[Opendnssec-develop] Support of APL in dnsruby
Rickard Bellgrim
rickard.bellgrim at iis.se
Tue Dec 8 14:48:34 UTC 2009
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> It's possible to implement. While we're on the subject, we should also
> implement the HIP RR (signer support required), and possibly some/all
> other Experimental RRs. Do we want to keep the signer and auditor in
> step with regard to the RR types they support?
It would be desired that they support the same types of RR. And it would be desired that we support the experimental RRs + HIP. The support of RR types does not conflict with OpenDNSSEC release other than that the libraries and OpenDNSSEC share the same developers. So currently we can only implement support if we got an request and that we have time to do it.
Alex, do you have time for APL?
But after 1.0.0 we should try to sync dnsruby and ldns.
> > And also that the Auditor should skip RR which it does not
> > understand. But what would happen with NSEC/NSEC3 with this RR in its
> bitmap?
>
> The auditor should be able to note the type (which it didn't understand
> the RR for) as occurring at the name, and then expect that type to
> appear in the NSEC(3) bitmap, without understanding the RR itself. Of
> course, it would not be able to verify the RRSIG for the RRSet of the
> unsupported type - it would simply skip that check.
>
> I could add this functionality if it was desired?
I think it would be good, even if the dnsruby and ldns are in sync. It might be that the user has an old dnsruby installed. And a unknown RR type (not TYPExx) will now stop the auditing. But the code change is a little bit big, so perhaps do it after 1.0.0?
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8
wsBVAwUBSx5nQuCjgaNTdVjaAQhn2wgAqp72ka/+9JXnTdzywEF5PajoBAesczHy
Eu6U3/0ZGn/uf6ozMXB41mnkIQo3kvhjSjUBc8hrsJxDzNjSx16VEWG4xvjxqI9A
A1wiGFS17FO8PCG/QBkrNLuWjWgYPjf3HO4pSVMWU8nrgv6eKZ3hiZhSdIde6eAJ
iAZnA0pJ9ecJkonXemU3F6i7f3GSnXwEl3N47HwyHsKi6HDyf83nmvaymyVnScIs
plYNIuLgHJvgYv/P6n95xt24hBjZ7zwsqqbNFAyiLcsMVFShyQ6amQ60QwMLTKth
ZHEYWjQplMPNWhCJcmw6Xk521JYcAft0VMqtTdDobsLKotDvmO9fdw==
=0DQo
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20091208/0e468405/attachment.htm>
More information about the Opendnssec-develop
mailing list