<div dir="ltr">Its not designed to handle dynamic updates. Its designed to handle being given, or accessing an entire zone state, and having a canonicalization method which can be applied by anyone, using POSIX tools to determine if its correct and complete</div><div class="gmail_extra"><br><div class="gmail_quote">On 2 December 2014 at 15:38, Doug Barton <span dir="ltr"><<a href="mailto:dougb@dougbarton.us" target="_blank">dougb@dougbarton.us</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">George,<br>
<br>
It's hard for me to see how this would easily handle dynamic updates.<br>
<span class="HOEnZb"><font color="#888888"><br>
Doug<br>
</font></span><span class="im HOEnZb"><br>
<br>
On 12/1/14 5:56 PM, George Michaelson wrote:<br>
> Here is a strawman, to try and understand the discussion.<br>
><br>
> If we imagine some datastream which is the result of an AXFR or HTTP<br>
> request.<br>
><br>
> <cmd> | tr 'AZ' 'az'| sort -u | <checker><br>
><br>
> this takes the stream, does LWSP replacement, and sorts the lines<br>
> alphabetically and generates eg SHA256<br>
><br>
> the tr phase is just for example. presumably a more complex set of rules<br>
> are required to DeMangLE the case conversion and punycode but the sense<br>
> is, that we have a deterministic state of any label in the zone and its<br>
> attributes as an encoding.<br>
><br>
> The sort phase generates a single understood (POSIX sort) order of<br>
> bytes. These can then be compared.<br>
><br>
> Why is this worse than eg an RR by RR comparison, walking the NSEC<br>
> chains? What I like about it, is that its applicable to being given the<br>
> data OOB. if you have what is a putative zone, then you can apply this<br>
> logic, and determine if the zone matches what is published elsewhere as<br>
> a canonical state of the zone.<br>
><br>
> The RR by RR and NSEC walk feels like a DNS experts approach. Not a<br>
> systems/generic approach.<br>
><br>
> -G<br>
<br>
</span><div class="HOEnZb"><div class="h5">_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>
dns-jobs</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
</div></div></blockquote></div><br></div>