[Opendnssec-develop] Optimization of the sorter

Rickard Bellgrim rickard.bellgrim at iis.se
Tue Jan 12 12:16:45 CET 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

How was the information flowing now again?

Unsigned zone -> sorter -> zone.sorted
(Sort the zone canonically)
zone.sorted -> zone_reader -> zone.processed
(Sort the zone according to the relevant signing details (either in 'normal' or 'NSEC3' space) and add DNSKEYS)
zone.processed -> nseccer/nsec3er -> zone.nsecced
(strips the glue from it, and adds nsec(3) records)
zone.nsecced + zone.signed -> signer -> zone.signed2 -> zone.signed
((re)signs the zone)
zone.signed -> finalizer -> zone.finalized
(Uncomment the glue etc.)
zone.finalized -> (Auditor) -> Signed zone
(Output the signed zone)

And if the sorting config has changed, then do this first:
zone.signed -> sorter -> zone.signed.sorted
zone.signed.sorted -> zone_reader -> zone.signed.processed -> zone.signed

The sorter is now also flattening the zone file. Couldn't this only be done for the unsigned zone and not the internal zone. Because we could assume that the internal zone storage is ok (when sorting the zone.signed)?

What is the difference between the sorting in sorter and nseccer? Or is it just that the zone is only sorted a second time if you are using nsec3er?

// Rickard

-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
Charset: utf-8

wsBVAwUBS0xaHeCjgaNTdVjaAQhbvQgAnsCyNGiSYCqWASetfeTwzt5kcfrbV5ZZ
BnSi1Syx8anXrGhZAcxozLsDk/krked97nOip+0aI9R+0l1lEzx+684mJGNvDq5l
u2/t0ofNHPNieivhwkNsjK9Fa2HnAyNEwfsmP9VMvDocOyGvKjpBR+kHsPA5uyIo
hLNxpt8dMy194iMYbdmSs2dYlrqCapQdwH645tcT7hBnAYEpY13OMKUJUxPmc8Me
vOdiz2u4umYq7fyK4OReO8GQZX04nG7S4BF/kfRbKwHSR9K1V8nDcipHRWe7tKL4
KpAREut1ByHPF+/LQgNworYNzYBXEo5iS5dR2S/YUL0BxZbYN6UfxA==
=FhkZ
-----END PGP SIGNATURE-----


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.opendnssec.org/pipermail/opendnssec-develop/attachments/20100112/3c5db524/attachment.html>


More information about the Opendnssec-develop mailing list