[dns-operations] Assuring the contents of the root zone

George Michaelson ggm at apnic.net
Tue Dec 2 05:51:02 UTC 2014


Its not designed to handle dynamic updates. Its designed to handle being
given, or accessing an entire zone state, and having a canonicalization
method which can be applied by anyone, using POSIX tools to determine if
its correct and complete

On 2 December 2014 at 15:38, Doug Barton <dougb at dougbarton.us> wrote:

> George,
>
> It's hard for me to see how this would easily handle dynamic updates.
>
> Doug
>
>
> On 12/1/14 5:56 PM, George Michaelson wrote:
> > Here is a strawman, to try and understand the discussion.
> >
> > If we imagine some datastream which is the result of an AXFR or HTTP
> > request.
> >
> >   <cmd> | tr 'AZ' 'az'| sort -u | <checker>
> >
> > this takes the stream, does LWSP replacement, and sorts the lines
> > alphabetically and generates eg SHA256
> >
> > the tr phase is just for example. presumably a more complex set of rules
> > are required to DeMangLE the case conversion and punycode but the sense
> > is, that we have a deterministic state of any label in the zone and its
> > attributes as an encoding.
> >
> > The sort phase generates a single understood (POSIX sort) order of
> > bytes. These can then be compared.
> >
> > Why is this worse than eg an RR by RR comparison, walking the NSEC
> > chains? What I like about it, is that its applicable to being given the
> > data OOB. if you have what is a putative zone, then you can apply this
> > logic, and determine if the zone matches what is published elsewhere as
> > a canonical state of the zone.
> >
> > The RR by RR and NSEC walk feels like a DNS experts approach. Not a
> > systems/generic approach.
> >
> > -G
>
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.dns-oarc.net/pipermail/dns-operations/attachments/20141202/56a9de42/attachment.html>


More information about the dns-operations mailing list