issue #1

issue #1

issue #1

issue #1

issue #1

DNSSEC - NSEC/NSEC3 chain fix

NSEC/NSEC3 chain fix. Takes 9 seconds for testing zone (a big one), while `master` takes 4 minutes to fix it. 'Nuff said.

Conflicts:
	src/knot/server/zones.c
	src/libknot/dnssec/zone-events.c
	src/libknot/dnssec/zone-events.h
	src/libknot/updates/xfr-in.c

Conflicts:
	src/knot/server/zones.c
	src/libknot/nameserver/name-server.c

We don't know in advance which packet is the last, so we must always
reserve a space for TSIG (if we use it).

DNSSEC: signatures refreshing

Included changes:

* The signatures are now refreshed (signature_lifetime / 10) seconds before their expiration. The default signature lifetime is 30 days, therefore the signatures are refreshed 3 days before their expiration.
* The parameter 'expires_at' in signing functions was renamed to 'refresh_at', as the name was misleading.
* The signing policy structure was cleaned and helper functions were added.
* DNSSEC event logging was changed from relative to absolute value, because the intervals are much longer now.

Conflicts:
	NEWS
	src/knot/ctl/remote.c

Reported by Hauke Lampe <lampe@hauke-lampe.de>
Solved in the new API, but the tests for this should be carried over.

close #195

ref #195

ref #195

The signatures are now refreshed (signature_lifetime / 10) seconds
before their expiration. The default signature lifetime is 30 days,
therefore the signatures are refreshed 3 days before their expiration.

The parameter 'expires_at' in signing functions was renamed to 'refresh_at',
as the name was misleading.

The signing policy structure was cleaned and helper functions were added.

DNSSEC event logging was changed from relative to absolute value, because
the intervals are much longer now.

The locking is already made in 'remote_rdata_apply'.

- Would not be valid if looking for previous of the first NSEC3 node.

Zone Load Descriptive Msg

See the commit. I don't like the logging much so to say. I'd like to see a special function dedicated for logging from inside the zone loading that makes sure the log format is similar and file:line & current node is always printed out. If you could make it a ticket and do it sometimes later, that would be nice 

I still don't like it much. I'd like to have a separate function
that would always print current zone file, line and record so
the logs are predictable. That would require more refactoring
so the scanner is visible from all the functions and I'd like to
leave it as a part of a bigger change.

Red Hat ships patched version of OpenSSL in RHEL 6, which claims to be a
pre-release according to the header file. Let's be more benevolent and
require just some 1.0.0 version.