George, It's hard for me to see how this would easily handle dynamic updates.
Doug On 12/1/14 5:56 PM, George Michaelson wrote:
Here is a strawman, to try and understand the discussion. If we imagine some datastream which is the result of an AXFR or HTTP request. <cmd> | tr 'AZ' 'az'| sort -u | <checker> this takes the stream, does LWSP replacement, and sorts the lines alphabetically and generates eg SHA256 the tr phase is just for example. presumably a more complex set of rules are required to DeMangLE the case conversion and punycode but the sense is, that we have a deterministic state of any label in the zone and its attributes as an encoding. The sort phase generates a single understood (POSIX sort) order of bytes. These can then be compared. Why is this worse than eg an RR by RR comparison, walking the NSEC chains? What I like about it, is that its applicable to being given the data OOB. if you have what is a putative zone, then you can apply this logic, and determine if the zone matches what is published elsewhere as a canonical state of the zone. The RR by RR and NSEC walk feels like a DNS experts approach. Not a systems/generic approach. -G
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
