systemd: add interaction with nss-lookup.target

See merge request !1216

The point is to allow other services wait for DNS availability.
Of course, kresd may not be the DNS provider for this machine,
but it seems reasonable to still do this by default.

release 5.4.2

See merge request !1212

nitpicks

See merge request !1206

So far we have no idea how it can happen, but in this (rare) case
it seems fine to keep the process running.

Builds are still checked by the other pkftest suite. However, OBS
mirrors for CentOS 7 are just problematic. We've already tried to
contact them once, they fixed the issue but mentioned it will probably
come back. No point in wasting any more time with this test then.

Vladimír Čunát authored 3 years ago and Tomas Krizek committed 3 years ago

Our "debian-buster" CI image was clearly not a buster
(based on versions in logs).  I suspect this change can help.

build: fix when knot-dns headers are on non-standard location

See merge request !1210

knot-utils package is needed for kdig. However, if downstream package is
used, that tool is part of knot pkg instead - thus the missing package
would be non-critical. It is still needed if upstream packages are used.

modules/detect_time_skew: minor fixes

See merge request !1211

Cache is persistent (in principle) and it might not have accurate data
for whatever reason.  Let's not bring caching complications into this.
It's cheap: just a single query to root server(s) on resolver start.

Local time appears in future == the signatures appear not valid
*anymore*, and vice versa.

With broken IPv6 and no knowledge of IP addresses, we were quite often
chosing to resolve a NS's AAAA and then using it... which wasn't good.
Let's give preference to A here as well.

distro/test: update CA certificates for CentOS

See merge request !1209

On CentOS 7, the base image has an outdated LetsEncrypt certificate.

Tomas Krizek authored 3 years ago and Vladimír Čunát committed 3 years ago

By default, notice level is set. Thus, if users want to use log() in the
same way as pre-5.4, they'd have to increase the log level. This bumps
the log level of log() function to keep the same behavior.

modules/dns64: new features

Closes #478 and #368

See merge request !1201

The RFC says we MUST do it, though this implementation is lazy and
avoids a SHOULD in the RFC.

For example, absolute path meant for AF_UNIX could confuse this.