[Opendnssec-develop] New zone reader
Rick Zijlker
rick.zijlker at sidn.nl
Wed Feb 17 10:32:04 UTC 2010
Hey Matthijs,
Signing the .nl zone opt-out without DS records now took 10 minutes of
which sorting took 5 minutes. When the quicksorter is ready and added it
should be signed in 6 minutes. Great work!
We will now check the effects of respectively adding 10, 20 and 30
percent of DS records.
Just FYI, Tom Walker from Nominet is visiting us right now and we're
having a "test-sprint".
Cheers,
Rick
-----Original Message-----
From: opendnssec-develop-bounces at lists.opendnssec.org
[mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of
Matthijs Mekking
Sent: dinsdag 16 februari 2010 12:01
To: Opendnssec-develop at lists.opendnssec.org
Subject: [Opendnssec-develop] New zone reader
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hi,
I have just committed the new zone reader to trunk. This new tool uses a
lot of the structures that are going to be used in the new signer
engine.
Basically, it takes the sorted zone file and adds empty non-terminals to
it, defines glue and unsigned delegations. It could also work on the
.unsorted file. It adds NSEC and NSEC3 records where necessary. The
nseccer and nsec3er tool become obsolete. No .processed files are
created anymore.
In case of NSEC: All glue records go into the <zone>.optout file.
In case of NSEC3: All glue records and unsigned delegations (in case of
optout) go into the <zone>.optout file.
The signer is presented with the other records, just like in versions
1.0.0 and before.
The finalizer glues back the .optout file to the .finalized file.
I would be grateful if you could test it.
Best regards,
Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iQEcBAEBAgAGBQJLenriAAoJEA8yVCPsQCW5LF4IAJNnikUfF7wZpMi7aHrgIiay
VW0Fb0gDYdG2JttXdz8wt/5b2USjGsMB2pl+whwvKK61RIMxRdcTzHzE1cjGjC9+
1KnSSy+msH4qo+AYCno0FarHDKg+QrQtt2PZJKm69BqG2/TWylbiL8zQViCllsCv
l0TdkG/MAmGtG0QeXZd2TnznHmCMDx7cOkii6Eb6V8C8/kZz/h7niVT/ty2nUIT/
XsKxxXfk5MZmLsSQ6mxg76ElbrBiREukbhAJLiMTv0PmKDDHJN/vqSsoaJViOmtC
z02NduYUmgdXXepJ2792csn5M5moeqPzl9k56ChKuydE2mcliEYTYiQ5BDRwDtM=
=Fi6f
-----END PGP SIGNATURE-----
_______________________________________________
Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org
https://lists.opendnssec.org/mailman/listinfo/opendnssec-develop
More information about the Opendnssec-develop
mailing list