DNSSEC key pre-publishing

Note, that we have to keep removed keys in the zone_keys structure. Maybe we should increase the capacity until the key database is rewritten. The keys cannot be removed till we know for sure, that the DNSKEY record is removed from the zone. Otherwise we will deal with it as with unknown DNSKEY and therefore keep it in zone.

ticket #220 (closed)

I only skimmed through the changes (so maybe it's already there, but probably not), but I think that a timer for DNSSEC sign event should be set for all keys' expiration times. So whenever a new zone signing event is planned, these values have to be taken into consideration.

You are right. I will fix that.

knot_zone_key_t key = { '\0' }; ?

The first element of the structure is another structure and compiler complains: libknot/dnssec/zone-keys.c:178:27: warning: suggest braces around initialization of subobject [-Wmissing-braces]

And I do not feel good about {{ '\0' }}. Anyway, I think the optimizer will produce the same code in the end.

Okay.

this was pretty odd...

Maybe the user could get some info about which keys were used to sign the zone in the end. Or we could add a new knotc command, something like knotc keyinfo example.com - that would be a nice feature, but obviously it can wait.

About keeping expired keys in the structure: I hope that before the keys expire, we'll have a new version out

DNSSEC functional tests passed, I think we can go ahead and merge this, even though planning is not done yet, assuming we'll fix it in the next RC.