[Opendnssec-develop] No RRSIG in .signed.sorted

Matthijs Mekking matthijs at NLnetLabs.nl
Thu Mar 25 16:57:41 UTC 2010


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Rickard Bellgrim wrote:
>> Yes. The sorter drops RRSIGs and NSEC(3)s. Perhaps we should add a flag
>> to the quicksorter that it should only drop these records when the flag
>> isn't set?
> 
> Hmm, but this is the same behavior as in v1.0. That there is no RRSIG in .signed.sorted

Ah ok, than indeed we don't keep signature when the policy changed.

> 
>> Beware of the zone reader, it expects RRSIGs always to be *after* the
>> corresponding RRset
> 
> The RRSIG is not always after the corresponding RRset.
> 
> If the quicksorter would not drop the signatures, then any RR with a higher RR type number would get sorted after the RRSIG.


Yes, so if we go down that path, we must take that into account (either
change the zone_reader or adapt the sorting in the quicksorter)

Matthijs
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iQEcBAEBAgAGBQJLq5YDAAoJEA8yVCPsQCW5+fYH/ifZLIu0uWLU28EaVwATIR+o
xQkXTK202kT1F/iDNxWyKKlj7CAQo0yqqsGbobhDbFs3D7JseW8fplRKliSOuVzm
0KBzZI1yfFM6OC27Nii2Po6Qkb+i+6I3tqfFrXhNUNKcq3qd1dxzZOgW9qFo8Mzc
3tdiHLLBWpzu44Jc9pZty3FVsLwC46WKp3TLhHKMUhQJfqEIFYja4CXn9q17Awuv
1UdYCH8FXvOrzdfApmLY4K3TSB5pRICJTAPzAzCwzJ/hT0OAIsjOdAwjOHlvf45Z
U9tBAEf95T44ricUX1peCbMyhyop3LceTfiMAHC5zNphVdR2n/WNAA1yyj9LVvU=
=U2u4
-----END PGP SIGNATURE-----



More information about the Opendnssec-develop mailing list