Nsec sign changesets
This shall speed up small updates to big signed zone.
The previous procedure is:
- recreate all the NSEC(3) records in the zone
- compare to the existing NSEC(3) records, making a diff
- sign this diff
The new procedure is:
- recreate only NSEC(3) records (neighbouring to) records mentioned in the changeset
- sign the changed records
The observed total speed-up of a little zone update to a huge signed zone was around 15%, but there are also other problems not related to NSEC(3) chain reconstruction.
Fixes #119 (closed)
Edited by Libor Peltan
Merge request reports
Activity
added 64 commits
- 514dcf62...47410bd2 - 51 commits from branch
master
- ccf819af - nsec(3) recreation over changesets implemented
- a0324d70 - contents: fixed zone_cotents_empty()
- a65a70a4 - zone: fixed rare segfault on update
- 3adb0ae0 - fixup1
- 28b9f0f3 - fixup2
- f4bfd1a2 - NSEC tree update: test
- 7ce8f600 - contents: removed wrong optimization
- edc8e3ae - xxx
- 6cbaeb67 - yyy
- 2dcd3a03 - xxx2
- 7670f636 - zkurveny odsazeni
- 5523fe9d - nsec3: canceling out changes in changesets
- 1a54677b - yyy2
Toggle commit list- 514dcf62...47410bd2 - 51 commits from branch
added 27 commits
- 11732693...c3984588 - 17 commits from branch
master
- 36ec850d - nsec(3) recreation over changesets implemented
- 4fddf41e - contents: fixed zone_cotents_empty()
- 2c5ed429 - zone: fixed rare segfault on update
- 3d2851ce - NSEC tree update: test
- bce21124 - contents: removed wrong optimization
- 49f91ac3 - nsec3: canceling out changes in changesets
- 1fb7e5e8 - load: avoid resalt after dnssec even on load
- f2a87de2 - unconfuse clang analyzer
- d5318ea7 - nsec chain: a little log
- e917fabe - nsec update: fixed re-signing bitmap change 2
Toggle commit list- 11732693...c3984588 - 17 commits from branch
added 6 commits
- 139e95be - nsec(3): re-creation over changesets implemented
- 4f843f33 - contents: fixed zone_cotents_empty()
- 319511c6 - zone: fixed rare segfault on update
- 88d2b6df - tests-extra: add NSEC tree update test
- 2e06c717 - contents: removed wrong optimization
- 85c9d7fe - load: avoid resalt after dnssec even on load
Toggle commit list
Please register or sign in to reply