Skip to content
Snippets Groups Projects

Nsec sign changesets

Merged Libor Peltan requested to merge nsec_sign_changesets into master

This shall speed up small updates to big signed zone.

The previous procedure is:

  • recreate all the NSEC(3) records in the zone
  • compare to the existing NSEC(3) records, making a diff
  • sign this diff

The new procedure is:

  • recreate only NSEC(3) records (neighbouring to) records mentioned in the changeset
  • sign the changed records

The observed total speed-up of a little zone update to a huge signed zone was around 15%, but there are also other problems not related to NSEC(3) chain reconstruction.

Fixes #119 (closed)

Edited by Libor Peltan

Merge request reports

Loading
Loading

Activity

Filter activity
  • Approvals
  • Assignees & reviewers
  • Comments (from bots)
  • Comments (from users)
  • Commits & branches
  • Edits
  • Labels
  • Lock status
  • Mentions
  • Merge request status
  • Tracking
  • Libor Peltan added 64 commits

    added 64 commits

    • 514dcf62...47410bd2 - 51 commits from branch master
    • ccf819af - nsec(3) recreation over changesets implemented
    • a0324d70 - contents: fixed zone_cotents_empty()
    • a65a70a4 - zone: fixed rare segfault on update
    • 3adb0ae0 - fixup1
    • 28b9f0f3 - fixup2
    • f4bfd1a2 - NSEC tree update: test
    • 7ce8f600 - contents: removed wrong optimization
    • edc8e3ae - xxx
    • 6cbaeb67 - yyy
    • 2dcd3a03 - xxx2
    • 7670f636 - zkurveny odsazeni
    • 5523fe9d - nsec3: canceling out changes in changesets
    • 1a54677b - yyy2

    Compare with previous version

  • Libor Peltan unmarked as a Work In Progress

    unmarked as a Work In Progress

  • Libor Peltan changed the description

    changed the description

  • Daniel Salzman added 27 commits

    added 27 commits

    • 11732693...c3984588 - 17 commits from branch master
    • 36ec850d - nsec(3) recreation over changesets implemented
    • 4fddf41e - contents: fixed zone_cotents_empty()
    • 2c5ed429 - zone: fixed rare segfault on update
    • 3d2851ce - NSEC tree update: test
    • bce21124 - contents: removed wrong optimization
    • 49f91ac3 - nsec3: canceling out changes in changesets
    • 1fb7e5e8 - load: avoid resalt after dnssec even on load
    • f2a87de2 - unconfuse clang analyzer
    • d5318ea7 - nsec chain: a little log
    • e917fabe - nsec update: fixed re-signing bitmap change 2

    Compare with previous version

  • Daniel Salzman added 6 commits

    added 6 commits

    • 139e95be - nsec(3): re-creation over changesets implemented
    • 4f843f33 - contents: fixed zone_cotents_empty()
    • 319511c6 - zone: fixed rare segfault on update
    • 88d2b6df - tests-extra: add NSEC tree update test
    • 2e06c717 - contents: removed wrong optimization
    • 85c9d7fe - load: avoid resalt after dnssec even on load

    Compare with previous version

  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
  • Loading
Please register or sign in to reply
Loading