As noted in #94, it feels natural to call it like:
``net.listen({net.lo, '192.168.1.1'})``
Also, minor fixes were done in that function and corresponding docs.

there are cases where switches or middle-boxes
block DNS/UDP answers >512 octets completely,
this gives user an option to mitigate that.
however, there are authoritatives serving
large answers that don't support TCP, so it's
a compromise as always

there are cases where switches or middle-boxes
block DNS/UDP answers >512 octets completely,
this gives user an option to mitigate that.
however, there are authoritatives serving
large answers that don't support TCP, so it's
a compromise as always

this allows for efficient variable-interval
running events, so that the timer doesn't have
to be closed and recreated for each iteration

this allows embedding other event loops or just
asynchronous events triggered by socket activity.
this is required for things like cooperative
HTTP server, monitoring endpoint or remote
configuration daemon/controller

this change introduces new API for cache backends,
that is a subset of knot_db_api_t from libknot
with several cache-specific operations

major changes are:
* merged 'cachectl' module into 'cache' as it is
  99% default-on and it simplifies things
* not transaction oriented, transactions may be
  reused and cached for higher performance
* scatter/gather API, this is important for
  latency and performance of non-local backends
  like Redis
* faster and reliable cache clearing
* cache-specific operations (prefix scan, ...) in
  the API not hacked in
* simpler code for both backends and caller

* daemon now processes messages over TCP stream
out-of-order and concurrently
* support for TCP_DEFER_ACCEPT
* support for TCP Fast-Open
* there are now deadlines for TCP for idle/slow
streams (to prevent slowloris; pruning)
* there is now per-request limit on timeouts
(each request is allowed 4 timeouts before bailing)
* faster request closing, unified retry/timeout timers
* rare race condition in timer closing fixed

the daemon has now three modes of strictness
checking from strict to permissive.
it reflects the tradeoff between resolving the
query in as few steps as possible and security
for insecure zones

new trust anchors variables:
* trust_anchors.hold_down_time = 30 * day
* trust_anchors.refresh_time = nil
* trust_anchors.keep_removed = 0

these could be used to control how often should
root trust anchors be checked and how many removed
keys should be kept in log (0 by default)

Signed-off-by: Tomas Hozza <thozza@redhat.com>

addition to previous generic socket activation

fixes #11

daemon can accept existing fds on command line,
thus supporting process managers like circus or
upstart. a tiny supervisor script is attached

the second parameter to resolve() callback function
is request (kres.request_t), so the caller can
look into request stats, timing and zone cut data

if the root key file doesn’t exist, it will be populated from root DNSKEY query, which will be validated against root trust anchors retrieved over HTTPS with IANA cert verification against built-in current IANA cert CA. it requires luasocket and luasec for it to work. trust anchors XML file signature is not checked, as there’s no facility for PKCS7 checking yet.

effectively enables/disables usage of given IP protocol
for subrequests (the server can still listen on these)