[Opendnssec-develop] Optimization of the sorter
rickard.bellgrim at iis.se
Tue Jan 12 12:16:45 CET 2010
-----BEGIN PGP SIGNED MESSAGE-----
How was the information flowing now again?
Unsigned zone -> sorter -> zone.sorted
(Sort the zone canonically)
zone.sorted -> zone_reader -> zone.processed
(Sort the zone according to the relevant signing details (either in 'normal' or 'NSEC3' space) and add DNSKEYS)
zone.processed -> nseccer/nsec3er -> zone.nsecced
(strips the glue from it, and adds nsec(3) records)
zone.nsecced + zone.signed -> signer -> zone.signed2 -> zone.signed
((re)signs the zone)
zone.signed -> finalizer -> zone.finalized
(Uncomment the glue etc.)
zone.finalized -> (Auditor) -> Signed zone
(Output the signed zone)
And if the sorting config has changed, then do this first:
zone.signed -> sorter -> zone.signed.sorted
zone.signed.sorted -> zone_reader -> zone.signed.processed -> zone.signed
The sorter is now also flattening the zone file. Couldn't this only be done for the unsigned zone and not the internal zone. Because we could assume that the internal zone storage is ok (when sorting the zone.signed)?
What is the difference between the sorting in sorter and nseccer? Or is it just that the zone is only sorted a second time if you are using nsec3er?
-----BEGIN PGP SIGNATURE-----
Version: 9.8.3 (Build 4028)
-----END PGP SIGNATURE-----
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the Opendnssec-develop