[yadifa-users] What’s the YADIFA crew been up to?

yadifa info at yadifa.eu
Thu Apr 13 12:29:17 CEST 2017


Dear YADIFA Community,



We have several things in the pipeline for the coming release.

One of them being 'transactions', which affects both dynamic updates, key management policies and signatures (any operation updating the content of a zone).

The previous mechanism for zone changes was to let each master zone have the intelligence to keep its integrity, compute the new signatures, update the DNSSEC chain(s) and write the changes in the journal. Slave zones were updated from the journal and were accepting most of what was sent by the master (Broken DNSSEC chains can never be accepted as YADIFA's chain structure is simply not able to store an invalid record.)

The upside was there was very little computing overhead, but the downside was that there were two code paths for the same update, meaning more maintenance work and the possibility of the journal having to be rewound in case of an error.

The new mechanism is consistent in making a local copy of the relevant parts of the master zone, computing all records/signatures/chains changes and then writing the results in the journal, where both the master and the slaves receive updates from.

The downside of this is that there is more computational overhead, however, the upside is that there is now a single entry point to update a zone (be it master or slave), each journal page is automatically known before writing meaning that no rewind is needed, and the time where a zone is write-locked is shorter so more time is available to answer queries.

Furthermore, our plan for future releases include several improvements and new features relating to cryptography and improved re-configuration for administrators, among other things.



R&D team
-------------- next part --------------
An HTML attachment was scrubbed...
URL: </archives/yadifa-users/attachments/20170413/f91a9526/attachment.html>


More information about the yadifa-users mailing list