Tighten CNAME validation to block cases that fail various validators

[Kris Deugau]

Currently CNAMEs may be created in parallel with existing records. This can cause validation failures in external DNSSEC signing tools or lookup failures when the records are published.

Add checks for parallel records with options to:

• warn and continue
• suggest/coerce-to ALIAS (root domain only)
• fail with error
• remove the parallel record(s)

[Kris Deugau]

In 937:

/branches/cname-collision

First pass/chunk for a CNAME-collision sub
Comment much-simplified local check in CNAME validation sub, add prelimiary call to new sub
See #72.

[Kris Deugau]

In 938:

/branches/cname-collision

Refine collision sub calling convention/arguments
Add preliminary call in A record validation
See #72.

[Kris Deugau]

In 939:

/branches/cname-collision

Logic bug checking the CNAME record count
Fix up call to collision sub so it might actually run
See #72

[Kris Deugau]

In 940:

/branches/cname-collision

Add calls to collision sub in AAAA, SRV, and CAA record validation subs
See #72

[Kris Deugau]

In 941:

/branches/cname-collision

Correct "how did past me set up this hash anyway?"-ism
Move call to collision check sub to end of CNAME validator
See #72

[Kris Deugau]

In 942:

/branches/cname-collision

Move A record CNAME collision check to end of validator
Add CNAME collision check call to NS, PTR, MX, TXT. Calls also cover A+PTR,

AAAA+PTR, and RP types as those call the A, AAAA, and TXT validators respectively.

See #72

[Kris Deugau]

In 950:

/branches/cname-collision

Start adding actual tests. See #88.

First chunk, tests for CNAME collision checks. See #72.

[Kris Deugau]

In 951:

/branches/cname-collision

Add CNAME record-add tests for reverse zones. See #88, #72

[Kris Deugau]

In 952:

/branches/cname-collision

Add add-duplicate-CNAME test that got missed somehow when shuffling patches
Wrap domain and reverse zone groups of tests in their own blocks
See #88, #72

[Kris Deugau]

In 953:

/branches/cname-collision

Add domain record update tests
See #88, #72

[Kris Deugau]

In 954:

/branches/cname-collision

Fix another patch-shuffling oops; accidentally duplicated a test instead
of copying in the appropriate variantion.
See #72, #88

[Kris Deugau]

In 955:

/branches/cname-collision

Rename some subtests for consistency
Fix trivial whitespace oops
See #72, #88

[Kris Deugau]

In 956:

/branches/cname-collision

More test name fiddling for consistency
See #72, #88

[Kris Deugau]

In 958:

/branches/cname-collision

Merge a minor bit of test framework stuff from /trunk
See #88, #72

[Kris Deugau]

In 959:

/branches/cname-collision

Extend _cname_collision() lookups to skip the record passed in for update,
so as to not fail the checks by finding that record itself.
See #72.

[Kris Deugau]

In 960:

/branches/cname-collision

Add calls to _cname_collision() in a couple more record validators (A+PTR
template, delegation, ALIAS).
See #72.

[Kris Deugau]

In 964:

/branches/cname-collision

Tests for CNAME updates in reverse zones
See #72, #88

[Kris Deugau]

In 968:

/branches/cname-collision

Exclude expired records from collision failures
See #72, #88

[Kris Deugau]

In 969:

/branches/cname-collision

Test for collision with yet-to-expire record. Technically overkill as it
falls through to the non-expiring-record case but future refinements may
make this relevant.
See #72, #88

[Kris Deugau]

In 970:

/branches/cname-collision

Compact the timestamp check from r968 since it's looking like further
timestamp-related checks will need to go elsewhere anyway, and copy it
into the second section.
See #72, #88

[Kris Deugau]

In 973:

/branches/cname-collision

Revise/tighten normalization for $stamp and $expires in addRec() and
updateRec() so that they can be passed to the validators, so that CNAME
collision checking can account for record expiry/valid-after.
See #72

[Kris Deugau]

In 974:

/branches/cname-collision

Fix SQL logic bug picking out possible colliding records
See #72

[Kris Deugau]

In 976:

/branches/cname-collision

Add a set of test records with various expiry/valid-after settings for
testing CNAME collisions
Add a file of SQL UPDATEs and a call in the test setup module to normalize
the actual tested timestamps to a sliding window so that the base SQL
reference doesn't need to be updated on an ongoing basis for the tests to
work correctly
See #72, #88

[Kris Deugau]

In 978:

/branches/cname-collision

Fold the "not-a-CNAME" and "only-CNAME" lookups into a loop to avoid
mistake-prone copypasta in extending CNAME collision checks further
See #72

[Kris Deugau]

In 979:

/branches/cname-collision

Fix dumb typo in timestamped record timestamp reset SQL
See #72

[Kris Deugau]

In 980:

/branches/cname-collision

Fix missed pass-by-reference on timestamp flag calling into the validator subs
See #72

[Kris Deugau]

In 981:

/branches/cname-collision

Remove calls to _cname_collision() from individual validator subs in favour
of a followup call direct from addRec() and updateRec(), so that warnings
from the validators can be more cleanly (ie, less copy-pasty) merged from
potential warnings from the CNAME collision check (some timestamp cases will
use this).
See #72

[Kris Deugau]

In 982:

/branches/cname-collision

Add test for new non-timestamped CNAME colliding with a record with a
future valid-after stamp
See #72, #88

[Kris Deugau]

In 983:

/branches/cname-collision

Account for future valid-after records when checking CNAME collisions.
See #72