George Michaelson wrote: > Its not designed to handle dynamic updates. Its designed to handle > being given, or accessing an entire zone state, and having a > canonicalization method which can be applied by anyone, using POSIX > tools to determine if its correct and complete
george, dns is dynamic now. a signature method must address the update case. here's what i wrote in response to paul-h: > i'm imagining a stream cipher that begins as the H(K,zone) and then is > updated to be H(K,H_old,delta) for each change to the zone, which > would have to be calculated by the responder in the case of UPDATE, > but could then be issued as a succession of new "zone signature" RR's > during IXFR. the "zone signature" RR would have to be like SOA, > there-can-be-only-one, so what might look like a "set" of them in an > IXFR, is really a bunch of changes to the one-and-only. ... -- Paul Vixie _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
