Bug 253842 - dns/yadifa: update to 2.4.2
Summary: dns/yadifa: update to 2.4.2
Status: Closed Overcome By Events
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Some People
Assignee: Juraj Lutter
URL: https://www.yadifa.eu/sites/default/f...
Keywords:
Depends on:
Blocks:
 
Reported: 2021-02-25 10:30 UTC by Leo Vandewoestijne
Modified: 2021-06-30 10:37 UTC (History)
2 users (show)

See Also:


Attachments
Yadifa 2.4.2 (2.92 KB, patch)
2021-02-25 10:30 UTC, Leo Vandewoestijne
freebsd: maintainer-approval+
Details | Diff
group yadifa (224 bytes, patch)
2021-02-25 10:32 UTC, Leo Vandewoestijne
freebsd: maintainer-approval+
Details | Diff
user yadida (399 bytes, patch)
2021-02-25 10:32 UTC, Leo Vandewoestijne
freebsd: maintainer-approval+
Details | Diff
Corrected GUId diff, dropped new configure directive (3.40 KB, patch)
2021-02-26 14:27 UTC, Harald Schmalzbauer
no flags Details | Diff
Yadifa 2.4.2 svndiff (3.66 KB, patch)
2021-03-02 11:06 UTC, Leo Vandewoestijne
freebsd: maintainer-approval+
Details | Diff
Yadifa 2.4.2 v3 (5.23 KB, patch)
2021-03-10 00:10 UTC, Leo Vandewoestijne
freebsd: maintainer-approval+
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Leo Vandewoestijne 2021-02-25 10:30:59 UTC
Created attachment 222816 [details]
Yadifa 2.4.2

I ran across a problem in Yadifa where a hidden-primary (AKA master) could talk to Yadifa as secondairy (AKA slave), but behave disobedient (or strict) the moment it doesn't observe the AA bit.

To fix that I needed another configure option, and while updating the port I discovered a new release two days ago!

Included patch works fine (portlint, poudriere)...
however, -even after updating the UIDs / GIDs files- it fails creating the group/user.

Tested against 11.4 and 12.2 (but AMD64 only).
Comment 1 Leo Vandewoestijne 2021-02-25 10:32:14 UTC
Created attachment 222818 [details]
group yadifa
Comment 2 Leo Vandewoestijne 2021-02-25 10:32:48 UTC
Created attachment 222819 [details]
user yadida
Comment 3 Harald Schmalzbauer 2021-02-26 13:53:10 UTC
Hi, thanks for the update diffs.
But I don't think --enable-non-aa-axfr-support should be included to alter the default of "axfr-strict-authority" server setting from <main> section.
The default is more RFC conform than Microsoft DNS (rfc5936 requires the AA flag to be 1 in AXFR answers, if RCODE is 0 (no error), although RECOMMENDS clients to ignore...)
You can always adapt your config to your needs, no need to change default IMHO.

-harry
Comment 4 Harald Schmalzbauer 2021-02-26 14:27:07 UTC
Created attachment 222846 [details]
Corrected GUId diff, dropped new configure directive

Please find attached the diff with corrected GIDs hunk and dropped --enable-non-aa-axfr-support configure directive.
Comment 5 Tobias Kortkamp freebsd_committer 2021-02-26 14:56:07 UTC
Can you also please fix the typos and unbreak the DNSSECTOOLS, KEYGEN,
ZONESIGN options, that is, DNSSECTOOLS_OFF -> DNSSECTOOLS_CONFIGURE_OFF,
KEYGEN_ENABLE ->  KEYGEN_CONFIGURE_ENABLE,
ZONESIGN_ENABLE ->  ZONESIGN_CONFIGURE_ENABLE.

Thanks.
Comment 6 Juraj Lutter freebsd_committer 2021-02-26 15:05:20 UTC
Also, portlint, portfmt, portclippy are handy, too.
Comment 7 Leo Vandewoestijne 2021-03-02 11:06:58 UTC
Created attachment 222915 [details]
Yadifa 2.4.2 svndiff

All alterations, corrections and contributions merged.
Thanks you, everybody.

Tested fine (against 11.4 AMD and 12.2 AMD).
Comment 8 Leo Vandewoestijne 2021-03-02 11:09:17 UTC
Comment on attachment 222846 [details]
Corrected GUId diff, dropped new configure directive

(merged with 222915)
Comment 9 Harald Schmalzbauer 2021-03-02 16:17:26 UTC
During my brief tests, I found a significant issue regarding 'listen' resp. 'do-not-listen' directives, which breaks yadifad answering UDP queries:
https://github.com/yadifa/yadifa/issues/14
This is only true for IPv4, IPv6 UDP replies (aswell as TCP4+6) still work after defining 'listen' resp. 'do-not-listen" directives!

The port's rc script doesn't handle chroot() at all
(<main>
chroot                      yes
chroot-path                 "/var/yadifa"
</main>)

The bind port/base rc script does a quiet good job in populating a chroot-sandbox with the required directories/permissions and I think also handles syslog (socket) and PID well.  It's unlikely that I find time to start debugging the UDP 'listen'-breakage and this is a show stopper for me.  So unfortunately cloning bind's rc routines will be left to someone else most likely - depends on my further tests with knot3 ...

Thanks!
-harry
Comment 10 Leo Vandewoestijne 2021-03-10 00:09:30 UTC
(In reply to Harald Schmalzbauer from comment #9)
I recognize all you say.

I suspect the listening problem is likely best solved by the vendor, so thanks for already reporting it there. And thanks for confirming it was not just at me.

The rc script indeed doesn't handle chroot, but you can do that in the configfile. For me chrootpath worked as expected.

Documentation is always behind and/or incomplete or sometimes even incorrect.
Like "chroot-path / chrootpath" is not in the example config (but in the 2.3.9 manual).

The rc script doesn't populate chroot directories, since pkg-plist does that at install. But I improved the creation now that -since this update- there is a UID/GID.

All the directory settings can be controlled from the config file, which I deem the correct place to do so (and so don't feel much for doing things twice, but I see room for improvement). So yes, I hear you. But offering both chroot and non-chroot all perfect and adhire to BSD standards is impossible anyway. So I leave configuration up to the user, but maybe in the futures I could patch the yadifad.conf.sample with more useful pointers than there are currently.

The UDP problem can be avoided using dnsdist in front of it, and additionally offers loadbalancing, failover and abuse-mitigation. I tried if it may have been caused in the rc script or in the config (the "network-model" setting), but looks like a problem I cannot solve so easily.

Anyway, I'm grateful for your feedback.

Leo.
Comment 11 Leo Vandewoestijne 2021-03-10 00:10:45 UTC
Created attachment 223135 [details]
Yadifa 2.4.2 v3

This latest patch additionally:
- corrects the configure settings in Makefile
- improves the rc to use uid/gid
- corrects uid/gid of created dirs in pkg-plist