[dns-operations] technical whitepaper: "ISC Passive DNS"

Robert Edmonds edmonds at isc.org
Fri Mar 23 18:48:18 UTC 2012

Colm MacCárthaigh wrote:
> The paper mentions that RRsets are canonicalised before being
> de-duped.  It mentions that the names are downcased and then the RRs
> sorted by data-value. Does the downcasing also apply to the names in
> the data section?

the canonicalization process follows RFC 4034 section 6.2 (and
draft-ietf-dnsext-dnssec-bis-updates section 5.1), so yes, if the RRtype
of the RRset is one of the types that are supposed to be downcased in
DNSSEC canonical form.

it's my intention that the de-duplication process not harm
DNSSEC-oriented uses of the data (e.g., validating the signatures of
historical RRsets).

in practice i think this also requires RRset-level atomicity, which we
also ensure.  (it seems most passive DNS systems are RR-oriented and
don't ensure RRset atomicity, which is unfortunate.)

> Are the labels also fully de-compressed at this stage? or could
> differences in compression and case cause duplication? I'm curious if
> you've observed any differences in how compression is applied.

yes, the domain names in the RR owner name and in the Rdata (for the
RRtypes that specify compressed domain names) are fully uncompressed
before being used.

i'm sure there are variations in how compression is applied but i
haven't studied it.

Robert Edmonds
edmonds at isc.org

More information about the dns-operations mailing list