Refs #4

Refs #4

Conflicts:
	src/libknot/dnssec/zone-sign.c

Refs #4

refs #4

uint8_t * -> knot_dname_t *

refs #4

refs #4

Conflicts:
	src/libknot/dnssec/zone-nsec.c
	src/libknot/dnssec/zone-sign.c
	src/libknot/dnssec/zone-sign.h
	src/libknot/updates/ddns.c

refs #4

refs #4

refs #4

refs #4

refs #4

refs #4

- prereqs can still contain DNSSEC records
- removed now-obsolete code

Refs #4

Refs #4

refs #4

Slight cleanup and API changes included.

refs #4

 - This need a review, especially the locking side and RCU stuff

Refs #4

 - Not leaving orphaned RRSIGs in the zone results in not having them in DNSSEC changeset, we have to keep them.

Refs #4

Refs #4

- Also added a function that's supposed to fix broken chains, but it would not work with current changeset structure, commiting for future use, will drop.

Refs #4

Refs #4

- the signature was being written over the signer dname (causing SIGSEGV)
- signer name length was calculated incorrectly when validation RRSIG

refs #4

migration to new API for DNAMES

refs #4

Actions performed:

- merged 163 commits from feature-dnssec into 1.4 branch
- fixed compilation after API changes (dnames, rdata, adjusting, ...)
- fixed some warnings
- removed unused functions in zone adjusting

Possible problems:

- DNSSEC signatures might be invalid due to new way of handling DNAMEs

refs #4

 - added function that checks whether RRSet should be signed
 - lookup table can be optionally passed to the function, so that we do not double sign (for changeset signing)
 - currently add/remove lists are used to sign the changeset, new/old rrset lists would be more suitable, but those might be removed in the new release
 - untested + functions to fix NSEC(3) chain missing (something similar was already written, will ressurect from git)

refs #4

 - Changeset signing function needed for DDNS and post-diff signing

Refs #4