[bind10-dev] NSEC3 serving performance optimization: pre-calculate hashes
Michal 'vorner' Vaner
michal.vaner at nic.cz
Thu Jan 19 04:09:22 UTC 2012
Hello
On Wed, Jan 18, 2012 at 11:39:35AM -0800, JINMEI Tatuya / 神明達哉 wrote:
> So, I'd suggest a bit different approach: maintain calculated hash
> values for each ordinary name (even if it's opt-outed). If we do this
> for both the name itself (like foo.example) and a wildcard name that
> is an immediate child of that name (like *.foo.example), we can avoid
> calculating most of the hash values in the above two major cases. I
> suspect it's not that expensive to actually search for the NSEC3 once
> the key (hashed name) is identified - due to its characteristics we
> could optimize comparison logic (e.g. not as domain names but as
> normal binary data comparable by memcmp), and for a heavily opt-outed
> zone the number of NSEC3 would be relatively smaller compared to the
> zone size.
I didn't read the NSEC3 RFC yet, but do we need to find the „next“ item inside
the NSEC3 namespace, or before hashing? If it was the second, the NSEC3s would
not need a tree, a hash table could be enough.
With regards
--
Please enter password:
Michal 'vorner' Vaner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 198 bytes
Desc: Digital signature
URL: <https://lists.isc.org/pipermail/bind10-dev/attachments/20120119/5133e829/attachment.bin>
More information about the bind10-dev
mailing list