[bind10-dev] proposal: a performance extendable auth query logic framework
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Wed Feb 29 07:05:52 UTC 2012
I'm working on ticket 1607 (bind10.isc.org/ticket/1607), an extended
interface that allows faster construction of additional data. This
one itself would be quite straightforward, but I wanted to think about
it in a more generic framework of how to extend the entire query logic
to be more efficient. And I've come up with an idea.
I've written a proof-of-concept implementation (of the interface - no
actual optimization yet) in the trac1607exp branch.
The main idea is to update the return type of ZoneFinder::find() to an
abstract class named 'FindContext'. It can store various kinds of
internal information of the find() call, which are possibly specific
to the underlying data source (e.g. for the in-memory version, it
would contain the rbtnode that matched in the original search, etc).
FindContext provides a set of methods that handle several post-find
operations such as getting the additional RRset corresponding to the
original find() result (A/AAAA for NS, etc), providing DNSSEC proofs,
synthesizing CNAME with DNAME:
// Called when adding 'additional' RRsets based on the context status.
// Normally it adds A/AAA corresponding to the RRset identified in the
// associated find() call.
void getAdditional(const vector<RRType>& requested_types,
vector<ConstRRsetPtr>& result);
// Called for NXDOMAIN/NXRRSET cases and return NSEC/NSEC3 RRsets
// for the corresponding DNSSEC proof. It (will) consist of small helper
// private methods for specific cases (NSEC or NSEC3, NXDOMAIN or NXRRSET).
void getNegativeProof(vector<ConstRRsetPtr>& proofs);
// Called for SUCCESS/CNAME cases when it's wildcard substitution
// and return NSEC/NSEC3 RRset that proves the original qname doesn't
// exist in the zone.
void getWildcardProof(vector<ConstRRsetPtr>& proofs);
// Called for DELEGATION case. Return either DS (if it's signed
// delegation), NSEC/NSEC3 (if unsigned delegation and the parent is
// signed with NSEC/NSEC3).
void getDelegationProof(vector<ConstRRsetPtr>& proofs);
// Called for DNAME case. (Somehow) construct the synthesized CNAME
// for the qname with the DNAME. Return Rcode of NOERROR() normally,
// but YXDOMAIN() if CNAME cannot be constructed because the name would
// be too long.
Rcode getSynthesizedCNAME(vector<ConstRRsetPtr>& proofs);
// Called to get origin NS or SOA (although the method is generalized).
// Default version: internally calls find() for the origin name and the
ConstRRsetPtr getAtOrigin(RRType type);
We provide the defautl version of these methods, which are actually
what the auth::Query class currentl internal does, so it's independent
of the underlying data source details. We'd also provide a special
in-memory version of these methods, which are expected to be highly
optimized. In the branch I've added comments describing about how we
could optimize these in the in-memory data source (with some currently
nonexistent extensions).
This extension will also make the swithc-case block of
Query::process() much simpler (see the code in the branch) and (IMO)
more understandable.
Would this approach make sense? If so, for #1607 I'll introduce the
base FindContext() class only with the getAdditional() method. If
this idea is controversial I'll simply continue it with the originally
proposed extension in the ticket while continuing the design
discussion.
---
JINMEI, Tatuya
More information about the bind10-dev
mailing list