[bind10-dev] Multiple nsec3 chains in db
JINMEI Tatuya / 神明達哉
jinmei at isc.org
Fri Mar 16 17:49:45 UTC 2012
At Fri, 16 Mar 2012 14:51:40 +0100,
Jelte Jansen <jelte at isc.org> wrote:
> However, IMO this is a bit of a roundabout and inefficient way to do
> it, and it seems cleaner and more efficient to me that both methods
> should only ever return data from the actual active chain (esp. in the
> case of the second). Since we obviously don't want the actual querying
> layer to do rdata parsing, this would however mean that we'll need to
> store the hash parameters in separate columns in the database. (and
> then we can fight over whether the 'active chain' should be stored in
> state or passed as method parameters ;))
In case we see the need for handling multiple chains, that approach
seems to make most sense to me.
I have a more fundamental question, however, whether there's a
substantial number of (or at least a few substantially powerful)
expected users of database-based backend that also use NSEC3. My
general understanding is that NSEC3 would only be used by a limited
set of players, specifically some TLDs, who also generally need very
high response performance in terms of qps. Even if we can think about
a number of ways of improving it, I suspect it may not be realistic to
reach the required performance level by such operators.
So, if it's mostly about spec conformance, a naive way may be okay.
And in any case, I think it's okay to leave it open and revise the
schema and code if and when we see the need for it.
---
JINMEI, Tatuya
More information about the bind10-dev
mailing list