From mboxrd@z Thu Jan  1 00:00:00 1970
From: erik quanstrom <quanstro@coraid.com>
Date: Wed, 20 Jan 2010 10:33:16 -0500
To: 9fans@9fans.net
Message-ID: <9c614339d11833003968916e4dff66bb@coraid.com>
In-Reply-To: <429BB192-1F75-44F3-AC67-730F152E4C29@gmail.com>
References: <4B57048D.6040002@maht0x0r.net>
	<58dec826cbba066ea2cf1362ffa28e96@brasstown.quanstro.net>
	<429BB192-1F75-44F3-AC67-730F152E4C29@gmail.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="US-ASCII"
Content-Transfer-Encoding: 7bit
Subject: Re: [9fans] Are we ready for DNSSEC ?
Topicbox-Message-UUID: c183b504-ead5-11e9-9d60-3106f5b1d025

> > one would likely need to start with a different structure
> > than ndb/dns currently has to get dnssec.  but i think that
> > the most of the query logic could be reused.
> As I understand it; It is an extension, the base DNS stuff should not
> change.
> What would need to be changed in ndb, or would looking at the source
> be better?

i think your understanding ma be incomplete.  dnssec
requires that the rrs be chained together in a particular
order.  and any change to a rr triggers resigning.  it
may be doable, but i think it would be easier to start
with dnssec in mind.

- erik