BIND 10 #1574: Add support for loading NSEC3 RRsets to in memory data source
BIND 10 Development
do-not-reply at isc.org
Tue Jan 24 09:20:34 UTC 2012
#1574: Add support for loading NSEC3 RRsets to in memory data source
-------------------------------------+-------------------------------------
Reporter: | Owner:
jinmei | Status: new
Type: task | Milestone: Next-Sprint-
Priority: major | Proposed
Component: data | Resolution:
source | Sensitive: 0
Keywords: | Sub-Project: DNS
Defect Severity: N/A | Estimated Difficulty: 0
Feature Depending on Ticket: NSEC3 | Total Hours: 0
Add Hours to Ticket: 0 |
Internal?: 0 |
-------------------------------------+-------------------------------------
Comment (by jelte):
Yes; the scenario i have in mind is when you have a large zone, and want
to change the NSEC3 salt for instance. The 'incremental' way to do that
would be to add the newly generated NSEC3s in batches (keeping the old,
and leaving NSEC3PARAM as it is), and when they are all there, replace the
NSEC3PARAM and start removing the old NSEC3 RRs in batches.
I'm not saying we should do that, when we do automatic signing we might
very well replace them all at once, but we should definitely allow the
scenario at some point.
I'm guessing we would have multiple NSEC3 namespaces, one of which is
'active' (as pointed out by the NSEC3PARAM record at the apex).
--
Ticket URL: <http://bind10.isc.org/ticket/1574#comment:3>
BIND 10 Development <http://bind10.isc.org>
BIND 10 Development
More information about the bind10-tickets
mailing list