[dns-operations] Assuring the contents of the root zone
ggm at apnic.net
Tue Dec 2 05:51:02 UTC 2014
Its not designed to handle dynamic updates. Its designed to handle being
given, or accessing an entire zone state, and having a canonicalization
method which can be applied by anyone, using POSIX tools to determine if
its correct and complete
On 2 December 2014 at 15:38, Doug Barton <dougb at dougbarton.us> wrote:
> It's hard for me to see how this would easily handle dynamic updates.
> On 12/1/14 5:56 PM, George Michaelson wrote:
> > Here is a strawman, to try and understand the discussion.
> > If we imagine some datastream which is the result of an AXFR or HTTP
> > request.
> > <cmd> | tr 'AZ' 'az'| sort -u | <checker>
> > this takes the stream, does LWSP replacement, and sorts the lines
> > alphabetically and generates eg SHA256
> > the tr phase is just for example. presumably a more complex set of rules
> > are required to DeMangLE the case conversion and punycode but the sense
> > is, that we have a deterministic state of any label in the zone and its
> > attributes as an encoding.
> > The sort phase generates a single understood (POSIX sort) order of
> > bytes. These can then be compared.
> > Why is this worse than eg an RR by RR comparison, walking the NSEC
> > chains? What I like about it, is that its applicable to being given the
> > data OOB. if you have what is a putative zone, then you can apply this
> > logic, and determine if the zone matches what is published elsewhere as
> > a canonical state of the zone.
> > The RR by RR and NSEC walk feels like a DNS experts approach. Not a
> > systems/generic approach.
> > -G
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> dns-jobs mailing list
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the dns-operations