The original prefill module did not import zone data after daemon
restart unless the file TTL was expired. The module now reuses data
on disk as long as TTL is not expired, and imports the zone after module
load.

An attempt to rename/move temporary file to its final destination will
fail if /tmp and working directory belong to different filesystems.

It seems that temporary file is not required so it easier to get rid of
it altogether.

ca_path parameter is now required so the module does not do anything
until its config() method is called.

Grigorii Demidov authored 7 years ago and Petr Špaček committed 6 years ago

The old kr_rrkey() was used only on one place (and incorrectly) so now
we are replacing both copies with single implementation for general
resolver and root zone import.
It should not make any practical difference.

worker: fixed infinite loop on send failure

See merge request !559

The problem here is when qr_task_send() returns an error, the
following error handler will attempt to cancel all tasks that were
started on the same connection, but that will only work for the first
task (which is finished), the qr_task_on_send() will have no effect
on tasks in progress as the passed handle is NULL, and the task->finished
is false, thus looping infinitely.

The solution here is to let the rest of the tasks complete, even though
sending answer back will fail (which is fine).

tls_client logging and doc improvements

See merge request !536

It just feels more consistent with the rest.

improve TLS error handling

Closes #340

See merge request !555

... and migrate kr_zonecut to it.

Needed for followup commits.  The trie_* names aren't ideal for global
namespace, but ATM I can't see a better way.

Well, we could e.g require C11 instead of C99, but this one is easy.

(Don't use them anywhere yet.)

fixed validation of root DS

See merge request !544

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

... after the parent commit. Perhaps it can't cause trouble,
but I'll feel safer this way.

Marek Vavruša authored 6 years ago and Petr Špaček committed 6 years ago

The root DS exists outside of DNS hierarchy, so its NSEC proving non-existence
always contains the SOA, as that's the root of DNS and there's nothing above it.

Always create a endpoint in network_listen_fd

See merge request !523

Vicky Shrestha authored 7 years ago and Petr Špaček committed 6 years ago

There is no need to check for unique addr+port for FDs passed
by a supervisor process like systemd.