]> git.ipfire.org Git - thirdparty/knot-resolver.git/log
thirdparty/knot-resolver.git
10 years agolib/cache:introduced ranks + insecure flag
Marek Vavruša [Tue, 6 Oct 2015 17:34:16 +0000 (19:34 +0200)] 
lib/cache:introduced ranks + insecure flag

10 years agolib: cleanup
Marek Vavruša [Tue, 6 Oct 2015 16:44:41 +0000 (18:44 +0200)] 
lib: cleanup

10 years agolib: cleanup
Marek Vavruša [Tue, 6 Oct 2015 15:37:45 +0000 (17:37 +0200)] 
lib: cleanup

10 years agodaemon: attempt at using versioned libraries
Marek Vavruša [Tue, 6 Oct 2015 15:37:10 +0000 (17:37 +0200)] 
daemon: attempt at using versioned libraries

10 years agoMerge branch 'cache-improvements'
Marek Vavruša [Mon, 5 Oct 2015 17:18:11 +0000 (19:18 +0200)] 
Merge branch 'cache-improvements'

10 years agocachectl: querying/subtree deletion
Marek Vavruša [Mon, 5 Oct 2015 17:17:43 +0000 (19:17 +0200)] 
cachectl: querying/subtree deletion

- can query cache for records
- can remove only domain or subtree from cache
- can remove data in packet cache or other prefixes
- cache clear also reset NS reputation tracking

10 years agolib/pktcache: cache ANY in packet cache
Marek Vavruša [Mon, 5 Oct 2015 16:26:30 +0000 (18:26 +0200)] 
lib/pktcache: cache ANY in packet cache

10 years agolib/cache: key format change, code to check versions
Marek Vavruša [Mon, 5 Oct 2015 16:25:49 +0000 (18:25 +0200)] 
lib/cache: key format change, code to check versions

the key is now stored in a format friendly to prefix search, the values
also contain one more 16bit field to store rank of the data (to be
utilised later)

10 years agoccan/compiler: attribute nonnull support
Marek Vavruša [Mon, 5 Oct 2015 16:24:23 +0000 (18:24 +0200)] 
ccan/compiler: attribute nonnull support

10 years agolib: cleanup
Marek Vavruša [Mon, 5 Oct 2015 16:24:07 +0000 (18:24 +0200)] 
lib: cleanup

10 years agolib/resolve: cached names below cut are treated insecure
Marek Vavruša [Sun, 4 Oct 2015 19:24:46 +0000 (21:24 +0200)] 
lib/resolve: cached names below cut are treated insecure

10 years agolib/iterate: do not follow CNAME when queried for it
Marek Vavruša [Sun, 4 Oct 2015 19:23:59 +0000 (21:23 +0200)] 
lib/iterate: do not follow CNAME when queried for it

10 years agolib/iterate: do not follow CNAME targets outside cut
Marek Vavruša [Sat, 3 Oct 2015 22:03:12 +0000 (00:03 +0200)] 
lib/iterate: do not follow CNAME targets outside cut

this is a problem when both CNAME and the target are answered from the same NS (but different authority), but only the CNAME authority does DNSSEC. it’s probably legal, but it’s pretty stupid to do so

10 years agolib/resolve: disable DNSSEC when not under a TA
Marek Vavruša [Sat, 3 Oct 2015 20:08:10 +0000 (22:08 +0200)] 
lib/resolve: disable DNSSEC when not under a TA

10 years agolib/dnssec: when first DS fails, but second is ok
Marek Vavruša [Sat, 3 Oct 2015 20:07:53 +0000 (22:07 +0200)] 
lib/dnssec: when first DS fails, but second is ok

10 years agolib/resolve: accept even bad SBELT servers when bootstrapping
Marek Vavruša [Sat, 3 Oct 2015 18:31:33 +0000 (20:31 +0200)] 
lib/resolve: accept even bad SBELT servers when bootstrapping

10 years agolib/resolve: fixed bug with root NS/DNSKEY priming qry
Marek Vavruša [Sat, 3 Oct 2015 12:31:19 +0000 (14:31 +0200)] 
lib/resolve: fixed bug with root NS/DNSKEY priming qry

10 years agodaemon: updated libuv requirements doc, msg when SO_REUSEPORT isn't available
Marek Vavruša [Fri, 2 Oct 2015 12:00:28 +0000 (14:00 +0200)] 
daemon: updated libuv requirements doc, msg when SO_REUSEPORT isn't available

10 years agobuild: removed rpath from library build
Marek Vavruša [Fri, 2 Oct 2015 11:41:52 +0000 (13:41 +0200)] 
build: removed rpath from library build

10 years agobuild: `make CFLAGS=...` and `CFLAGS=... make` are identical
Marek Vavruša [Fri, 2 Oct 2015 11:40:37 +0000 (13:40 +0200)] 
build: `make CFLAGS=...` and `CFLAGS=... make` are identical

same for LDFLAGS. this fixes common problem where CFLAGS after make
was evaluated as a make variable and replaced the default, while
before as env variable and was prepended to the default string.
now they both behave as an env. variable

10 years agolib/zonecut: use SBELT only when necessary, prefer cached information
Marek Vavruša [Thu, 1 Oct 2015 14:55:22 +0000 (16:55 +0200)] 
lib/zonecut: use SBELT only when necessary, prefer cached information

before the algorithm was happy with root hints for all queries starting
at root, however they're often overloaded and result in timeouts
the updated code provides SBELT only for root NS query lookup and tries
to use cached information as much as possible

10 years agomodules/hints: data from hints is never authoritative
Marek Vavruša [Thu, 1 Oct 2015 16:08:44 +0000 (18:08 +0200)] 
modules/hints: data from hints is never authoritative

10 years agodaemon: duplicate command output to both remote and logs
Marek Vavruša [Thu, 1 Oct 2015 16:08:30 +0000 (18:08 +0200)] 
daemon: duplicate command output to both remote and logs

10 years agodaemon: modules = { mod = 'abc' } and mod.config('abc') are equal
Marek Vavruša [Thu, 1 Oct 2015 16:06:15 +0000 (18:06 +0200)] 
daemon: modules = { mod = 'abc' } and mod.config('abc') are equal

10 years agotests: fixed exception with canceled queries
Marek Vavruša [Thu, 1 Oct 2015 08:39:15 +0000 (10:39 +0200)] 
tests: fixed exception with canceled queries

10 years agolib/zonecut: fetch root DNSKEY from cache correctly
Marek Vavruša [Thu, 1 Oct 2015 08:38:46 +0000 (10:38 +0200)] 
lib/zonecut: fetch root DNSKEY from cache correctly

previously it was always overwritten with SBELT for root + root TA
doesn't have to be in cache (it's in trust store)

10 years agodaemon/lua: alias for resolve()
Marek Vavruša [Thu, 1 Oct 2015 08:37:27 +0000 (10:37 +0200)] 
daemon/lua: alias for resolve()

10 years agodoc: updated dnssec doc
Marek Vavruša [Wed, 30 Sep 2015 17:07:20 +0000 (19:07 +0200)] 
doc: updated dnssec doc

10 years agolib/dnssec: ascend if the referral went below signer key name
Marek Vavruša [Wed, 30 Sep 2015 17:03:40 +0000 (19:03 +0200)] 
lib/dnssec: ascend if the referral went below signer key name

refs #33

10 years agolib/zonecut: remember parent zone cut when descending
Marek Vavruša [Wed, 30 Sep 2015 17:02:24 +0000 (19:02 +0200)] 
lib/zonecut: remember parent zone cut when descending

10 years agodaemon: check that keyfile is readable and use abspath
Marek Vavruša [Wed, 30 Sep 2015 17:01:28 +0000 (19:01 +0200)] 
daemon: check that keyfile is readable and use abspath

10 years agoRevert "doc: rtd doxygen search"
Marek Vavruša [Wed, 30 Sep 2015 15:45:54 +0000 (17:45 +0200)] 
Revert "doc: rtd doxygen search"

This reverts commit 0f9e615b4f3ae84e125c11a43427b92ac3144059.

10 years agodoc: rtd doxygen search
Marek Vavruša [Wed, 30 Sep 2015 11:43:10 +0000 (13:43 +0200)] 
doc: rtd doxygen search

10 years agodaemon: doc
Marek Vavruša [Wed, 30 Sep 2015 10:22:29 +0000 (12:22 +0200)] 
daemon: doc

10 years agolib/nsrep: library supports multiple query targets
Marek Vavruša [Tue, 29 Sep 2015 21:11:14 +0000 (23:11 +0200)] 
lib/nsrep: library supports multiple query targets

the selected address is now an array with selection, caller can then send the same query to multiple offered targets

refs #35

10 years agolib/validate: fixed cases when the cut wasn’t updated
Marek Vavruša [Tue, 29 Sep 2015 21:07:23 +0000 (23:07 +0200)] 
lib/validate: fixed cases when the cut wasn’t updated

this could happen if the query contained a CNAME with AA=0, or missing mandatory DS in previous NS query

10 years agotravis: try the binary help
Marek Vavruša [Mon, 28 Sep 2015 16:06:23 +0000 (18:06 +0200)] 
travis: try the binary help

10 years agolib: moved RR stash to utils, prefixed
Marek Vavruša [Mon, 28 Sep 2015 16:03:53 +0000 (18:03 +0200)] 
lib: moved RR stash to utils, prefixed

10 years agodoc: updated readme
Marek Vavruša [Mon, 28 Sep 2015 15:37:29 +0000 (17:37 +0200)] 
doc: updated readme

10 years agoscripts: updated versions, tags
Marek Vavruša [Mon, 28 Sep 2015 15:35:04 +0000 (17:35 +0200)] 
scripts: updated versions, tags

10 years agodoc: updated doc and readme
Marek Vavruša [Mon, 28 Sep 2015 15:33:15 +0000 (17:33 +0200)] 
doc: updated doc and readme

10 years agobuild: bumped version to 1.0.0-beta
Marek Vavruša [Mon, 28 Sep 2015 15:14:50 +0000 (17:14 +0200)] 
build: bumped version to 1.0.0-beta

10 years agoMerge branch 'cache-rrsig-wip'
Marek Vavruša [Mon, 28 Sep 2015 15:12:38 +0000 (17:12 +0200)] 
Merge branch 'cache-rrsig-wip'

10 years agodoc: updated documentation and examples
Marek Vavruša [Mon, 28 Sep 2015 15:11:59 +0000 (17:11 +0200)] 
doc: updated documentation and examples

10 years agolua/trust_anchors: idempotent config()
Marek Vavruša [Mon, 28 Sep 2015 15:11:38 +0000 (17:11 +0200)] 
lua/trust_anchors: idempotent config()

10 years agodaemon/network: REUSEPORT check for libuv 1.7.0+ (which defines VERSION_HEX)
Marek Vavruša [Mon, 28 Sep 2015 15:11:09 +0000 (17:11 +0200)] 
daemon/network: REUSEPORT check for libuv 1.7.0+ (which defines VERSION_HEX)

10 years agolib/dnssec: cleanup
Marek Vavruša [Mon, 28 Sep 2015 15:10:32 +0000 (17:10 +0200)] 
lib/dnssec: cleanup

10 years agodaemon/trust_anchors: active refresh, timers, managed file
Marek Vavruša [Sun, 27 Sep 2015 22:05:23 +0000 (00:05 +0200)] 
daemon/trust_anchors: active refresh, timers, managed file

10 years agolua/sandbox: print non-printable characters in hex, text elide
Marek Vavruša [Sun, 27 Sep 2015 22:04:36 +0000 (00:04 +0200)] 
lua/sandbox: print non-printable characters in hex, text elide

10 years agodaemon/lua: print RR in text format (generic)
Marek Vavruša [Sun, 27 Sep 2015 22:04:10 +0000 (00:04 +0200)] 
daemon/lua: print RR in text format (generic)

example:
local rr = pkt:section(kres.section.ANSWER)[1]
print(kres.rr2str(rr))

10 years agodaemon/lua: bindings for packet sections and data
Marek Vavruša [Sun, 27 Sep 2015 22:00:44 +0000 (00:00 +0200)] 
daemon/lua: bindings for packet sections and data

example:
local rr = pkt:section(kres.section.ANSWER)
for i = 1, #rr do
if rr[i].type == kres.type.A then
print(kres.dname2str(rr[i].owner))
print(‘rdlen:’, #rr[i].rdata)
end
end

10 years agodaemon/lua: added some query flags to bindings
Marek Vavruša [Sun, 27 Sep 2015 21:57:37 +0000 (23:57 +0200)] 
daemon/lua: added some query flags to bindings

10 years agolib/rplan: added ‘NO_CACHE’ flag to avoid cache lookup
Marek Vavruša [Sun, 27 Sep 2015 21:57:04 +0000 (23:57 +0200)] 
lib/rplan: added ‘NO_CACHE’ flag to avoid cache lookup

this is useful if we want to prefetch or update data
in cache, it doesn’t affect the lookup of closest known
zone cut

10 years agodaemon: added ‘net.bufsize’ option for max UDP payload
Marek Vavruša [Sun, 27 Sep 2015 21:55:50 +0000 (23:55 +0200)] 
daemon: added ‘net.bufsize’ option for max UDP payload

sets maximum UDP/EDNS payload within <1220, 65535>
the default is max unfragmented UDP packet, but it’s
possible to set it higher if the network supports it to avoid
TCP retransmits

10 years agodaemon: added basic doc for trust_anchors and DNSSEC
Marek Vavruša [Fri, 25 Sep 2015 14:58:46 +0000 (16:58 +0200)] 
daemon: added basic doc for trust_anchors and DNSSEC

10 years agodaemon/trust_anchors: finished state table, own module, cleanup
Marek Vavruša [Fri, 25 Sep 2015 14:58:24 +0000 (16:58 +0200)] 
daemon/trust_anchors: finished state table, own module, cleanup

todo: active refresh

10 years agodaemon/main: fixed missing cmdline input
Marek Vavruša [Fri, 25 Sep 2015 14:26:05 +0000 (16:26 +0200)] 
daemon/main: fixed missing cmdline input

10 years agodaemon/trust_anchors: key state tracking (wip)
Marek Vavruša [Fri, 25 Sep 2015 11:57:34 +0000 (13:57 +0200)] 
daemon/trust_anchors: key state tracking (wip)

DS keys are injected into current set (unmanaged)
DNSKEY keys are in the managed set and their RFC5011 state is tracked

todo:
- implement timers and this AddTime/RemTime
- active refresh
- move to a separate module

10 years agodaemon/main: fixed CLI bugs
Marek Vavruša [Fri, 25 Sep 2015 11:55:39 +0000 (13:55 +0200)] 
daemon/main: fixed CLI bugs

10 years agolib/dnssec: accept valid and unrevoked keys (SEP not required), key matching
Marek Vavruša [Fri, 25 Sep 2015 11:54:30 +0000 (13:54 +0200)] 
lib/dnssec: accept valid and unrevoked keys (SEP not required), key matching

10 years agolib/dnssec: added missing functions, new key APIs
Marek Vavruša [Fri, 25 Sep 2015 08:40:52 +0000 (10:40 +0200)] 
lib/dnssec: added missing functions, new key APIs

10 years agolib/dnssec: fixed bad SEP check
Marek Vavruša [Thu, 24 Sep 2015 19:36:50 +0000 (21:36 +0200)] 
lib/dnssec: fixed bad SEP check

10 years agolib/validate: Added function that validates any NSEC no data response.
Karel Slany [Thu, 24 Sep 2015 16:25:16 +0000 (18:25 +0200)] 
lib/validate: Added function that validates any NSEC no data response.

10 years agolib/validate: Added function that validates any NSEC3 no data response.
Karel Slany [Thu, 24 Sep 2015 15:01:56 +0000 (17:01 +0200)] 
lib/validate: Added function that validates any NSEC3 no data response.

10 years agodaemon: -k [file] options allows to set trust anchors file without config
Marek Vavruša [Thu, 24 Sep 2015 12:26:37 +0000 (14:26 +0200)] 
daemon: -k [file] options allows to set trust anchors file without config

example:
$ kdig @a.root-servers.net +short +tcp DNSKEY . > root.key
$ kresd -k root.key

10 years agodaemon/config: cache open by default (even if not in config)
Marek Vavruša [Thu, 24 Sep 2015 12:12:47 +0000 (14:12 +0200)] 
daemon/config: cache open by default (even if not in config)

before the cache was disabled by default, but this has led to many user
errors (mine as well). this enables it by default (which is what most
people want anyway)

10 years agolib/iterate: another attempt
Marek Vavruša [Thu, 24 Sep 2015 12:04:54 +0000 (14:04 +0200)] 
lib/iterate: another attempt

10 years agolib/iterate: fixed stupid libknot api
Marek Vavruša [Thu, 24 Sep 2015 12:02:15 +0000 (14:02 +0200)] 
lib/iterate: fixed stupid libknot api

10 years agolib/validate: fixed processing of RRSIG queries
Marek Vavruša [Thu, 24 Sep 2015 11:53:28 +0000 (13:53 +0200)] 
lib/validate: fixed processing of RRSIG queries

10 years agolib/resolve: use CD=1 for subrequests, fixed TC=1 handling
Marek Vavruša [Thu, 24 Sep 2015 11:51:46 +0000 (13:51 +0200)] 
lib/resolve: use CD=1 for subrequests, fixed TC=1 handling

10 years agotests: increased timeout
Marek Vavruša [Thu, 24 Sep 2015 11:51:56 +0000 (13:51 +0200)] 
tests: increased timeout

10 years agolib/iterate: scrub DNSSEC records when DO=1
Marek Vavruša [Thu, 24 Sep 2015 09:43:47 +0000 (11:43 +0200)] 
lib/iterate: scrub DNSSEC records when DO=1

if the client doesn't support DNSSEC, scrub these from the answer
and do not set the AD bit

10 years agorrcache: disabled parent-child diff tests where parent is right
Marek Vavruša [Thu, 24 Sep 2015 09:42:34 +0000 (11:42 +0200)] 
rrcache: disabled parent-child diff tests where parent is right

until RFC2181 credibility is implemented in cache, this behavior breaks
DNSSEC as the parent-side comes first to the cache
disabled this behavior until implemented properly

10 years agodaemon/trust_anchors: foundations for automatic keyset mgmt
Marek Vavruša [Wed, 23 Sep 2015 17:03:54 +0000 (19:03 +0200)] 
daemon/trust_anchors: foundations for automatic keyset mgmt

10 years agodaemon/bindings: worker.resolve() can now call callback on completion
Marek Vavruša [Wed, 23 Sep 2015 17:03:25 +0000 (19:03 +0200)] 
daemon/bindings: worker.resolve() can now call callback on completion

example:

worker.resolve('cz', kres.type.NS, kres.class.IN, 0,
function (pkt)
local answer = kres.pkt_t(pkt)
print (answer:rcode())
end)

10 years agolayer/validate: removed struct contained_ids
Karel Slany [Wed, 23 Sep 2015 10:38:12 +0000 (12:38 +0200)] 
layer/validate: removed struct contained_ids

RRSets are merged by using stash_add().

10 years agolib/dnssec: allow KSK DNSKEY records for TA
Marek Vavruša [Wed, 23 Sep 2015 07:37:24 +0000 (09:37 +0200)] 
lib/dnssec: allow KSK DNSKEY records for TA

this allows the classic workflow, kdig for root DNSKEY
records to a key file and let it start

10 years agolib/resolve: fixed missing txn abort introduced a few commits ago
Marek Vavruša [Tue, 22 Sep 2015 16:11:59 +0000 (18:11 +0200)] 
lib/resolve: fixed missing txn abort introduced a few commits ago

10 years agolib/validate: prevent caching of answers needing revalidation
Marek Vavruša [Tue, 22 Sep 2015 16:11:30 +0000 (18:11 +0200)] 
lib/validate: prevent caching of answers needing revalidation

10 years agolib/validate: accept DNSKEYs at/below current cut
Marek Vavruša [Tue, 22 Sep 2015 15:51:39 +0000 (17:51 +0200)] 
lib/validate: accept DNSKEYs at/below current cut

this fixes a case when a DNSKEY is either accepted from cache or offered
in advance

10 years agolib/validate: DNSKEY answers from resolver cache do not trigger requery
Marek Vavruša [Tue, 22 Sep 2015 15:31:07 +0000 (17:31 +0200)] 
lib/validate: DNSKEY answers from resolver cache do not trigger requery

a cache is consulted before we even know a zone cut for the query, thus
the DNSKEY can't be validated. as a policy, everything should be
validated before it's accepted into cache, then it's trusted and
shouldn't be rechecked

10 years agolib/iterate: treat SOA change with signed queries as referral
Marek Vavruša [Tue, 22 Sep 2015 15:29:25 +0000 (17:29 +0200)] 
lib/iterate: treat SOA change with signed queries as referral

with DNSSEC, such query needs to be revalidated as the TA/key is missing
for the new zone cut, which would lead to duplicated answers

in the future there may be an api to defer query processing, but for now
it can't be done

10 years agolib/resolver: avoid traversal from root in some cases
Marek Vavruša [Tue, 22 Sep 2015 15:14:48 +0000 (17:14 +0200)] 
lib/resolver: avoid traversal from root in some cases

10 years agolib/rrcache: correct caching of subrequest
Marek Vavruša [Tue, 22 Sep 2015 15:14:19 +0000 (17:14 +0200)] 
lib/rrcache: correct caching of subrequest

10 years agolib/iterate: detect cut change when server hosts both parent and child
Marek Vavruša [Tue, 22 Sep 2015 15:13:49 +0000 (17:13 +0200)] 
lib/iterate: detect cut change when server hosts both parent and child

in this case the NS is an authority for both parent and child, so the NS
set stays the same and only the cut name changes

10 years agotests: fixed wrong unit in socket timeout
Marek Vavruša [Tue, 22 Sep 2015 09:16:32 +0000 (11:16 +0200)] 
tests: fixed wrong unit in socket timeout

10 years agolib: proper key/ta checks in zone cut resolution
Marek Vavruša [Tue, 22 Sep 2015 09:16:09 +0000 (11:16 +0200)] 
lib: proper key/ta checks in zone cut resolution

this fixes problems with servers authoritative both for
parent and child zone and vice versa
as the DS is authoritative parent-side, a full subrequest
is launched. this breaks some tests that don’t have
a full referral path

todo bugs:
- non-existence proof with only SOA and no NS is not
correctly resolved
- revalidation in some cases causes record duplication
- NS queries with DO=1 answered from cache are not correctly resolved, as the TA is not set at this time

10 years agolib/rrcache: fixed caching of DS records in referrals
Marek Vavruša [Tue, 22 Sep 2015 08:53:16 +0000 (10:53 +0200)] 
lib/rrcache: fixed caching of DS records in referrals

10 years agodaemon: negative trust anchors
Marek Vavruša [Tue, 22 Sep 2015 08:52:55 +0000 (10:52 +0200)] 
daemon: negative trust anchors

config:
trust_anchors.negative = { ‘bad.cz’, ‘here.com’ }

all names below these NTA will not be validated
(unless there is an island of trust below these anchors)

10 years agoMerge branch 'cache-rrsig-wip' of gitlab.labs.nic.cz:knot/resolver into cache-rrsig-wip
Karel Slany [Mon, 21 Sep 2015 16:15:02 +0000 (18:15 +0200)] 
Merge branch 'cache-rrsig-wip' of gitlab.labs.nic.cz:knot/resolver into cache-rrsig-wip

10 years agotests: added tests with empty QD response
Marek Vavruša [Mon, 21 Sep 2015 15:37:21 +0000 (17:37 +0200)] 
tests: added tests with empty QD response

10 years agotests: added NSEC3 wildcard no data response check
Karel Slany [Mon, 21 Sep 2015 14:48:14 +0000 (16:48 +0200)] 
tests: added NSEC3 wildcard no data response check

10 years agotests: added NSEC no data response checks
Karel Slany [Mon, 21 Sep 2015 14:30:46 +0000 (16:30 +0200)] 
tests: added NSEC no data response checks

10 years agotests: fixed numbering in some tests
Karel Slany [Mon, 21 Sep 2015 14:23:30 +0000 (16:23 +0200)] 
tests: fixed numbering in some tests

10 years agotests: merged NSEC3 name error response tests into single rpl
Karel Slany [Mon, 21 Sep 2015 14:19:34 +0000 (16:19 +0200)] 
tests: merged NSEC3 name error response tests into single rpl

10 years agotests: merged all NSEC name error response tests into single rpl
Karel Slany [Mon, 21 Sep 2015 14:08:47 +0000 (16:08 +0200)] 
tests: merged all NSEC name error response tests into single rpl

10 years agolib: cleanup unused variables
Marek Vavruša [Mon, 21 Sep 2015 07:17:47 +0000 (09:17 +0200)] 
lib: cleanup unused variables

10 years agogeneric/map: cleanup doc
Marek Vavruša [Mon, 21 Sep 2015 07:17:34 +0000 (09:17 +0200)] 
generic/map: cleanup doc

10 years agolib: saner TA store, in Lua module ‘trust_anchors’
Marek Vavruša [Mon, 21 Sep 2015 07:17:21 +0000 (09:17 +0200)] 
lib: saner TA store, in Lua module ‘trust_anchors’

preparations for TA rotation and management
in config:
trust_anchors.file = ‘root.key’
trust_anchors.auto = true // NOTIMPL
trust_anchors.add(‘. IN DS …’) // Manual addition

10 years agotests/notiml: fixed date to timestamps
Marek Vavruša [Sat, 19 Sep 2015 19:34:14 +0000 (21:34 +0200)] 
tests/notiml: fixed date to timestamps