DNSSEC: refresh signatures earlier
The signatures are now refreshed (signature_lifetime / 10) seconds before their expiration. The default signature lifetime is 30 days, therefore the signatures are refreshed 3 days before their expiration. The parameter 'expires_at' in signing functions was renamed to 'refresh_at', as the name was misleading. The signing policy structure was cleaned and helper functions were added. DNSSEC event logging was changed from relative to absolute value, because the intervals are much longer now.
Showing with 180 additions and 149 deletions