layer/iterate: change the order of records in the answer when CNAME refers to the record that we already have

Vladimír Čunát authored 8 years ago and Ondřej Surý committed 8 years ago

On standard 64-bit: 24 -> 16 bytes per element.

TCP: free buffer when cancelling connection

Closes #76

See merge request !114

Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/76

iterate: answer NOTIMPL to other classes than IN

See merge request !110

Generate RSA certificates with GnuTLS < 3.5.0

See merge request !113

Create and use ephemeral TLS credentials if none are explicitly configured

See merge request !112

If the ephemeral X.509 certificate is due for renewal in less than a
week, regenerate it automatically.

If kresd is configured to listen using TLS, but it has no credentials,
it should fall back to generating ephemeral credentials and using
them.

It stores the ephemerally-generated secret key in the same directory
as the cache, using the name "ephemeral_key.pem".  If the cache
persists, then the key will too, even if the daemon dies.  This means
that any set of daemons that share a cache will also share an
ephemeral secret key.

The ephemeral X.509 certificate that corresponds to the key will be
automatically generated (self-signed), will have a lifetime of about
90 days (matching Let's Encrypt policy).  The ephemeral cert is
never written to disk; it is always dynamically-generated by kresd.

This should make it very easy to get DNS-over-TLS working in
opportunistic mode.

This can be useful for scheduling checks in the future, for logging
when we're using an expired cert, requesting a new cert, refreshing an
ephemeral cert, etc.

hints: don't crash if no file got loaded

See merge request !111

https://forum.turris.cz/t/quick-way-to-crash-kresd-knot-resolver/2470

At least until we implement them properly.

There was (always) a bug in the "normal mode", which complicated
difficult cases like zive.cz in default setting.

Make the build verbose when launching test instance

See merge request !108

Add script to launch separate testing instance

See merge request !107

Before C11, repeating a typedef is forbidden, if taken strictly, and
some compiler versions even reject it.  On the other hand lru.h was
missing it, which wasn't noticed due to glibc's <sys/types.h> defining it.
Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/114.

Before C11, repeating a typedef is forbidden, if taken strictly, and
some compiler versions even reject it.  On the other hand lru.h was
missing it, which wasn't noticed due to glibc's <sys/types.h> defining it.
Fixes https://gitlab.labs.nic.cz/knot/resolver/issues/114.

The problem was missed in !102 d6f79261.  Submitted as:
https://github.com/CZ-NIC/knot-resolver/pull/38