It had no implementation for years - since 456e5446.

Upstream released the bump yesterday.
Tested with 2.0.4, 2.1.0-beta{2,3}.

It added a function from lua > 5.1, without bumping the language
version.  The changelog seems safe and Deckard still passes.

lib/dnssec: bugfix; libdnssec data structure was prematurely released after unsu…

See merge request !288

lib/dnssec: bugfix; libdnssec data structure was prematurely released after unsuccessful attempt of signature validation

I'd like to add NEWS entries already in the merge requests,
but I often forget.
Also mark version with -dev.

It's up to iterator to pick the interesting cases to auth_selected.

Hopefully this will fix the ./configure problem on Jenkins.
Also, an incorrect flag was passed.

NEWS: prepare for 1.2.6

See merge request !280

Update deckard to latest master

See merge request !279

Allow canceling respdiff without penalty

See merge request !281

Closes #179 and #178.

CI: run respdiff using docker image in Gitlab CI

See merge request !275

rrcache: don't clobber pkt if failing the second step

See merge request !274

I hope fixing this bug should diminish the recent experiences of Google
domains failing to resolve on Turris Omnia.

dnssec/nsec3: don't set AD flag in properly signed wildcard nodata answers

See merge request !273

The jump may lead to secure zone, so let the sub-query find out by
itself.  Otherwise we might cache those RRs with INSECURE rank even
though they are secure.  This shouldn't harm AD flags anymore.

Grigorii Demidov authored 7 years ago and Vladimír Čunát committed 7 years ago

When reconstructing the signed data for RRSet synthesized from wildcard,
omit leftmost name labels for each RR in RRSet, not only for the first RR.

This part of code still deserves better review.
It's a bit surprising that our current tests didn't discover it.

We incorrectly answered with AD in some cases, e.g. ntp.pool.org AAAA.

If a server puts NS into the authority section that refers to itself,
accept it as autoritative and validate it (if applicable).  This fixes
the val_nsec3_cnametocnamewctoposwc test, as unvalidated NS in the
final answer would prevent adding the AD flag.  The iter_pcname test is
broken by this, but the team's consensus is to prefer this solution.

Nitpicks: cleaner style in the function, and don't force inlining anymore.
(It's no longer a trivial function and compilers should be good at
determining whether to inline static functions or not.)

Especially when stashing into the cache, it was unclear which RRset
was being referred to.  Let's add type and owner name.

don't retry if REFUSED

See merge request !271