DNSSEC: make dnssec-enable indeed global

fixes #163

src/knot/conf/cf-parse.y

@@ -347,9 +347,7 @@ static void conf_zone_start(void *scanner, char *name) {
 	}
 
 	// DNSSEC configuration
-	if (new_config->dnssec_enable) {
-		this_zone->dnssec_enable = new_config->dnssec_enable;
-	}
+	this_zone->dnssec_enable = -1;
 
 	/* Initialize ACL lists. */
 	init_list(&this_zone->acl.xfr_in);

src/knot/conf/conf.c

@@ -322,9 +322,13 @@ static int conf_process(conf_t *conf)
 
 		// Default policy for DNSSEC
 		if (!conf->dnssec_keydir) {
-			zone->dnssec_enable = false;
+			zone->dnssec_enable = 0;
+		} else if (zone->dnssec_enable < 0) {
+			zone->dnssec_enable = conf->dnssec_enable;
 		}
 
+		assert(zone->dnssec_enable == 0 || zone->dnssec_enable == 1);
+
 		// DNSSEC required settings
 		if (zone->dnssec_enable) {
 			// Enable zone diffs (silently)
@@ -577,7 +581,7 @@ conf_t *conf_new(const char* path)
 	c->logs_count = -1;
 
 	/* DNSSEC. */
-	c->dnssec_enable = false;
+	c->dnssec_enable = 0;
 
 	/* ACLs. */
 	c->ctl.acl = acl_new();
@@ -705,7 +709,7 @@ void conf_truncate(conf_t *conf, int unload_hooks)
 	conf->zones_count = 0;
 	init_list(&conf->zones);
 
-	conf->dnssec_enable = false;
+	conf->dnssec_enable = -1;
 	if (conf->filename) {
 		free(conf->filename);
 		conf->filename = NULL;

src/knot/conf/conf.h

@@ -118,7 +118,7 @@ typedef struct conf_zone_t {
 	uint16_t cls;              /*!< Zone class (IN or CH). */
 	char *file;                /*!< Path to a zone file. */
 	char *ixfr_db;             /*!< Path to a IXFR database file. */
-	bool dnssec_enable;        /*!< DNSSEC: Online signing enabled. */
+	int dnssec_enable;         /*!< DNSSEC: Online signing enabled. */
 	size_t ixfr_fslimit;       /*!< File size limit for IXFR journal. */
 	int sig_lifetime;          /*!< Validity period of DNSSEC signatures. */
 	int dbsync_timeout;        /*!< Interval between syncing to zonefile.*/
@@ -255,7 +255,7 @@ typedef struct conf_t {
 	size_t ixfr_fslimit; /*!< File size limit for IXFR journal. */
 	int build_diffs;     /*!< Calculate differences from changes. */
 	hattrie_t *names;    /*!< Zone tree for duplicate checking. */
-	bool dnssec_enable;  /*!< DNSSEC: Online signing enabled. */
+	int dnssec_enable;   /*!< DNSSEC: Online signing enabled. */
 	char *dnssec_keydir; /*!< DNSSEC: Path to key directory. */
 	int sig_lifetime;    /*!< DNSSEC: Signature lifetime. */