Traffic Server
  1. Traffic Server
  2. TS-129

BIND DNS code license incompatibility

    Details

    • Type: Improvement Improvement
    • Status: Closed
    • Priority: Blocker Blocker
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 2.0.0a
    • Component/s: None
    • Labels:
      None

      Description

      We have some BIND related code in TS, which we need to replace with something that is ASL compatible. Or, as discussed, if this code is for DNS proxy only, lets just remove it and disable DNS proxying for now at least.

      1. ts-bind-jp-v2.1.patch
        15 kB
        John Plevyak
      2. ts-bind-jp-v2.patch
        108 kB
        John Plevyak
      3. ts-bind-jp-v1.patch
        96 kB
        John Plevyak

        Issue Links

          Activity

          Hide
          John Plevyak added a comment -

          In discussion we decided to remove the DNS proxy. If that is the offending code it
          will resolve this issue.

          Could someone attach the information about the BIND code, the files and line numbers
          if possible.

          Show
          John Plevyak added a comment - In discussion we decided to remove the DNS proxy. If that is the offending code it will resolve this issue. Could someone attach the information about the BIND code, the files and line numbers if possible.
          Hide
          John Plevyak added a comment -

          Here is a patch to fix this by moving to the current stable BIND code
          with the new BSD license. I had to hack the code a bit, in particular
          the round-robin DNS code needed some help.

          Please review these changes as I an not familar with the
          RR or SplitDNS code.

          Show
          John Plevyak added a comment - Here is a patch to fix this by moving to the current stable BIND code with the new BSD license. I had to hack the code a bit, in particular the round-robin DNS code needed some help. Please review these changes as I an not familar with the RR or SplitDNS code.
          Hide
          George Paul added a comment -

          Code patch looks fine AFAICT. Tested patch and ran the simple DNS regression which passed. At some point simple regression tests for RR and splitDNS code paths should be added.

          Could the BSD versions of the code for TS-44 functions be added in this patch since they are related to 'iocore/DNS.cc' changes. As is mentioned in that ticket there is BSD code for the necessary functions here:

          http://fxr.watson.org/fxr/source/nameser/ns_name.c?v=FREEBSD-LIBC
          http://fxr.watson.org/fxr/source/nameser/ns_netint.c?v=FREEBSD-LIBC

          Also instead of pulling in ns_get16() could use the NS_GET16 macros in 'ink_resolver.h'

          -George

          Show
          George Paul added a comment - Code patch looks fine AFAICT. Tested patch and ran the simple DNS regression which passed. At some point simple regression tests for RR and splitDNS code paths should be added. Could the BSD versions of the code for TS-44 functions be added in this patch since they are related to 'iocore/DNS.cc' changes. As is mentioned in that ticket there is BSD code for the necessary functions here: http://fxr.watson.org/fxr/source/nameser/ns_name.c?v=FREEBSD-LIBC http://fxr.watson.org/fxr/source/nameser/ns_netint.c?v=FREEBSD-LIBC Also instead of pulling in ns_get16() could use the NS_GET16 macros in 'ink_resolver.h' -George
          Hide
          John Plevyak added a comment -

          This includes the patch for TS-44. Pulled in BIND code for that as well
          as I already had all the license headers setup.

          Please review.

          Show
          John Plevyak added a comment - This includes the patch for TS-44 . Pulled in BIND code for that as well as I already had all the license headers setup. Please review.
          Hide
          George Paul added a comment -

          New changes look good. Tested patch and DNS regressions passed.
          -George

          Show
          George Paul added a comment - New changes look good. Tested patch and DNS regressions passed. -George
          Hide
          John Plevyak added a comment -

          Committed revision 907756.

          Show
          John Plevyak added a comment - Committed revision 907756.
          Hide
          Bryan Call added a comment - - edited

          On Fedora 12 x86_64:

          In file included from inktomi++.h:106,
          from Allocator.cc:32:
          ink_resolver.h:80:1: error: "RES_USE_DNSSEC" redefined
          In file included from ink_platform.h:143,
          from ink_error.h:36,
          from inktomi++.h:88,
          from Allocator.cc:32:
          /usr/include/resolv.h:221:1: error: this is the location of the previous definition

          ink_resolver.h:80
          #define RES_USE_DNSSEC 0x00200000

          /usr/include/resolv.h:221
          #define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */

          Show
          Bryan Call added a comment - - edited On Fedora 12 x86_64: In file included from inktomi++.h:106, from Allocator.cc:32: ink_resolver.h:80:1: error: "RES_USE_DNSSEC" redefined In file included from ink_platform.h:143, from ink_error.h:36, from inktomi++.h:88, from Allocator.cc:32: /usr/include/resolv.h:221:1: error: this is the location of the previous definition ink_resolver.h:80 #define RES_USE_DNSSEC 0x00200000 /usr/include/resolv.h:221 #define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */
          Hide
          John Plevyak added a comment -

          gack,could you post here the chunk of /usr/include/resolve.h which contains the definitions for resolver
          options including RES_USE_DNSSEC so I can see if you just have a newer version of BIND or if
          linux is diverging.

          one possible solution is to just convert these to INK_RES_XXX in our code... comment?

          Show
          John Plevyak added a comment - gack,could you post here the chunk of /usr/include/resolve.h which contains the definitions for resolver options including RES_USE_DNSSEC so I can see if you just have a newer version of BIND or if linux is diverging. one possible solution is to just convert these to INK_RES_XXX in our code... comment?
          Hide
          Jason Giedymin added a comment - - edited

          Can confirm this happens on Fedora 12 i386 (32bit).

          Show
          Jason Giedymin added a comment - - edited Can confirm this happens on Fedora 12 i386 (32bit).
          Hide
          Jason Giedymin added a comment - - edited

          Hope this helps,

          /*

          • Resolver options (keep these in synch with res_debug.c, please)
            */
            #define RES_INIT 0x00000001 /* address initialized */
            #define RES_DEBUG 0x00000002 /* print debug messages */
            #define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/
            #define RES_USEVC 0x00000008 /* use virtual circuit */
            #define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */
            #define RES_IGNTC 0x00000020 /* ignore trucation errors */
            #define RES_RECURSE 0x00000040 /* recursion desired */
            #define RES_DEFNAMES 0x00000080 /* use default domain name */
            #define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */
            #define RES_DNSRCH 0x00000200 /* search up local domain tree */
            #define RES_INSECURE1 0x00000400 /* type 1 security disabled */
            #define RES_INSECURE2 0x00000800 /* type 2 security disabled */
            #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */
            #define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */
            #define RES_ROTATE 0x00004000 /* rotate ns list after each query */
            #define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity. */
            #define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */
            #define RES_BLAST 0x00020000 /* blast all recursive servers */
            #define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte
            strings */
            #define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6
            reverse lookup */
            #define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */
            #define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */
            #define RES_SNGLKUPREOP 0x00400000 /* ", but open new socket for each
            request */
            #define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */

          #define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)

          Show
          Jason Giedymin added a comment - - edited Hope this helps, /* Resolver options (keep these in synch with res_debug.c, please) */ #define RES_INIT 0x00000001 /* address initialized */ #define RES_DEBUG 0x00000002 /* print debug messages */ #define RES_AAONLY 0x00000004 /* authoritative answers only (!IMPL)*/ #define RES_USEVC 0x00000008 /* use virtual circuit */ #define RES_PRIMARY 0x00000010 /* query primary server only (!IMPL) */ #define RES_IGNTC 0x00000020 /* ignore trucation errors */ #define RES_RECURSE 0x00000040 /* recursion desired */ #define RES_DEFNAMES 0x00000080 /* use default domain name */ #define RES_STAYOPEN 0x00000100 /* Keep TCP socket open */ #define RES_DNSRCH 0x00000200 /* search up local domain tree */ #define RES_INSECURE1 0x00000400 /* type 1 security disabled */ #define RES_INSECURE2 0x00000800 /* type 2 security disabled */ #define RES_NOALIASES 0x00001000 /* shuts off HOSTALIASES feature */ #define RES_USE_INET6 0x00002000 /* use/map IPv6 in gethostbyname() */ #define RES_ROTATE 0x00004000 /* rotate ns list after each query */ #define RES_NOCHECKNAME 0x00008000 /* do not check names for sanity. */ #define RES_KEEPTSIG 0x00010000 /* do not strip TSIG records */ #define RES_BLAST 0x00020000 /* blast all recursive servers */ #define RES_USEBSTRING 0x00040000 /* IPv6 reverse lookup with byte strings */ #define RES_NOIP6DOTINT 0x00080000 /* Do not use .ip6.int in IPv6 reverse lookup */ #define RES_USE_EDNS0 0x00100000 /* Use EDNS0. */ #define RES_SNGLKUP 0x00200000 /* one outstanding request at a time */ #define RES_SNGLKUPREOP 0x00400000 /* " , but open new socket for each request */ #define RES_USE_DNSSEC 0x00800000 /* use DNSSEC using OK bit in OPT */ #define RES_DEFAULT (RES_RECURSE|RES_DEFNAMES|RES_DNSRCH|RES_NOIP6DOTINT)
          Hide
          John Plevyak added a comment -

          OK, looks like glib has decided to significantly diverge from 9.6 and
          bind 9.7 seems to be leaving the OS resolver code out, so I am going
          to make these INK_RES_XXXXX in our code.

          Show
          John Plevyak added a comment - OK, looks like glib has decided to significantly diverge from 9.6 and bind 9.7 seems to be leaving the OS resolver code out, so I am going to make these INK_RES_XXXXX in our code.
          Hide
          John Plevyak added a comment -

          This converts all the internal constants to use INK_ as a prefix.

          Please verify on effected systems and comment before I checkin.

          Show
          John Plevyak added a comment - This converts all the internal constants to use INK_ as a prefix. Please verify on effected systems and comment before I checkin.
          Hide
          Bryan Call added a comment -

          The latest patch fixed the problems on Fedora 12 x86_64. I recommend that we start to use the prefix TS_ for everything instead of INK_. At some point we will need to change everything over.

          Show
          Bryan Call added a comment - The latest patch fixed the problems on Fedora 12 x86_64. I recommend that we start to use the prefix TS_ for everything instead of INK_. At some point we will need to change everything over.
          Hide
          John Plevyak added a comment -

          I agree on the TS_ prefix but I would like us to vote on it and then do the change with perl all at once.
          If we switch to TS_ and then the vote comes out ATS_ or something then it would make it more difficult
          to do the change globally.

          I would like to just check this in and clear the blocker and then call for a vote on the new prefix separately....

          Bryan, do you want to call for a vote on TS_ ... ? I'll give it a +1

          Show
          John Plevyak added a comment - I agree on the TS_ prefix but I would like us to vote on it and then do the change with perl all at once. If we switch to TS_ and then the vote comes out ATS_ or something then it would make it more difficult to do the change globally. I would like to just check this in and clear the blocker and then call for a vote on the new prefix separately.... Bryan, do you want to call for a vote on TS_ ... ? I'll give it a +1
          Hide
          Jason Giedymin added a comment -

          John Plevyak submitted the patch, not John Giedymin.

          Thought I had a long lost cousin I've never met!

          Show
          Jason Giedymin added a comment - John Plevyak submitted the patch, not John Giedymin. Thought I had a long lost cousin I've never met!
          Hide
          Bryan Call added a comment -

          My bad, too bad you can't edit svn comments like git.

          Didn't expect 2 Johns to be commenting on the same bug, go figure. That is what I get for doing a copy and paste...

          Sorry, John Pievyak

          Show
          Bryan Call added a comment - My bad, too bad you can't edit svn comments like git. Didn't expect 2 Johns to be commenting on the same bug, go figure. That is what I get for doing a copy and paste... Sorry, John Pievyak

            People

            • Assignee:
              John Plevyak
              Reporter:
              Leif Hedstrom
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved:

                Development