[bind10-dev] Collation Sequences [was: Blog comment from BDB developer]

Shane Kerr shane at isc.org
Wed Jul 14 09:45:44 UTC 2010 

All,

On Wed, 2010-07-14 at 03:08 -0500, Michael Graff wrote:
> On 7/14/10 2:52 AM, zhanglikun wrote:
> >> On 7/13/10 9:01 PM, Danny Mayer wrote:
> >>> I forgot to mention that collation sequence is important here and that
> >>> is usually defined when you set up the database for all schemas. You
> >>> need a collating sequence that works for DNSSEC and then you need to
> >>> worry about IDN ordering for non-ASCII character sets. That's less
> >>> simple and what if you have multiple character sets like US ASCII and
> >>> Greek or Traditional Chinese and Simplified Chinese?
> > 
> >> Michael answered:
> >> You store the canonical format in a "column" and use that for ordering,
> >> and use the other non-canonical form for actual retrieval.
> >>
> > 
> > Traditional Chinese and Simplified Chinese are saved in punicode.
> 
> DNSSEC ordering ignores what punicode means, so I think we have the same
> understanding.

Just to be clear, in non-DNSSEC DNS, we don't need ordering at all.

In DNSSEC, we need ordering - but only in order to be able to prove
non-existence of a record. In principle it does not matter what order is
chosen, as long as both the signer and validator agree.

When ordering two labels, this order is ASCII. As Likun says, IDN labels
get converted to punicode, which we then order based on ASCII. Again, it
does not matter if the order makes sense in any way, it just has to be
consistent.

When ordering entire ownername, then it becomes slightly tricker than
the labels, because you may have:

    BETA.EXAMPLE.COM
    ALPHA.BETA.EXAMPLE.COM

In this case BETA.EXAMPLE.COM comes before ALPHA.BETA.EXAMPLE.COM,
because it has a shorter matching label. However 'B' comes after 'A' in
normal ASCII ordering. You can get DNSSEC ordering by reversing the
labels, like this:

    BETA.EXAMPLE.COM         -> COM.EXAMPLE.BETA
    ALPHA.BETA.EXAMPLE.COM   -> COM.EXAMPLE.BETA.ALPHA

IIRC, we store a column in the SQL table with the ownernames transformed
like this, and then we can use the simple '<' operator I mentioned
before.

--
Shane

More information about the bind10-dev mailing list