-
Notifications
You must be signed in to change notification settings - Fork 1.1k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add RFC4034 domain comparison + NSEC Cover #1315
base: master
Are you sure you want to change the base?
Conversation
b1a5122
to
78dd548
Compare
Whoops. Thank you for your feedback! Indeed, the code could be more performant. The new implementation is similar to your implementation in CoreDNS, with some small differences.
I do not believe that
I'm not sure I understand. The I changed the name to |
Is there still something wrong with this PR? |
Is this comparison algorithm used for anything other than RFC4034 or NSEC? It's rather generically named, so perhaps something like Also how necessary is it to be exported? Does it have any meaningful uses outside of |
To my knowledge, NSEC is the only use for ordering records. Though as it is often referred to as canonical ordering and there are no other methods of ordering records by name beyond plain old string comparison, I think Besides the |
ZONEMD uses it too. |
Is there still something for me to fix in this PR? NSEC |
[ Quoting ***@***.***> in "Re: [miekg/dns] Add RFC4034 domain ..." ]
Is there still something for me to fix in this PR? NSEC Cover() was already
(though broken) part of the API before being removed in 2017. Is adding RFC4034
comparison to the public API a deal-breaker?
CompareDomainName already exists, we can't have two compare function in this lib. So one
is wrong
|
It has the description:
It seems to me that something like |
Frankly, I don't really know what best here...
Adding _another_ function that does the same, but has slightly different semantics doesn't
make the problem easier, so in that regard merging this does not make sense (yet)
|
OK, I think we can do the following, and just have two Compare* functions. Rename to We might also need to add some docs on when to choose which compare function, but that may be overkill. WDYT? |
So, comparing the labels, right to left, up until the rightmost non-matching labels with |
Whoops yet again... |
Just noticed that the |
The last change might be controversial and I can revert it if you deem so fit. Or I suppose the |
Let me take a look this weekend
…On Fri, 13 May 2022, 10:55 monoidic, ***@***.***> wrote:
The last change might be controversial and I can revert it if you deem so
fit.
It does a bit of extra work in Compare so that , for names x.example.com.
and y.example.com., it compares x and y rather than x. and y., as is done
by the code I mostly copied from CoreDNS.
The reason for this is so that sightly more exotic names, where the final
leftmost compared label's final character's ASCII value is lesser than that
of ., and the other label does not include said character, get treated
properly, e.g (name).intra. vs (name.intra. as a contrived example.
If this is an acceptable edge case to handle, then I could open a similar
PR for CoreDNS.
—
Reply to this email directly, view it on GitHub
<#1315 (comment)>, or
unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACWIW3GBHHE3CBMUWNZ7QTVJYKI7ANCNFSM5IOOWG3Q>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
Thanks for doing that. But can you explain why "equal" isn't good enough?
Is it broken? I prefer not to have two comparison functions in there, but
happy to drop either.
…On Wed, 18 May 2022, 08:20 monoidic, ***@***.***> wrote:
@monoidic <https://github.com/monoidic> requested your review on: #1315
<#1315> Add RFC4034 domain comparison +
NSEC Cover.
—
Reply to this email directly, view it on GitHub
<#1315 (comment)>, or unsubscribe
<https://github.com/notifications/unsubscribe-auth/AACWIW3QH7MOSY3W5TVZLQTVKSD3DANCNFSM5IOOWG3Q>
.
You are receiving this because your review was requested.Message ID:
***@***.***>
|
|
@miekg |
From a quick glance |
The |
What's the state of this PR now? Happy to help if needed to get this merged :D |
afaict, the DNS name comparison which was deemed improper in #1618 could be replaced with this. |
I noticed that this library has a good
Cover()
method for NSEC3 RRs, but not for NSEC. This PR adds a similarCover()
method for NSEC, plus aDomainCompare
function for comparing domain names as defined by RFC4034's canonical ordering.Feedback is welcome.