Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Monotonic time from libuv function uv_now (wrapped in kr_now) is
used for query timeout, stats and RTT in reputation cache.

Cache, DNSSEC Validation and Cookies use real time.

Some RR type definitions present in IANA DNS parameters registry were
missing in kresd. This commit synchronizes the tables with IANA registry
as of 2017-12-08 13:20 UTC.

At the same time, this commit is
fixup! converted constant tables, support kres.type.TYPE1234
The mentioned commit accidentally removed NULL definition which broke TA
signaling module.

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

This module is enabled by default, but disabled in Deckard tests.

Let's not mix daemon and client files as client might grow to multiple
files in future. This will also help with upcomming changes to packaging
scripts.

The script did not work under Python 3, and given broad support for
SO_REUSEPORT, it is easier to drop it than to debug it.

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Also removed priming query from trust anchor module.
Updated deckard repository.

Also fixed improper promotion of `ffi` to global variable.

```
$ luacheck --codes daemon/lua/
Checking daemon/lua/config.lua                    OK
Checking daemon/lua/kres-gen.lua                  OK
Checking daemon/lua/kres.lua                      OK
Checking daemon/lua/sandbox.lua                   OK
Checking daemon/lua/trust_anchors.lua             OK
Checking daemon/lua/zonefile.lua                  OK

Total: 0 warnings / 0 errors in 6 files
```

The library now depends on libknot >= 2.4.0 (in Debian stable),
this allows us to remove a dead code and sed-ing of the kres.lua

Added a basic config tests to check that constants still work,
and basic interface to rrsets still works after the change.

The difficulty with using structs as constant tables is that access
to non-existent fields throws an error. This is difficult to handle
without wrapping every access in a pcall, for example in predict module:

```
error: /usr/local/lib/kdns_modules/predict.lua:34: 'struct rr_type' has no member named 'TYPE65535'
```

So I converted the constant tables into regular Lua tables,
and added a metatable for RR types to allow looking up unnamed types,
in the TYPE%d format. Looking up non-existent fields will now
return nil instead of throwing an error.

The config tests locked up on error as if error was raised from the
event callback, it would never reach the `quit()` statement, so
server would never close on error.

Added a script to make running these types of tests a little bit nicer
and to allow concurrent execution of config tests.

Added a test for the predict module, that fails on prediction
of unknown types:

```
error: /usr/local/lib/kdns_modules/predict.lua:34: 'struct rr_type' has no member named 'TYPE65535'
```

For now I didn't touch the generator to be correct on this line,
as we will probably want to change it after bumping minimal libknot
version.

I'm sorry. Buggy commit: 2ba2a5e8

We can ignore the signal, as the affected libuv calls report error
by returning EPIPE anyway.
Fixes https://gitlab.labs.nic.cz/knot/knot-resolver/issues/271

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Implementation of RFC 8145 section 5 as module.

Fixes: #383

fixup! Signaling Trust Anchor Knowledge in DNSSEC using Key Tag Query

The -r has two different meanings, apparently :-D

... when the installed root.hints isn't found

"lua_" in name is not appropriate, as the function does no lua stuff
anymore, so let's unify it to "engine_".

- move it to utils.c, so it's sensitive to later changes in verbosity
- don't mark the lines with [tls], as they may come through libdnssec
- use stdout like other verbose messages, instead of stderr (real errors)

- expose the function as hints.root_file
- use the same filename as Debian
- remove the unneeded script
- docs and some nitpicks

Production kresd should compile with -DNDEBUG, so it wouldn't be
affected by this, but it was annoying for debugging other problems.
See https://gitlab.labs.nic.cz/knot/knot-resolver/issues/245

Previously a read transaction could be held open by each fork
indefinitely.  That was done for better speed, but it had a downside
of keeping old pages alive and potentially reading only old data,
until some writes were attempted by that fork.

Now kr_cache_ provides explicit API for suitable points where to break
transactions, reusing the _sync command.  On LMDB side the read-only
transaction is only reset and later renewed, supposedly giving better
performance than aborting (see LMDB docs on reset+renew).

Performance: preliminary testing with two forks, resperf on comcast
query-set shows no noticeable difference in peak QPS.

Stop IPC after getting an error.  One point is the situation when one
of the forks ends for some reason, which lead to problems.
Another point is pipes getting out of sync.

Smaller changes:
- don't free the handle while it's still half-in-use
- don't fully panic here because of ENOMEM, just stop IPC

Fixes https://gitlab.labs.nic.cz/knot/knot-resolver/issues/150

Confusion related to wrong cache configuration is more frequent than it
should be. Hopefully this will enable users to help themselves.

- the returned value is up to max-1 and not max (tiny bias)
- improve efficiency slightly
- unsigned -> uint32_t, as that's the range it supports (mostly equal)

It was rather low-level anyway.