many clients do frequent retransmits of the query
to avoid network losses and get better service,
but then fail to work properly when a resolver
answers SERVFAIL to some of them because of the
time limit and some of them NOERROR. 
it's also a good idea to avoid wasting time
tracking pending tasks to solve the same thing.

if the upstream TCP query timeouted or the connection
was severed, it would dissociate the handle from
original query, so the query would be solved
but the requestor wouldn't see the answer unless
he requeried

Additional processing for REFUSED & SERVFAIL rcodes



See merge request !22

* simplified soft-fail per-ns limit to per-query
  limit, each query gets 4 tries at resolving
* instead of locking at single servfailing NS,
  penalise it and run reelection, this may or
  may not try other servers but avoids pathologic
  case when single NS is servfailing while others
  are good but never probed
* added new nsrep update mode (addition)

this code used memory pool of source packet instead
of the answer, this could result in invalidated
memory read if the memory occupied by source
packet was rewritten

* daemon now processes messages over TCP stream
out-of-order and concurrently
* support for TCP_DEFER_ACCEPT
* support for TCP Fast-Open
* there are now deadlines for TCP for idle/slow
streams (to prevent slowloris; pruning)
* there is now per-request limit on timeouts
(each request is allowed 4 timeouts before bailing)
* faster request closing, unified retry/timeout timers
* rare race condition in timer closing fixed

the daemon has now three modes of strictness
checking from strict to permissive.
it reflects the tradeoff between resolving the
query in as few steps as possible and security
for insecure zones

an internal timer walks RTT timer periodically and
clears entries with bad results every 5 minutes.
this means that a timeouted entry penalty is 
capped to that interval, making sure that the
bad reputation doesn't last forever

resolver will always attempt to contact upstreams
known to be bad if it's not busy.
this fixes a problem on low-volume resolvers
where a short connection outage could make
resolvers deny resolving queries even after the
connection is restored

This reverts commit f9ffeca9.

in permissive mode, resolver is free to use
(but not cache) non-mandatory glue records even
if they're not resolvable. this is great as a 
workaround for broken child-side zones, but
not great for security of, well, insecure
delegations. it's off by default.

Merge branch 'PaulosV-patch-1-readme-docker' of https://github.com/PaulosV/knot-resolver into PaulosV-PaulosV-patch-1-readme-docker

Merge branch 'daemon-doc-typo' of https://github.com/thozza/knot-resolver into thozza-daemon-doc-typo

new trust anchors variables:
* trust_anchors.hold_down_time = 30 * day
* trust_anchors.refresh_time = nil
* trust_anchors.keep_removed = 0

these could be used to control how often should
root trust anchors be checked and how many removed
keys should be kept in log (0 by default)

Signed-off-by: Tomas Hozza <thozza@redhat.com>