or REFUSEs.  We typically ended up retrying with the same server,
which is almost never good.  Now we remove the server from the set.

Nitpick: a couple kr_query fields are reordered for better packing.

All cache operations are now counted. These are internal cache
operations and do not map directly to number of queries or even number
of RRs.

Closes: !515

Function originally called kr_cache_sync() was in fact responsible
for calling mdb_txn_commit() and not mdb_env_sync() which was confusing.

and deduplicate the parsing logic.

Our CI environment requires a longer timeout during
high-load.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

We don't need the trustanchor() lua function for root bootstrap
anymore, so let's get rid of it.  It was undocumented (internal).

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

These keys will now be more uniformly represented and thus also
shown by .summary().  It's still not perfectly synchronized when
that function fails, but that seems acceptable.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

- allow accepting a string instead of file
- move some checks inside

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

It could've been confusing otherwise, e.g. revoked or otherwise
untrusted keys were shown without any annotation in some cases.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

This also implies that non-verbose logs won't contain any lines about
the TAs if they are unmanaged (by default), but that seems OK.

Petr Špaček authored 6 years ago and Vladimír Čunát committed 6 years ago

Previous logging was a bit confusing because it logged also intermediate
states during TA changes.

This is an attempt to avoid conflicts when executing tests in parallel.

Formerly keys with invalid public key data were accepted, leading to
negative keytag values in RFC 5011 metadata.

At the moment tests are quite dumb and test only basic HTTPS certificate
validation and XML parsing/error detection.

We need to refactor code first to allow more detailed testing.

FIXME: webserv.lua is not terminated when tests are finished

We are not RFC 7958 compliant and support only XML with just root zone
TA. Full compliance would require either proper Lua XML parser or CMS parser
and both are hard to get packaged in Fedora and elsewhere.

Also timestamps related to TA validity are limited to UTC timezone
because cross-platform timezone parsing is hard.
(Mac OS libc does not have usable strptime(%z).)

Closes: #435

It seems simpler, now that we have kr_rnd_buffered().

chantra authored 6 years ago and Petr Špaček committed 6 years ago

This modules allows knot-resolver to discover authoritative servers SPKI
digest by leveraging magic NS target names ala DNSCurve.

To simplify this, some of the zonecut API was generalized
(API+ABI break).  Detected by -Wpedantic.

Grigorii Demidov authored 6 years ago and Vladimír Čunát committed 6 years ago

Minor changes to be blamed on Vladimir.

We were quite inconsistent here.

Grigorii Demidov authored 6 years ago and Vladimír Čunát committed 6 years ago

- answer_finalize: new layer
- kr_request: keep ::qsource.packet beyond the begin phase
- kr_request: add ::daemon_context

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

Thanks to Marek for noticing it.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

It fired also when the name didn't contain the final dot.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

We use it as relatively high-level function, often on user-input names,
so it seems suitable that it does convert the case.
This fixes cache.clear('Example.Org.'), and probably also negative trust
anchors and policy uses.

Petr Špaček authored 6 years ago and Vladimír Čunát committed 6 years ago

Problem was caused by our lookup format where only the root zone starts
with \0 and all other zones start differently. This caused
cache_match('.') to match only data from root zone.