Use the new isc_mem_c*() calloc-like API for allocations that are
zeroed.
In turn, this also fixes couple of incorrect usage of the ISC_MEM_ZERO
for structures that need to be zeroed explicitly.
There are few places where isc_mem_cput() is used on structures with a
flexible member (or similar).
The aim is to match unsafe patterns of allocation size arithmetic
and turn them into safe calls to the new `isc_mem_cget()`,
`isc_mem_creget()`, and `isc_mem_cput()`.
Add new isc_mem_cget(), isc_mem_creget(), and isc_mem_cput() macros to
complement the isc_mem_callocate() (which works like calloc()).
The overflow checks are implemented as macros in the <isc/mem.h>, so
that the compiler can see that the element size is constant: it should
always be `sizeof(something)`.
Add the text "TTL-style unit suffixes or ISO 8601 duration formats",
just like we do at other places that are duration option types.
Also, in the dnssec-policy "keys" example, use a TTL-style unit too.
There's a statement that says: "Here is an example (for illustration
purposes only) of some possible entries in a [keys] list:", and that
links to the wrong "keys" statement (it links to the TSIG keys section).
Remove the reference, as we are already in the right section.
The doc/arm/requirements.txt file is the single source of truth when it
comes to Sphinx tools versions used to build documentation via
util/release-tarball-comparison.sh.
The 'result' variable should be reset to ISC_R_NOTFOUND again,
because otherwise a log message could be logged about not being
able to get the TLS configuration based on on the 'result' value
from the previous calls to get the TSIG key.
When flushing the cache, we create a new cache database. The serve-stale
settings need to be restored after doing this. We already did this
for max-stale-ttl, but forgot to do this for stale-refresh-time.
For secondary, mirror and redirect zones the expiry time is set
from the zone file's modification time on restart. As zone dumping
take time, set the modification time of the zone file to the expire
time less the expire interval.
This allow for the EDNS options EXPIRE and NSID to be sent when
when making requests. The existing controls controlling whether
EDNS is used and whether EXPIRE or NSID are sent are honoured.
Adjust the expected byte counts in the xfer system test to reflect
the EDNS overhead. Adjust the dig call to match named's behavior
(don't set +expire as we are talking to a secondary).
