GitLab now enforces expiry dates on tokens that originally had no set expiration date. Those tokens were given an expiration date of one year later. Please review your personal access tokens, project access tokens, and group access tokens to ensure you are aware of upcoming expirations. Administrators of GitLab can find more information on how to identify and mitigate interruption in our documentation.

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

zone events: separate event for DNSSEC signing

Currently, the zone signing is hooked to events, which modify the content of the published zone, i.e. zone loading and DDNS. This is also the reason, why we disable incoming transfers when the automatic signing is enabled.

Idea:

let's have two zone contents in the zone structure:
1. the zone being published (can be NULL)
2. the zone to be published soon
let's have a separate event for DNSSEC signing, which will take the zone to be published soon, sign that zone, and set the zone as the zone being published

Result:

the zone loading will set the zone to be published soon and schedule zone signing to as soon as possible
the same with DDNS
we can enable incoming AXFR for dnssec enbaled zones (not IXFR) and do the very same thing
maybe this will help us simplify the new zone API

Ideas? @mvavrusa @jkadlec