aboutsummaryrefslogtreecommitdiff
path: root/doc/handbook/chapters/developer.texi
diff options
context:
space:
mode:
authorrexxnor <rexxnor+gnunet@brief.li>2019-01-20 13:01:45 +0100
committerrexxnor <rexxnor+gnunet@brief.li>2019-01-25 17:27:29 +0100
commit2798cec3ad8c31397ccedef2dfca7f957efa0fa7 (patch)
tree50a079f546eebf1dd6e7c20ecdb93680ef791366 /doc/handbook/chapters/developer.texi
parentb889d108b5068f3e893e8f399ed545ff956db818 (diff)
downloadgnunet-2798cec3ad8c31397ccedef2dfca7f957efa0fa7.tar.gz
gnunet-2798cec3ad8c31397ccedef2dfca7f957efa0fa7.zip
updated ascension documentation; added developer section
Diffstat (limited to 'doc/handbook/chapters/developer.texi')
-rw-r--r--doc/handbook/chapters/developer.texi119
1 files changed, 119 insertions, 0 deletions
diff --git a/doc/handbook/chapters/developer.texi b/doc/handbook/chapters/developer.texi
index 37e11cb11..af3ac0197 100644
--- a/doc/handbook/chapters/developer.texi
+++ b/doc/handbook/chapters/developer.texi
@@ -7743,6 +7743,7 @@ record types.
7743* The GNS Client-Service Protocol:: 7743* The GNS Client-Service Protocol::
7744* Hijacking the DNS-Traffic using gnunet-service-dns:: 7744* Hijacking the DNS-Traffic using gnunet-service-dns::
7745* Serving DNS lookups via GNS on W32:: 7745* Serving DNS lookups via GNS on W32::
7746* Importing DNS Zones into GNS::
7746@end menu 7747@end menu
7747 7748
7748@node libgnunetgns 7749@node libgnunetgns
@@ -8073,6 +8074,124 @@ applications that use alternative means of resolving names (such as
8073sending queries to a DNS server directly by themselves). 8074sending queries to a DNS server directly by themselves).
8074This includes some of well known utilities, like "ping" and "nslookup". 8075This includes some of well known utilities, like "ping" and "nslookup".
8075 8076
8077@node Importing DNS Zones into GNS
8078@subsection Importing DNS Zones into GNS
8079
8080@c %**end of header
8081
8082This section will mainly comprise of the challenges and problems faced when
8083writing the ascension tool.
8084
8085When considering to migrate existing into GNS there are a few things to
8086consider.
8087
8088@menu
8089* Conversions between DNS and GNS::
8090* DNS Zone Size::
8091* Performance::
8092@end menu
8093
8094@node Conversions between DNS and GNS
8095@subsubsection Conversions between DNS and GNS
8096
8097The differences between the two name systems lies in the details
8098and is not visible from the start. For instance an SRV record is converted to a
8099gnunet only BOX record.
8100
8101This is done by building a BOX record from an existing SRV record:
8102
8103@example
8104# _service._proto.name. TTL class SRV priority weight port target
8105_sip._tcp.example.com. 14000 IN SRV 0 0 5060 www.example.com.
8106@end example
8107
8108Which can be transformed to a GNS BOX record by converting it like this:
8109
8110@example
8111# TTL BOX flags port protocol recordtype priority weight port target
811214000 BOX n 5060 6 33 0 0 5060 www.example.com
8113@end example
8114
8115Other records that have such a transformation is the MX record type, as well as
8116the SOA record type.
8117
8118Transformation of a SOA record into GNS works as described in the following
8119example. Very important to note are the rname and mname keys.
8120@example
8121# BIND syntax for a clean SOA record
8122@ IN SOA master.example.com. hostmaster.example.com. (
8123 2017030300 ; serial
8124 3600 ; refresh
8125 1800 ; retry
8126 604800 ; expire
8127 600 ) ; ttl
8128# Recordline for adding the record
8129gnunet-namestore -z example.com -a -n @ -t SOA -V rname=master.example.com \
8130 mname=hostmaster.example.com 2017030300,3600,1800,604800,600 -e 7200s
8131@end example
8132
8133The transformation of MX records is done in a simple way.
8134@example
8135# mail.example.com. 3600 IN MX 10 mail.example.com.
8136gnunet-namestore -z example.com -n mail -R 3600 MX n 10,mail
8137@end example
8138
8139Finally, one of the biggest struggling points was the NS records that are found
8140in top level domain zones. The inteded behaviour for those is to add GNS2DNS
8141records for the zone so that gnunet-gns can resolve the for those domain on it's
8142own. Also a very important aspect of this is, that gnunet needs to be able to
8143resolve the nameservers from it's own database. This requires migration of the
8144DNS GLUE records as well.
8145
8146This proved to be quite a challenge to implement, as in GNS every dot is a
8147strict zone cut.
8148
8149The issue was fixed by creating a hierarchical zone structure in GNS and linking
8150the zones using PKEY records to one another. This allows the resolution of the
8151nameservers to work within GNS.
8152
8153@node DNS Zone Size
8154@subsubsection DNS Zone Size
8155
8156Another very big problem exists with very large zones. When migrating a small
8157zone the delay between adding of records and their expiry is negligible. However
8158when working with a TLD zone that has more that 1 million records this delay
8159becomes a problem.
8160
8161Records will start to expire well before the zone has finished migrating. This
8162causes unwanted anomalies when trying to resolve records.
8163
8164A good solution has not been found yet. One of the idea that floated around was
8165that the records should be added with the s (shadow) flag to keep the records
8166resolvable even if they expired. However this would introduce the problem of how
8167to detect if a record has been removed from the zone and would require deletion
8168of said record(s).
8169
8170@node Performance
8171@subsubsection Performance
8172The performance when migrating a zone using the ascension tool is limited by a
8173handful of factors. First of all ascension is written in python3 and calls the
8174CLI tools of gnunet. Furthermore all the records that are added to the same
8175label are signed using the zones private key. This signing operation is very
8176resource heavy and was optimized during development by adding the '-R'
8177(Recordline) option to gnunet-namestore. This allows to add multiple records
8178at once using the CLI.
8179
8180The result of this was a much faster migration of TLD zones, as most records
8181with the same label have two nameservers.
8182
8183Another improvement that could be made is with the addition of multiple threads
8184when opening the gnunet CLI tools. This could be implemented by simply creating
8185more workers in the program but performance improvements were not tested.
8186
8187During the entire development of the ascension tool sqlite was used as a
8188database backend. Other backends need to be tested in the future.
8189
8190In conclusion there are many bottlenecks still around in the program, namely the
8191signing process and the single threaded implementation. In the future a solution
8192that uses the c api would be cleaner and better.
8193
8194
8076@cindex GNS Namecache 8195@cindex GNS Namecache
8077@node GNS Namecache 8196@node GNS Namecache
8078@section GNS Namecache 8197@section GNS Namecache