It was breaking on Darwin, and clang was throwing warnings.
Problem since ddb699d3.

documentation: reorganize chapters

See merge request !467

The manual page discusses basic usage of kresd, but completely lacks
configuration description. Users are pointed to
https://knot-resolver.readthedocs.io for reference. When visiting this
page, the most important information they don't have yet, is how to
configure kresd. This should be the first chapter in the documentation
to make it easier to find.

fix two nitpicks from clang-scan

See merge request !465

- utils.c: overflowing size_t is basically impossible, but well...
- stats.c: NULL would probably not cause a problem with zero length passed

policy: polish policy module up

See merge request !462

RFC 6303 section 3 explains that

   The SOA RR is needed to support negative caching [RFC2308] of name
   error responses and to point clients to the primary master for DNS
   dynamic updates.

Now SOA RR owner name matches query name so it can be cached.
Using zone name as owner would be more difficult so it is left for
further optimizations.

I've verified that nsupdate correctly determines that master name
does not exist and stops update process.

I've removed couple layers of indirection to make it easier to follow.
This should make it easier to extend the policy module.

CI: store respdiff database for debuging purposes

See merge request !443

Dockefile: fix TLS server in demo container

See merge request !463

Related: #297

Docker: fix Dockerfile for demo container

Closes #297

See merge request !461

libstdc++ was missing in the Alpine image.
At the same time, I've enabled DNSSEC validation, DNS-over-TLS, HTTP interface
and added explanatory message.

The deckard change was probably unintentional, so I reverted that.
The only real mistake I found was `sizeof(128)`, though the effect was
just unnecessary reallocations.

On the whole I really like it.  Verbose logging might get slightly
slower, due to increased amount of string allocation and copying,
but it does seem worth it, at least until we can prove otherwise.
I didn't look much into http module changes, etc.

doc: fix generating sphinx doc using older packages

See merge request !460

Split CLI for managed and unmanaged trust anchor modes

Closes #145 and #168

See merge request !358

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Config tests now have ability to run daemon with different arguments and
to check exit code.

Vitezslav Kriz authored 7 years ago and Petr Špaček committed 7 years ago

Arguments --keyfile, -k for managed mode
and
--keyfile-ro, -K for unmanaged (readonly) mode.

Automatic setting based on the file permission is removed because it was
confusing and could easily lead to state where automatic update does not
happen because of unexpected file permissions.

Check if folder is writeable was moved into Lua code.

Default unmanaged keyfile path can be specified at compile
time with option KEYFILE_DEFAULT. This default
configuration can be disabled in configuration file with
trust_anchors.keyfile_default = nil.