When at it, switch to generating the libzscanner bindings.

The _t isn't uint8_t* anymore but a structure with .len and .data.

To work on RRSIG TTLs, libknot >= 2.7.1 is needed.

- <dnssec/**> -> <libdnssec/**>
- <zscanner/**> -> <libzscanner/**>

Previously multiple kresd processes might use the same .lock file at
once and thus have a race between writing and renaming.  That could
happen relatively often if starting many instances *at once*.

These happen with -DNDEBUG only, and clang detects them (not gcc 7).

Equality to `unsigned long` is not guaranteed, and was getting us
warnings on macos (maybe it's not equal there).
Also reduce the overlong lines.

The catch is that during configuration file processing,
no cache is open (yet), as kresd can't know if the config
does open it in some later part (with non-default path or size).
Now we just throw an error.  Exceptions:
 - cache.open() and cache.backends(), of course :-)
 - cache.ns_tout() - not required, it's not really inside cache
 - cache.close() - it sounds reasonable to allow "closing a closed cache"

This immediately caught a typo in cache metatable.

This should fix #385: possible floods with
> scheduling rotation check in 0 ms

Marek Vavruša authored 7 years ago and Tomas Krizek committed 6 years ago

The package_version() function returns current build information.
Removed the version module instead of fixing, as it's being obsoleted.

Petr Špaček authored 6 years ago and Vladimír Čunát committed 6 years ago

Closes: #320

Petr Špaček authored 6 years ago and Vladimír Čunát committed 6 years ago

Fix mess in daemon/lua/kres-gen.lua after
6e2ed9ec

Petr Špaček authored 6 years ago and Vladimír Čunát committed 6 years ago

Remove stray kr_zonecut_find_nsname() which somehow appeared in
45e38b3d.

Vladimír Čunát authored 6 years ago and Petr Špaček committed 6 years ago

We just ran into that in the val_ta_sentinel_insecure.rpl test.

There is no GnuTLS version which would make this safe.
See https://gitlab.com/gnutls/gnutls/issues/477

Otherwise CentOS 7 enables those two "ciphers" by default.
Noticed in #355.

Grigorii Demidov authored 6 years ago and Petr Špaček committed 6 years ago

daemon/tls: system CA's are used by default with TLS_FORWARD policy when ca_file parameter is omitted

Marek Vavruša authored 7 years ago and Grigorii Demidov committed 6 years ago

Previously the module was created on configuration time, so it wasn't
possible to inject custom endpoints to the default interface.

Marek Vavruša authored 7 years ago and Grigorii Demidov committed 6 years ago

The AD indicates validation request (but not request for DNSSEC records).
If the response can't be validated, resolver flips the AD to 0.

The handlers in Lua can now store per-request variables that are automatically
GC'd when the request is finished. This is useful for stateful modules,
such as DNS64 that uses internal option flags for state tracking.

The layers can now get a variable table like so:

```
local vars = kres.request_t(r):vars()
vars.hello = true
```

The variables are persisted between different layers for each request.

I don't think it's good to write that we "provide a library",
as it currently doesn't seem suitable for usage outside kresd.