* simplified soft-fail per-ns limit to per-query
  limit, each query gets 4 tries at resolving
* instead of locking at single servfailing NS,
  penalise it and run reelection, this may or
  may not try other servers but avoids pathologic
  case when single NS is servfailing while others
  are good but never probed
* added new nsrep update mode (addition)

this code used memory pool of source packet instead
of the answer, this could result in invalidated
memory read if the memory occupied by source
packet was rewritten

* daemon now processes messages over TCP stream
out-of-order and concurrently
* support for TCP_DEFER_ACCEPT
* support for TCP Fast-Open
* there are now deadlines for TCP for idle/slow
streams (to prevent slowloris; pruning)
* there is now per-request limit on timeouts
(each request is allowed 4 timeouts before bailing)
* faster request closing, unified retry/timeout timers
* rare race condition in timer closing fixed

the daemon has now three modes of strictness
checking from strict to permissive.
it reflects the tradeoff between resolving the
query in as few steps as possible and security
for insecure zones

an internal timer walks RTT timer periodically and
clears entries with bad results every 5 minutes.
this means that a timeouted entry penalty is 
capped to that interval, making sure that the
bad reputation doesn't last forever

This reverts commit f9ffeca9.

in permissive mode, resolver is free to use
(but not cache) non-mandatory glue records even
if they're not resolvable. this is great as a 
workaround for broken child-side zones, but
not great for security of, well, insecure
delegations. it's off by default.

the validator module should ignore any data that
will be scrubbed, that includes non-authoritative
data outside current bailiwick. previously, 
validator attempted to ignore these records only
for answer section and had a special case for NS
records.

cache: non-authoritative NS records are always
unchecked and must be treated as insecure

affected: www.iana.org trying to provide
delegation information for CNAME target, which is
moot with CNAME target explicit-fetch policy unless
the the resolver already knows DNSKEY with which
is could verify the records

breathe failed to process the typedef thinking
the macro expansion was a function pointer

updated tests

when raised, a response zone cut will be recovered
even if the response came from cache. this is
normally not needed (and incurs additional cache
lookups), but it may be useful for
inspection

Marek Vavrusa authored 9 years ago and Grigorii Demidov committed 9 years ago

there are broken resolution chains where a zone cut is advertised,
but it doesn't exist and the final NS answers from its parent's
zone cut, which is an attempt to escape bailiwick

example:

resolving A ab.cd.ef
NS ef responds:
 - ab.cd.ef NS X ; adverises ab.cd.ef zone cut
X responds:
 - A ab.cd.ef A 1.2.3.4
 - cd.ef NS X ; escapes previously advertised cut

on the other hand, it is important to fail early for referrals as
it signifies a lame answer

there are broken resolution chains where a zone cut is advertised,
but it doesn't exist and the final NS answers from its parent's
zone cut, which is an attempt to escape bailiwick

example:

resolving A ab.cd.ef
NS ef responds:
 - ab.cd.ef NS X ; adverises ab.cd.ef zone cut
X responds:
 - A ab.cd.ef A 1.2.3.4
 - cd.ef NS X ; escapes previously advertised cut

on the other hand, it is important to fail early for referrals as
it signifies a lame answer

the field length is platform-dependent

Grigorii Demidov authored 9 years ago and Marek Vavrusa committed 9 years ago

lib: answer finalization was changed

this is not going to be backwards compatible change, but it will be the first tagged libknot release sufficient for resolver

thanks @darix!
fixes #21,#22