If the ephemeral X.509 certificate is due for renewal in less than a
week, regenerate it automatically.

If kresd is configured to listen using TLS, but it has no credentials,
it should fall back to generating ephemeral credentials and using
them.

It stores the ephemerally-generated secret key in the same directory
as the cache, using the name "ephemeral_key.pem".  If the cache
persists, then the key will too, even if the daemon dies.  This means
that any set of daemons that share a cache will also share an
ephemeral secret key.

The ephemeral X.509 certificate that corresponds to the key will be
automatically generated (self-signed), will have a lifetime of about
90 days (matching Let's Encrypt policy).  The ephemeral cert is
never written to disk; it is always dynamically-generated by kresd.

This should make it very easy to get DNS-over-TLS working in
opportunistic mode.

This can be useful for scheduling checks in the future, for logging
when we're using an expired cert, requesting a new cert, refreshing an
ephemeral cert, etc.

Allow to override hostname() with a lua call hostname("example.com")

This changes lua hostname() call to accept optional parameter with new hostname. This is needed to override possibly wrong name used for ephemeral certs.

See merge request !72

Fix osx sed

See merge request !70

That way we should notice breakages like this before merging.

\t escape is a non-standard escape sequence. Thanks Marek for reporting!
http://unix.stackexchange.com/a/145385/41413

modules/daf: document restriction on order of loading

See the slack channel for previous discussion.

See merge request !62

make: strip *.lua as intended since dcd89700

This saves a few kilobytes in the executable.

Also, the name XXD seemed no longer suitable, as it does lua-specific cleaning.

See merge request !57

zonecut: add missing AAAA hints for E and G servers

The other records seem OK. Fixes #100.

See merge request !66

Fixes #100.
The file with the addresses is in the repo, so people don't have to
regenerate it, but the build system is able to do it.

cache: avoid missing uint typedef

I don't know why it passed on Linux without any warning.

See merge request !65

I don't know why it passed on Linux without any warning.

Ignore generated modules/version/version.lua

See merge request !64

travis osx build was fixed

See merge request !63

lru: new implementation and also interface

The implementation is now a hybrid, slightly described at top of `lib/generic/lru.h`.  Also the API is changed a bit, leading to slight simplification of our use patterns. (EDITED)

See merge request !44

... and that doesn't necessarily mean that malloc() failed.
We do *not* want to evict a heavy-hitter by an unfrequent element.

Note: even the implementation currently in master *did* return NULL,
so some parts of the code were just wrongly returning ENOMEM.

The implementation is now similar to set-associative caches
that x86 CPU use.  Also the API is changed a bit, leading to
slight simplification of our use patterns.

Marek Vavrusa authored 8 years ago and Vladimír Čunát committed 8 years ago

`make bench` now runs a predefined set of
microbenchmarks (right now LRU), it's a start
for comparative microbench of internal structures

The Makefile isn't perfect. I noted it doesn't clean the bench,
but we have the same problem for some other parts, e.g. in deckard.

add option to reorder cached RRs in answers

Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/93.
API of a KR_EXPORT function is changed, so ABIVER is bumped.

See merge request !47

Improve version.mk

See merge request !61

Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/93.
API of a KR_EXPORT function is changed, so ABIVER is bumped.

daemon: another UINT_MAX -> UINT32_MAX



See merge request !58

daemon: some minor coverity scan issues were fixed



See merge request !49

This saves a few kilobytes in the executable.
Also, the name XXD seemed no longer suitable,
as it does lua-specific cleaning.

Remove sandbox.lua from .gitignore



See merge request !56

Resolve libknot and libzscanner SONAME at the build time and fixes to bootstrap-depends.sh script

The OS X build is still failing, but it's unrelated to these changes.

See merge request !55