From mboxrd@z Thu Jan  1 00:00:00 1970
Message-Id: <41CF4DC9-7F76-4902-8F8A-28A477A798DE@gmail.com>
From: Patrick Kelly <kameo76890@gmail.com>
To: Fans of the OS Plan 9 from Bell Labs <9fans@9fans.net>
In-Reply-To: <9c614339d11833003968916e4dff66bb@coraid.com>
Content-Type: text/plain;
	charset=us-ascii;
	format=flowed;
	delsp=yes
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (iPod Mail 7D11)
Date: Wed, 20 Jan 2010 11:39:05 -0500
References: <4B57048D.6040002@maht0x0r.net>
	<58dec826cbba066ea2cf1362ffa28e96@brasstown.quanstro.net>
	<429BB192-1F75-44F3-AC67-730F152E4C29@gmail.com>
	<9c614339d11833003968916e4dff66bb@coraid.com>
Subject: Re: [9fans] Are we ready for DNSSEC ?
Topicbox-Message-UUID: c187e9f8-ead5-11e9-9d60-3106f5b1d025



On Jan 20, 2010, at 10:33 AM, erik quanstrom <quanstro@coraid.com>
wrote:

>>> one would likely need to start with a different structure
>>> than ndb/dns currently has to get dnssec.  but i think that
>>> the most of the query logic could be reused.
>> As I understand it; It is an extension, the base DNS stuff should not
>> change.
>> What would need to be changed in ndb, or would looking at the source
>> be better?
>
> i think your understanding ma be incomplete.  dnssec
> requires that the rrs be chained together in a particular
> order.  and any change to a rr triggers resigning.  it
> may be doable, but i think it would be easier to start
> with dnssec in mind.
That makes their use of the word extension wrong, but in that case
starting over would seem (and probably is) best.
Thanks.
>
> - erik
>