Re: "make test" not working?
On 01.02.22 18:13, Ondřej Surý wrote: On 1. 2. 2022, at 15:28, Josef Moellers wrote: Thanks, Ondřej, for pushing my nose onto the fact that the test should be run as a non-privileged user. BTDTGT Well, you are welcome, but please **do** include all the modifications and all the steps you are doing when reporting bugs. You omitted quite serious information about the build until the very last moment when you reported you found the issue. I apologize for that. My only excuse is that many times just raising the question whether thisandthat really works gets me an answer "oops ... no ... there's thisandthat that prevents it from working at the moment". But I should have given the information as soon as possible. I'll try to do so in the future. AAMOF the bug does look like issue# 3069, more because the VM has only a single core and a pretty small memory, so I first tried by adding "--enable-querytrace" to configure's options, which caused the test to completely hang, and then I increased the timeout value to 30 which did not help either. As the issue is already closed, I'll open a new one. But I'd like to make a few additional tests first. Josef -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "make test" not working?
On 01.02.22 17:54, Reindl Harald wrote: Am 01.02.22 um 15:28 schrieb Josef Moellers: Just for the record: Thanks, Ondřej, for pushing my nose onto the fact that the test should be run as a non-privileged user. really *nothing* should run as root, especially not building software - doing so and even rpmbuild no longer can assure that something don't break out of the buildroot In my case I run it on a private VM. But you're right: if the source is unreliable, anything can happen. I was assuming the bind sources are reliable. the "make install" in a rpmbuild simply fails when it tries touch touch /usr and that's one more reason never type "sudo make install" but package everything Yes ... that's what I'm about to do ... packaging bind. Josef -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC BIND & Windows
On 2022-02-01 17:59, Danny Mayer via bind-users wrote: Just run it as a docker image. Docker runs on Windows. next will be we all run windows 12 in docker :) /me hiddes, i am still using gentoo -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "make test" not working?
> On 1. 2. 2022, at 15:28, Josef Moellers wrote: > > Thanks, Ondřej, for pushing my nose onto the fact that the test should be run > as a non-privileged user. BTDTGT Well, you are welcome, but please **do** include all the modifications and all the steps you are doing when reporting bugs. You omitted quite serious information about the build until the very last moment when you reported you found the issue. Ondrej -- Ondřej Surý (He/Him) ond...@isc.org My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC BIND & Windows
Check the list archives beginning April 2021 for the thread: Deprecating BIND 9.18+ on Windows (or making it community improved and supported) -- Do things because you should, not just because you can. John Thurston907-465-8591 john.thurs...@alaska.gov Department of Administration State of Alaska On 2/1/2022 7:14 AM, jukka.pakka...@qnet.fi wrote: CAUTION: This email originated from outside the State of Alaska mail system. Do not click links or open attachments unless you recognize the sender and know the content is safe. Just read from the 9.18.0 release notes that Windows is not supported. Since don't remember reading expressly stated that Windows support would end with 9.16.x branch, inquiring if there is more information about future Windows compatibility available... is the plan to include support to Windows at some point, to some current or future Windows Server version, or is it a fact already, that no more Windows past 9.16.x? Jukka -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC BIND & Windows
On 2/1/22 11:14 AM, jukka.pakka...@qnet.fi wrote: Just read from the 9.18.0 release notes that Windows is not supported. Since don't remember reading expressly stated that Windows support would end with 9.16.x branch, inquiring if there is more information about future Windows compatibility available... is the plan to include support to Windows at some point, to some current or future Windows Server version, or is it a fact already, that no more Windows past 9.16.x? Just run it as a docker image. Docker runs on Windows. Danny -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "make test" not working?
Am 01.02.22 um 15:28 schrieb Josef Moellers: Just for the record: Thanks, Ondřej, for pushing my nose onto the fact that the test should be run as a non-privileged user. really *nothing* should run as root, especially not building software - doing so and even rpmbuild no longer can assure that something don't break out of the buildroot the "make install" in a rpmbuild simply fails when it tries touch touch /usr and that's one more reason never type "sudo make install" but package everything -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: ISC BIND & Windows
On 02.02.22 00:14, jukka.pakka...@qnet.fi wrote: Just read from the 9.18.0 release notes that Windows is not supported. Since don't remember reading expressly stated that Windows support would end with 9.16.x branch, inquiring if there is more information about future Windows compatibility available... is the plan to include support to Windows at some point, to some current or future Windows Server version, or is it a fact already, that no more Windows past 9.16.x? there were discussions starting here https://lists.isc.org/pipermail/bind-users/2021-April/104506.html further in may and june -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Saving Private Ryan... Private Ryan exists. Overwrite? (Y/N) -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
ISC BIND & Windows
Just read from the 9.18.0 release notes that Windows is not supported. Since don't remember reading expressly stated that Windows support would end with 9.16.x branch, inquiring if there is more information about future Windows compatibility available... is the plan to include support to Windows at some point, to some current or future Windows Server version, or is it a fact already, that no more Windows past 9.16.x? Jukka -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.16.25 "file descriptor exceeds limit" messages
On 01. 02. 22 15:43, Anand Buddhdev wrote: On 01/02/2022 15:33, Petr Špaček wrote: Hi Petr, As you correctly noticed, the log message "adjusted limit on open files from 4096 to 1048576" already shows that BIND adjusted OS-level file descriptor limit. The only way out is what Tony wrote in another thread: Add "-S " parameter to bump the built-in limit of 21000 FDs. This is BIND's limit as opposed to OS limit, so systemd-level settings cannot raise it. Thanks. I will try this out. The option does come with a warning though. ... or migrate to 9.18.0 which does not have this built-in limit anymore. I have packages ready. But I don't feel comfortable deploying this version in production. When 9.16 came out, it was branded as "stable" but it took several updates before it actually worked reliably for us. Version 9.18 has a lot of new code, and I am sure several things will be glitchy, so I will wait a while and see how it develops before considering it for any production servers here. That's understandable. We can only hope that not everyone will delay upgrading :-) On a more serious note, we have significantly expanded load testing with UDP traffic during the 9.17 development cycle, so hopefully, 9.18.0 has fewer rough edges than 9.16.0 had. I apologize for that bad experience. Since then, we have learned our lesson and have been working on test improvements. -- Petr Špaček -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "make test" not working?
Please don’t, use gitlab. The message is just autoconf quirk. -- Ondřej Surý — ISC (He/Him) My working hours and your working hours may be different. Please do not feel obligated to reply outside your normal working hours. > On 1. 2. 2022, at 15:28, Josef Moellers wrote: > > PS The "resolver" test failed, but I'll report that to i...@isc.org -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.16.25 "file descriptor exceeds limit" messages
On 01/02/2022 15:33, Petr Špaček wrote: Hi Petr, As you correctly noticed, the log message "adjusted limit on open files from 4096 to 1048576" already shows that BIND adjusted OS-level file descriptor limit. The only way out is what Tony wrote in another thread: Add "-S " parameter to bump the built-in limit of 21000 FDs. This is BIND's limit as opposed to OS limit, so systemd-level settings cannot raise it. Thanks. I will try this out. The option does come with a warning though. ... or migrate to 9.18.0 which does not have this built-in limit anymore. I have packages ready. But I don't feel comfortable deploying this version in production. When 9.16 came out, it was branded as "stable" but it took several updates before it actually worked reliably for us. Version 9.18 has a lot of new code, and I am sure several things will be glitchy, so I will wait a while and see how it develops before considering it for any production servers here. Regards, Anand -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.16.25 "file descriptor exceeds limit" messages
On 01. 02. 22 13:30, Anand Buddhdev wrote: Hi Ondrej, Do you recommend setting LimitNOFILE=1048576 in the systemd unit file for BIND? I'm not Ondrej, but let me try: No, that would be redundant. As you correctly noticed, the log message "adjusted limit on open files from 4096 to 1048576" already shows that BIND adjusted OS-level file descriptor limit. The only way out is what Tony wrote in another thread: Add "-S " parameter to bump the built-in limit of 21000 FDs. This is BIND's limit as opposed to OS limit, so systemd-level settings cannot raise it. ... or migrate to 9.18.0 which does not have this built-in limit anymore. On 28/01/2022 15:03, Anand Buddhdev wrote: Hi Ondrej, It is 1024. I see named logging this: adjusted limit on open files from 4096 to 1048576 I thought there was no need to set LimitNOFILE=1048576 in the systemd unit file. Am I mistaken? -- Petr Špaček @ Internet Systems Consortium -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "make test" not working?
Hi folks, Just for the record: Thanks, Ondřej, for pushing my nose onto the fact that the test should be run as a non-privileged user. BTDTGT As I am determined (and it makes sense) to run the tests on the binaries that we will eventually ship, I need to build the software according to our SPEC file. To do so required a little preparation, but needs no modification to the SPEC file. As root (see NOTE1 below): D=/usr/src/packages/BUILD rm -rf $D/bind-; chgrp users $D; chmod 775 $D D=/usr/src/packages/BUILDROOT rm -rf $D/bind-; chgrp users $D; chmod 775 $D (Replace "users" with one of the groups the unprivileged user is a member of. Yes, I know that this is dangerous and so should only be done on an isolated system without any additional users, eg a private VM). Then, as the unprivileged user: ln -s /usr/src/packages ~/rpmbuild (See NOTE1 below) rpmbuild -bc /usr/src/packages/SPECS/bind.spec cd /usr/src/packages/BUILD/bind- sudo bin/tests/system/ifconfig.sh up(see NOTE2 below) make test NOTE1: This needs to be done only once NOTE2: This needs to be done only once after a (re)boot Josef PS The "resolver" test failed, but I'll report that to i...@isc.org -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.16.25 "file descriptor exceeds limit" messages
Hi Ondrej, Do you recommend setting LimitNOFILE=1048576 in the systemd unit file for BIND? Regards, Anand On 28/01/2022 15:03, Anand Buddhdev wrote: Hi Ondrej, It is 1024. I see named logging this: adjusted limit on open files from 4096 to 1048576 I thought there was no need to set LimitNOFILE=1048576 in the systemd unit file. Am I mistaken? -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: DNSSEC validation via AD bit?
On 31. 01. 22 11:50, Tony Finch wrote: 2. Should sendmail not be trusting the AD bit in replies from the admin configured (i.e., trusted by admin) resolvers? It's dangerous territory. Sendmail isn't alone: for example, OpenSSH also relies on the AD bit to validate SSHFP records. But using AD is only safe if the validating resolver is running on localhost. Unfortunately the portable subset of the resolver API doesn't allow programs to check their recursive server addresses, so they just have to hope that they have been configured by a careful person. (On a mail server there are also performance reasons for running a local resolver, so I guess you are OK in this respect.) Let me add one more detail. To make this more explicit, glibc since 2.31 added "options trust-ad" into resolv.conf. See https://man7.org/linux/man-pages/man5/resolv.conf.5.html and search for trust-ad. I hope it helps. -- Petr Špaček @ Internet Systems Consortium -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: BIND 9.16.25 "file descriptor exceeds limit" messages
On 28. 01. 22 16:28, Tony Finch wrote: Anand Buddhdev wrote: The server has many IP addresses. In named.conf, there are 129 IPv6 addresses in the "listen-on-v6" option and 128 IPv4 addresses in the "listen-on" option. The server begins running, but then repeatedly emits this log: general: error: socket: file descriptor exceeds limit (46474/21000) Hmm, (128+129)*88*2 == 45232, (2 == UDP + TCP) so the big number looks plausible. The 21000 limit comes from a hardcoded value for ISC_SOCKET_MAXSOCKETS. You can adjust -U (number of listeners) on the command line to avoid hitting the fixed MAXSOCKETS limit, and leave -n (max sockets) unset, at its default. You can also set ISC_SOCKET_MAXSOCKETS at build time, if you can work out how to wrangle the build system :-) Or go for 9.18.0 which does not have this limit anymore. -- Petr Špaček @ Internet Systems Consortium -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: "make test" not working?
On 31.01.22 21:24, Evan Hunt wrote: On Mon, Jan 31, 2022 at 05:36:28PM +0100, Ondřej Surý wrote: This works: $ mkdir /tmp/bind9 $ cd /tmp/bind9 $ curl -sSLO https://downloads.isc.org/isc/bind9/9.18.0/bind-9.18.0.tar.xz $ tar -xJf bind-9.18.0.tar.xz $ cd bind-9.18.0/ $ ./configure $ make -j A couple of omitted steps here (easy for us to forget since we probably have it set up already at any given time): $ cd bin/tests/system $ sudo sh ifconfig.sh up $ cd - Yepp, thanks, that one was already in my list/script. My main problem with just running "configure" is that it will generate the code in a different way as we will ship it, so I need to find out what causes the test not to run. I'll try to add our configure options one by one and see when the tests stop running. $ make test […] make[7]: Entering directory '/tmp/bind9/bind-9.18.0/bin/tests/system' PASS: auth […] Testsuite summary for BIND 9.18.0 # TOTAL: 106 # PASS: 106 # SKIP: 0 # XFAIL: 0 # FAIL: 0 # XPASS: 0 # ERROR: 0 make[7]: Leaving directory '/tmp/bind9/bind-9.18.0/bin/tests/system’ […] $ Josef -- SUSE Software Solutions Germany GmbH Maxfeldstr. 5 90409 Nürnberg Germany (HRB 36809, AG Nürnberg) Geschäftsführer: Ivo Totev -- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
