (+16/-0)
tests/irs/Makefile.in (+24/-16)
tests/irs/resconf_test.c (+181/-0)
tests/irs/testdata/domain.conf (+12/-0)
tests/irs/testdata/nameserver-v4.conf (+12/-0)
tests/irs/testdata/nameserver-v6-scoped.conf (+12/-0)
tests/irs/testdata/nameserver-v6.conf (+12/-0)
tests/irs/testdata/options-attempts.conf (+12/-0)
tests/irs/testdata/options-bad-ndots.conf (+13/-0)
tests/irs/testdata/options-debug.conf (+12/-0)
tests/irs/testdata/options-empty.conf (+13/-0)
tests/irs/testdata/options-ndots.conf (+12/-0)
tests/irs/testdata/options-timeout.conf (+12/-0)
tests/irs/testdata/options-unknown.conf (+12/-0)
tests/irs/testdata/options.conf (+12/-0)
tests/irs/testdata/port.conf (+12/-0)
tests/irs/testdata/resolv.conf (+19/-0)
tests/irs/testdata/search.conf (+12/-0)
tests/irs/testdata/sortlist-v4.conf (+12/-0)
tests/irs/testdata/timeout.conf (+12/-0)
tests/irs/testdata/unknown.conf (+12/-0)
tests/isc/Makefile.am (+115/-0)
tests/isc/Makefile.in (+166/-157)
tests/isc/aes_test.c (+12/-29)
tests/isc/buffer_test.c (+16/-60)
tests/isc/counter_test.c (+67/-0)
tests/isc/crc64_test.c (+83/-0)
tests/isc/doh_test.c (+337/-426)
tests/isc/errno_test.c (+108/-0)
tests/isc/file_test.c (+140/-0)
tests/isc/hash_test.c (+96/-0)
tests/isc/heap_test.c (+78/-0)
tests/isc/hmac_test.c (+40/-72)
tests/isc/ht_test.c (+20/-59)
tests/isc/lex_test.c (+19/-97)
tests/isc/md_test.c (+43/-76)
tests/isc/mem_test.c (+55/-115)
tests/isc/netaddr_test.c (+144/-0)
tests/isc/netmgr_test.c (+292/-493)
tests/isc/parse_test.c (+56/-0)
tests/isc/pool_test.c (+152/-0)
tests/isc/quota_test.c (+22/-40)
tests/isc/radix_test.c (+85/-0)
tests/isc/random_test.c (+54/-160)
tests/isc/regex_test.c (+7/-47)
tests/isc/result_test.c (+63/-0)
tests/isc/safe_test.c (+91/-0)
tests/isc/siphash_test.c (+169/-0)
tests/isc/sockaddr_test.c (+148/-0)
tests/isc/stats_test.c (+103/-0)
tests/isc/symtab_test.c (+134/-0)
tests/isc/task_test.c (+74/-187)
tests/isc/taskpool_test.c (+163/-0)
tests/isc/testdata/file/keep (+0/-0)
tests/isc/time_test.c (+43/-56)
tests/isc/timer_test.c (+38/-69)
tests/isc/uv_wrap.h (+18/-20)
tests/isccfg/Makefile.am (+20/-0)
tests/isccfg/Makefile.in (+28/-18)
tests/isccfg/duration_test.c (+244/-0)
tests/isccfg/parser_test.c (+229/-0)
tests/libtest/Makefile.am (+25/-0)
tests/libtest/Makefile.in (+1156/-0)
tests/libtest/dns.c (+44/-175)
tests/libtest/isc.c (+87/-0)
tests/libtest/ns.c (+78/-392)
tests/ns/Makefile.am (+25/-0)
tests/ns/Makefile.in (+64/-79)
tests/ns/listenlist_test.c (+119/-0)
tests/ns/notify_test.c (+141/-0)
tests/ns/plugin_test.c (+165/-0)
tests/ns/query_test.c (+30/-65)
tests/ns/testdata/notify/notify1.msg (+3/-0)
tests/ns/testdata/notify/zone1.db (+26/-0)
tests/ns/testdata/query/foo.db (+20/-0)
tests/unit-test-driver.sh.in (+60/-0)

CVE References

Revision history for this message
Joshua Rogers (megamansec) wrote :
Yolanda Robla (yolanda.robla)
Changed in bind9 (Ubuntu):
status: New → Confirmed
importance: Undecided → High
Revision history for this message
Joshua Rogers (megamansec) wrote :

Erm, it looks like /usr/bin/dig is actually provided by `dnsutils', not bind9. Strange.

Revision history for this message
Joshua Rogers (megamansec) wrote :

Just an update on this: It is patched in Ubuntu 14.04.1.

I have identified another bug in DiG which is yet to be patched in any versions of bind(I only just reported it now), which affects those that use ipv6.

megamansec@megamansec:~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 14.04.1 LTS
Release: 14.04
Codename: trusty

megamansec@megamansec:~$ dig +time=3 +nssearch +tcp internot.info
;; Connection to 2400:cb00:2049:1::adf5:3b95#53(2400:cb00:2049:1::adf5:3b95) for internot.info failed: network unreachable.
Segmentation fault

megamansec@megamansec:~$ dig +time=3 +nssearch +tcp google.com
SOA ns1.google.com. dns-admin.google.com. 2014101500 7200 1800 1209600 300 from server 216.239.38.10 in 231 ms.
SOA ns1.google.com. dns-admin.google.com. 2014101500 7200 1800 1209600 300 from server 216.239.32.10 in 238 ms.
SOA ns1.google.com. dns-admin.google.com. 2014101500 7200 1800 1209600 300 from server 216.239.36.10 in 239 ms.
SOA ns1.google.com. dns-admin.google.com. 2014101500 7200 1800 1209600 300 from server 216.239.34.10 in 283 ms.

So, perhaps before pushing anything, wait for ISC to fix the most recent bug I identified.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I'm repurposing this bug because dig +nssearch is crashing again in bind9 9.18:

# dig +nssearch isc.org.
SOA ns-int.isc.org. hostmaster.isc.org. 2022031252 7200 3600 24796800 3600 from server 149.20.1.73 in 59 ms.
SOA ns-int.isc.org. hostmaster.isc.org. 2022031252 7200 3600 24796800 3600 from server 199.6.1.52 in 91 ms.
SOA ns-int.isc.org. hostmaster.isc.org. 2022031252 7200 3600 24796800 3600 from server 51.75.79.143 in 159 ms.
SOA ns-int.isc.org. hostmaster.isc.org. 2022031252 7200 3600 24796800 3600 from server 199.254.63.254 in 195 ms.
dighost.c:1651: REQUIRE(targetp != ((void *)0) && *targetp == ((void *)0)) failed, back trace
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(+0x328f3)[0x7fbb937678f3]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc_assertion_failed+0x10)[0x7fbb93766de0]
dig(+0x16f40)[0x55929fb20f40]
dig(+0xee4e)[0x55929fb18e4e]
dig(+0x1002f)[0x55929fb1a02f]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__nm_async_readcb+0xb1)[0x7fbb93755f91]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__nm_readcb+0x9b)[0x7fbb937560cb]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(+0x22645)[0x7fbb93757645]
/lib/x86_64-linux-gnu/libuv.so.1(uv_run+0xce)[0x7fbb932696de]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(+0x261ce)[0x7fbb9375b1ce]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__trampoline_run+0x1a)[0x7fbb9378e1ca]
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7fbb93321b43]
/lib/x86_64-linux-gnu/libc.so.6(+0x126a00)[0x7fbb933b3a00]
Aborted (core dumped)

The example from the original bug report also crashes for me, with in a different place:

# dig +time=3 +nssearch +tcp internot.info
dighost.c:1683: INSIST(query->readhandle == ((void *)0)) failed, back trace
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(+0x328f3)[0x7f60f32508f3]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc_assertion_failed+0x10)[0x7f60f324fde0]
dig(+0x1686e)[0x560ec808b86e]
dig(+0x169b9)[0x560ec808b9b9]
dig(+0xcb87)[0x560ec8081b87]
dig(+0x1152a)[0x560ec808652a]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__nm_async_readcb+0xb1)[0x7f60f323ef91]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__nm_readcb+0x9b)[0x7f60f323f0cb]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__nm_tcpdns_processbuffer+0x11b)[0x7f60f32460db]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__nm_process_sock_buffer+0x25)[0x7f60f323c0f5]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__nm_tcpdns_read_cb+0xbc)[0x7f60f32499dc]
/lib/x86_64-linux-gnu/libuv.so.1(+0x1fe88)[0x7f60f2d63e88]
/lib/x86_64-linux-gnu/libuv.so.1(+0x204d8)[0x7f60f2d644d8]
/lib/x86_64-linux-gnu/libuv.so.1(+0x2511e)[0x7f60f2d6911e]
/lib/x86_64-linux-gnu/libuv.so.1(uv_run+0x678)[0x7f60f2d52c88]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(+0x261ce)[0x7f60f32441ce]
/lib/x86_64-linux-gnu/libisc-9.18.0-2ubuntu3-Ubuntu.so(isc__trampoline_run+0x1a)[0x7f60f32771ca]
/lib/x86_64-linux-gnu/libc.so.6(+0x94b43)[0x7f60f2e0ab43]
/lib/x86_64-linux-gnu/libc.so.6(+0x126a00)[0x7f60f2e9ca00]

There are a few upstream bugs opened about this; I will link them here.

summary: - DiG crashes on +nssearch with +tcp [Outdated in Ubuntu repo]
+ DiG crashes on +nssearch with +tcp in bind9 9.18
Changed in bind9 (Ubuntu):
status: Confirmed → Triaged
Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

I tested on Focal and Bionic; both are OK. This is a Jammy issue.

Revision history for this message
Sergio Durigan Junior (sergiodj) wrote :

Upstream bugs:

https://gitlab.isc.org/isc-projects/bind9/-/issues/3144

https://gitlab.isc.org/isc-projects/bind9/-/issues/3207 (somewhat related; the crash happens at the same place)

Revision history for this message
Lucas Kanashiro (lucaskanashiro) wrote :

It seems that the upstream issues were fixed. We might want to revisit them and see what we can do to apply the fix in Ubuntu.

Revision history for this message
Robin Sheat (eythian) wrote :

Reproducible by:

$ dig +trace -t ANY ubuntu.com

but this possibly deserves its own bug, rather than picking up a 9 year old one.

Lena Voytek (lvoytek)
description: updated
Changed in bind9 (Ubuntu):
status: Triaged → Fix Released
Changed in bind9 (Ubuntu Jammy):
status: Triaged → In Progress
assignee: nobody → Lena Voytek (lvoytek)
Revision history for this message
Steve Langasek (vorlon) wrote : Please test proposed package

Hello Joshua, or anyone else affected,

Accepted bind9 into kinetic-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.12-0ubuntu0.22.10.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-kinetic to verification-done-kinetic. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-kinetic. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind9 (Ubuntu Kinetic):
status: New → Fix Committed
tags: added: verification-needed verification-needed-kinetic
Revision history for this message
Steve Langasek (vorlon) wrote :

Hello Joshua, or anyone else affected,

Accepted bind9 into jammy-proposed. The package will build now and be available at https://launchpad.net/ubuntu/+source/bind9/1:9.18.12-0ubuntu0.22.04.1 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation on how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, what testing has been performed on the package and change the tag from verification-needed-jammy to verification-done-jammy. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed-jammy. In either case, without details of your testing we will not be able to proceed.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance for helping!

N.B. The updated package will be released to -updates after the bug(s) fixed by this package have been verified and the package has been in -proposed for a minimum of 7 days.

Changed in bind9 (Ubuntu Jammy):
status: In Progress → Fix Committed
tags: added: verification-needed-jammy
Revision history for this message
Ubuntu SRU Bot (ubuntu-sru-bot) wrote : Autopkgtest regression report (bind9/1:9.18.12-0ubuntu0.22.10.1)

All autopkgtests for the newly accepted bind9 (1:9.18.12-0ubuntu0.22.10.1) for kinetic have finished running.
The following regressions have been reported in tests triggered by the package:

testssl.sh/3.0.7+dfsg-1 (arm64)

Please visit the excuses page listed below and investigate the failures, proceeding afterwards as per the StableReleaseUpdates policy regarding autopkgtest regressions [1].

https://people.canonical.com/~ubuntu-archive/proposed-migration/kinetic/update_excuses.html#bind9

[1] https://wiki.ubuntu.com/StableReleaseUpdates#Autopkgtest_Regressions

Thank you!

Revision history for this message
Lena Voytek (lvoytek) wrote :

Verified for Jammy and Kinetic:

# lxc launch images:ubuntu/jammy test-bind9
# lxc exec test-bind9

# cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp

;; Connection to 2001:4860:4802:36::a#53(2001:4860:4802:36::a) for google.com failed: timed out.
SOA ns1.google.com. dns-admin.google.com. 518223234 900 900 1800 60 from server 216.239.38.10 in 87 ms.
SOA ns1.google.com. dns-admin.google.com. 518521970 900 900 1800 60 from server 216.239.36.10 in 47 ms.
;; Connection to 2001:4860:4802:34::a#53(2001:4860:4802:34::a) for google.com failed: timed out.
;; Connection to 2001:4860:4802:32::a#53(2001:4860:4802:32::a) for google.com failed: timed out.
SOA ns1.google.com. dns-admin.google.com. 518521970 900 900 1800 60 from server 216.239.32.10 in 31 ms.
SOA ns1.google.com. dns-admin.google.com. 518521970 900 900 1800 60 from server 216.239.34.10 in 35 ms.
;; Connection to 2001:4860:4802:38::a#53(2001:4860:4802:38::a) for google.com failed: timed out.

# lxc launch images:ubuntu/kinetic test-bind9
# lxc exec test-bind9

# cat <<EOF >/etc/apt/sources.list.d/ubuntu-$(lsb_release -cs)-proposed.list
# Enable Ubuntu proposed archive
deb http://archive.ubuntu.com/ubuntu/ $(lsb_release -cs)-proposed restricted main multiverse universe
EOF

# apt update && apt dist-upgrade -y
# apt install dnsutils -y
# dig google.com +nssearch +tcp

;; Connection to 2001:4860:4802:34::a#53(2001:4860:4802:34::a) for google.com failed: timed out.
SOA ns1.google.com. dns-admin.google.com. 518521970 900 900 1800 60 from server 216.239.36.10 in 51 ms.
SOA ns1.google.com. dns-admin.google.com. 518521970 900 900 1800 60 from server 216.239.34.10 in 27 ms.
;; Connection to 2001:4860:4802:38::a#53(2001:4860:4802:38::a) for google.com failed: timed out.
;; Connection to 2001:4860:4802:32::a#53(2001:4860:4802:32::a) for google.com failed: timed out.
;; Connection to 2001:4860:4802:36::a#53(2001:4860:4802:36::a) for google.com failed: timed out.
SOA ns1.google.com. dns-admin.google.com. 518521970 900 900 1800 60 from server 216.239.32.10 in 31 ms.
SOA ns1.google.com. dns-admin.google.com. 518223234 900 900 1800 60 from server 216.239.38.10 in 83 ms.

tags: added: verification-done verification-done-jammy verification-done-kinetic
removed: verification-needed verification-needed-jammy verification-needed-kinetic
Revision history for this message
Launchpad Janitor (janitor) wrote :
Download full text (3.3 KiB)

This bug was fixed in the package bind9 - 1:9.18.12-0ubuntu0.22.04.1

---------------
bind9 (1:9.18.12-0ubuntu0.22.04.1) jammy; urgency=medium

  * New upstream releases 9.18.2 - 9.18.12 (LP: #2003586)
    - Updates:
      + update-quota option
      + named -V shows supported cryptographic algorithms
      + Catalog Zones schema version 2 support in named
      + DNS error support Stale Answer and Stale NXDOMAIN Answer
      + Remote TLS certificate verification support
      + reusereport option
    - Bug Fixes Include:
      + Fix crash when using dig with +nssearch and +tcp (LP: #1258003)
      + Fix incomplete results using dig with +nssearch (LP: #1970252)
      + Fix loading of preinstalled plugins (LP: #2006972)
      + CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080,
        CVE-2022-38178, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924,
        CVE-2022-1183
      + Fix thread safety in dns_dispatch
      + Fix ADB quota management in resolver
      + Fix Prohibited DNS error on allow-recursion
      + Fix crash when restarting server with active statschannel connection
      + Fix use after free for catalog zone processing
      + Fix leak of dns_keyfileio_t objects
      + Fix nslookup failure to use port option when record type ANY is used
      + Fix crash on dnssec-policy zone with NSEC3 and inline-signing turned on
      + Fix inheritance when setting remote server port
      + Fix assertion error when accessing statistics channel
      + Fix rndc dumpdb -expired for stuck cache
      + Fix check for other name servers after receiving FORMERR
      + Fix deletion of CDS after zone sign
      + Fix dighost query context management
      + Fix dig hanging due to IPv4 mapped IPv6 address
      + See https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
        for additional bug fixes and information
  * Improve dep-8 test suite (LP: #2003584):
    - d/t/zonetest: Add dep8 test for checking the domain zone creation process
    - d/t/control: Add new test outline
  * d/bind9-doc.docs: Stop installing removed file doc/misc/options.active
  * Remove patches for bugs LP #1964400 and LP #1964686 fixed upstream:
    - lp1964400-lp1964686-Fix-an-issue-in-dig-when-retrying-with-the-next-serv
    - lp1964400-lp1964686-When-resending-a-UDP-request-insert-the-query-to-the
    - lp1964400-lp1964686-Add-digdelv-system-test-to-check-timed-out-result-fo
    - lp1964400-lp1964686-After-dig-request-errors-try-to-use-other-servers-wh
    - lp1964400-lp1964686-Add-digdelv-system-test-to-check-that-dig-tries-othe
    - lp1964400-lp1964686-Fix-dig-error-when-trying-the-next-server-after-a-TC
    - lp1964400-lp1964686-Add-various-dig-host-tests-for-TCP-UDP-socket-error-
  * Remove CVE patches fixed upstream:
    - debian/patches/CVE-2022-1183.patch
      [Included in upstream release 9.18.3]
    - debian/patches/CVE-2022-2795.patch
    - debian/patches/CVE-2022-2881.patch
    - debian/patches/CVE-2022-2906.patch
    - debian/patches/CVE-2022-3080.patch
    - debian/patches/CVE-2022-38178.patch
      [Included in upstream release 9.18.7]
    - debian/patches/CVE-2022-3094.patch
    - debian/patches/CVE-2022-3736.patch
    -...

Read more...

Changed in bind9 (Ubuntu Jammy):
status: Fix Committed → Fix Released
Revision history for this message
Chris Halse Rogers (raof) wrote : Update Released

The verification of the Stable Release Update for bind9 has completed successfully and the package is now being released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package bind9 - 1:9.18.12-0ubuntu0.22.10.1

---------------
bind9 (1:9.18.12-0ubuntu0.22.10.1) kinetic; urgency=medium

  * New upstream releases 9.18.5 - 9.18.12 (LP: #2003586)
    - Updates:
      + update-quota option
      + named -V shows supported cryptographic algorithms
    - Bug Fixes Include:
      + Fix crash when using dig with +nssearch and +tcp (LP: #1258003)
      + Fix incomplete results using dig with +nssearch (LP: #1970252)
      + CVE-2022-2795, CVE-2022-2881, CVE-2022-2906, CVE-2022-3080,
        CVE-2022-38178, CVE-2022-3094, CVE-2022-3736, CVE-2022-3924
      + Fix thread safety in dns_dispatch
      + Fix ADB quota management in resolver
      + Fix Prohibited DNS error on allow-recursion
      + Fix crash when restarting server with active statschannel connection
      + Fix use after free for catalog zone processing
      + Fix leak of dns_keyfileio_t objects
      + Fix nslookup failure to use port option when record type ANY is used
      + Fix crash on dnssec-policy zone with NSEC3 and inline-signing turned on
      + Fix inheritance when setting remote server port
      + Fix assertion error when accessing statistics channel
      + Fix rndc dumpdb -expired for stuck cache
      + Fix check for other name servers after receiving FORMERR
      + See https://bind9.readthedocs.io/en/v9_18_12/notes.html#notes-for-bind-9-18-12
        for additional bug fixes and information
  * Improve dep-8 test suite (LP: #2003584):
    - d/t/zonetest: Add dep8 test for checking the domain zone creation process
    - d/t/control: Add new test outline
  * d/bind9-doc.docs: Stop installing removed file doc/misc/options.active
  * d/p/0001-Disable-treat-warnings-as-errors-in-sphinx-build.patch: refresh to
    apply with version 9.18.8
  * Remove CVE patches fixed upstream:
    - debian/patches/CVE-2022-2795.patch
    - debian/patches/CVE-2022-2881.patch
    - debian/patches/CVE-2022-2906.patch
    - debian/patches/CVE-2022-3080.patch
    - debian/patches/CVE-2022-38178.patch
      [Included in upstream release 9.18.7]
    - debian/patches/CVE-2022-3094.patch
    - debian/patches/CVE-2022-3736.patch
    - debian/patches/CVE-2022-3924.patch
      [Included in upstream release 9.18.11]

 -- Lena Voytek <email address hidden> Wed, 08 Mar 2023 08:49:53 -0700

Changed in bind9 (Ubuntu Kinetic):
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.