[Opendnssec-develop] New zone reader
rick.zijlker at sidn.nl
Wed Feb 17 10:32:04 UTC 2010
Signing the .nl zone opt-out without DS records now took 10 minutes of
which sorting took 5 minutes. When the quicksorter is ready and added it
should be signed in 6 minutes. Great work!
We will now check the effects of respectively adding 10, 20 and 30
percent of DS records.
Just FYI, Tom Walker from Nominet is visiting us right now and we're
having a "test-sprint".
From: opendnssec-develop-bounces at lists.opendnssec.org
[mailto:opendnssec-develop-bounces at lists.opendnssec.org] On Behalf Of
Sent: dinsdag 16 februari 2010 12:01
To: Opendnssec-develop at lists.opendnssec.org
Subject: [Opendnssec-develop] New zone reader
-----BEGIN PGP SIGNED MESSAGE-----
I have just committed the new zone reader to trunk. This new tool uses a
lot of the structures that are going to be used in the new signer
Basically, it takes the sorted zone file and adds empty non-terminals to
it, defines glue and unsigned delegations. It could also work on the
.unsorted file. It adds NSEC and NSEC3 records where necessary. The
nseccer and nsec3er tool become obsolete. No .processed files are
In case of NSEC: All glue records go into the <zone>.optout file.
In case of NSEC3: All glue records and unsigned delegations (in case of
optout) go into the <zone>.optout file.
The signer is presented with the other records, just like in versions
1.0.0 and before.
The finalizer glues back the .optout file to the .finalized file.
I would be grateful if you could test it.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
-----END PGP SIGNATURE-----
Opendnssec-develop mailing list
Opendnssec-develop at lists.opendnssec.org
More information about the Opendnssec-develop