Nsec sign changesets (!818) · Merge requests · Knot projects / Knot DNS · GitLab

Snippets Groups Projects

Self sign-up has been disabled due to increased spam activity. If you want to get access, please send an email to a project owner (preferred) or at gitlab(at)nic(dot)cz. We apologize for the inconvenience.

Merged Libor Peltan requested to merge nsec_sign_changesets into master 7 years ago

This shall speed up small updates to big signed zone.

The previous procedure is:

recreate all the NSEC(3) records in the zone
compare to the existing NSEC(3) records, making a diff
sign this diff

The new procedure is:

recreate only NSEC(3) records (neighbouring to) records mentioned in the changeset
sign the changed records

The observed total speed-up of a little zone update to a huge signed zone was around 15%, but there are also other problems not related to NSEC(3) chain reconstruction.

Fixes #119 (closed)

Edited 7 years ago by Libor Peltan

Activity

Libor Peltan added 64 commits 7 years ago
added 64 commits

514dcf62...47410bd2 - 51 commits from branch master

ccf819af - nsec(3) recreation over changesets implemented

a0324d70 - contents: fixed zone_cotents_empty()

a65a70a4 - zone: fixed rare segfault on update

3adb0ae0 - fixup1

28b9f0f3 - fixup2

f4bfd1a2 - NSEC tree update: test

7ce8f600 - contents: removed wrong optimization

edc8e3ae - xxx

6cbaeb67 - yyy

2dcd3a03 - xxx2

7670f636 - zkurveny odsazeni

5523fe9d - nsec3: canceling out changes in changesets

1a54677b - yyy2

Compare with previous version
Toggle commit list
Libor Peltan unmarked as a Work In Progress 7 years ago

unmarked as a Work In Progress
Libor Peltan changed the description 7 years ago

changed the description
Daniel Salzman added 27 commits 7 years ago
added 27 commits

11732693...c3984588 - 17 commits from branch master

36ec850d - nsec(3) recreation over changesets implemented

4fddf41e - contents: fixed zone_cotents_empty()

2c5ed429 - zone: fixed rare segfault on update

3d2851ce - NSEC tree update: test

bce21124 - contents: removed wrong optimization

49f91ac3 - nsec3: canceling out changes in changesets

1fb7e5e8 - load: avoid resalt after dnssec even on load

f2a87de2 - unconfuse clang analyzer

d5318ea7 - nsec chain: a little log

e917fabe - nsec update: fixed re-signing bitmap change 2

Compare with previous version
Toggle commit list
Daniel Salzman added 6 commits 7 years ago
added 6 commits

139e95be - nsec(3): re-creation over changesets implemented

4f843f33 - contents: fixed zone_cotents_empty()

319511c6 - zone: fixed rare segfault on update

88d2b6df - tests-extra: add NSEC tree update test

2e06c717 - contents: removed wrong optimization

85c9d7fe - load: avoid resalt after dnssec even on load

Compare with previous version
Toggle commit list

Please register or sign in to reply