updated ascension documentation

author: rexxnor <rexxnor+gnunet@brief.li> 2019-01-30 18:49:50 +0100
committer: rexxnor <rexxnor+gnunet@brief.li> 2019-01-30 18:53:05 +0100
commit: e3f6a5c29d2ea1cef92e10f142b7883ee6347ca7 (patch)
tree: fc00cb008568945fd947dc86f24efde7b35aed63 /doc/handbook/chapters/developer.texi
parent: 404c9065789248a5eba44fb4bc320bfeaa988da6 (diff)
download: gnunet-e3f6a5c29d2ea1cef92e10f142b7883ee6347ca7.tar.gz
gnunet-e3f6a5c29d2ea1cef92e10f142b7883ee6347ca7.zip
1 files changed, 57 insertions, 14 deletions
diff --git a/doc/handbook/chapters/developer.texi b/doc/handbook/chapters/developer.texi
index 2da262b34..a1b5583cb 100644
--- a/doc/handbook/chapters/developer.texi
+++ b/doc/handbook/chapters/developer.texi
@@ -8080,7 +8080,7 @@ This includes some of well known utilities, like "ping" and "nslookup".
 @c %**end of header
 This section discusses the challenges and problems faced when writing the
-ascension tool. It also takes a look at possible improvements in the future.
+Ascension tool. It also takes a look at possible improvements in the future.
 @menu
 * Conversions between DNS and GNS::
@@ -8093,7 +8093,7 @@ ascension tool. It also takes a look at possible improvements in the future.
 The differences between the two name systems lies in the details
 and is not always transparent. For instance an SRV record is converted to a
-gnunet only BOX record.
+GNS only BOX record.
 This is done by converting to a BOX record from an existing SRV record:
@@ -8120,14 +8120,14 @@ example. Very important to note are the rname and mname keys.
    604800     ; expire
    600 )      ; ttl
 # Recordline for adding the record
-gnunet-namestore -z example.com -a -n @ -t SOA -V rname=master.example.com \
+$ gnunet-namestore -z example.com -a -n @ -t SOA -V rname=master.example.com \
-    mname=hostmaster.example.com 2017030300,3600,1800,604800,600 -e 7200s
+  mname=hostmaster.example.com 2017030300,3600,1800,604800,600 -e 7200s
 @end example
 The transformation of MX records is done in a simple way.
 @example
 # mail.example.com. 3600 IN MX 10 mail.example.com.
-gnunet-namestore -z example.com -n mail -R 3600 MX n 10,mail
+$ gnunet-namestore -z example.com -n mail -R 3600 MX n 10,mail
 @end example
 Finally, one of the biggest struggling points were the NS records that are found
@@ -8136,9 +8136,47 @@ records for those so that gnunet-gns can resolve records for those domains on
 its own. This requires migration of the DNS GLUE records as well, provided that
 they are within the same zone.
+The following two examples show one record with a GLUE record and the other one
+does not have a GLUE record. This takes place in the 'com' TLD.
+@example
+# ns1.example.com 86400 IN A 127.0.0.1
+# example.com 86400 IN NS ns1.example.com.
+$ gnunet-namestore -z com -n example -R 86400 GNS2DNS n example.com@@127.0.0.1
+# example.com 86400 IN NS ns1.example.org.
+$ gnunet-namestore -z com -n example -R 86400 GNS2DNS n example.com@@ns1.example.org
+@end example
+As you can see, one of the GNS2DNS records has an IP address listed and the
+other one a DNS name. For the first one there is a GLUE record to do the
+translation directly and the second one will issue another DNS query to figure
+out the IP of ns1.example.org.
 A solution was found by creating a hierarchical zone structure in GNS and linking
 the zones using PKEY records to one another. This allows the resolution of the
-nameservers to work within GNS while not taking control over unwanted zones.
+name servers to work within GNS while not taking control over unwanted zones.
+Currently the following record types are supported:
+@itemize @bullet
+@item A
+@item AAAA
+@item CNAME
+@item MX
+@item NS
+@item SRV
+@item TXT
+@end itemize
+This is not due to a technical limitation but rather a practical one. The
+problem occurs with DNSSEC enabled DNS zones. As records within those zones are
+signed periodically, and every new signature is an update to the zone, there are
+many revisions of zones. This results in a problem with bigger zones as there
+are lots of records that have been signed again but no major changes.  Also
+trying to add records that are unknown that require a different format take time
+as they cause a CLI call of the namestore.  Furthermore certain record types
+need transformation into a GNS compatible format which, depending on the record
+type, takes more time.
 @node DNS Zone Size
 @subsubsection DNS Zone Size
@@ -8162,11 +8200,17 @@ are still displayed when calling gnunet-namestore but do not resolve with
 gnunet-gns. When doing incremental zone transfers this becomes especially
 apparent.
+I estimate that the limit lies at about 200'000 records in a zone as this is
+the limit that my machine is capable of adding within one hour.  This was
+calculated by running cProfile on the application with a zone of 5000 records
+and calculating what abouts a much bigger zones with 8 million records would
+take. This results in a nice metric of records migrated per hour.
 @node Performance
 @subsubsection Performance
-The performance when migrating a zone using the ascension tool is limited by a
+The performance when migrating a zone using the Ascension tool is limited by a
-handful of factors. First of all ascension is written in python3 and calls the
+handful of factors. First of all ascension is written in Python3 and calls the
-CLI tools of gnunet. Furthermore all the records that are added to the same
+CLI tools of GNUnet. Furthermore all the records that are added to the same
 label are signed using the zones private key. This signing operation is very
 resource heavy and was optimized during development by adding the '-R'
 (Recordline) option to gnunet-namestore. This allows to add multiple records
@@ -8176,16 +8220,15 @@ The result of this was a much faster migration of TLD zones, as most records
 with the same label have two name servers.
 Another improvement that could be made is with the addition of multiple threads
-when opening the gnunet CLI tools. This could be implemented by simply creating
+when opening the GNUnet CLI tools. This could be implemented by simply creating
 more workers in the program but performance improvements were not tested.
-During the entire development of the ascension tool sqlite was used as a
+During the entire development of Ascension sqlite was used as a database
-database backend. Other backends need to be tested in the future.
+backend for GNUnet. Other backends have not been tested yet.
 In conclusion there are many bottlenecks still around in the program, namely the
 signing process and the single threaded implementation. In the future a solution
-that uses the c api would be cleaner and better.
+that uses the C API would be cleaner and better.
 @cindex GNS Namecache
 @node GNS Namecache
author	rexxnor <rexxnor+gnunet@brief.li>	2019-01-30 18:49:50 +0100
committer	rexxnor <rexxnor+gnunet@brief.li>	2019-01-30 18:53:05 +0100
commit	e3f6a5c29d2ea1cef92e10f142b7883ee6347ca7 (patch)
tree	fc00cb008568945fd947dc86f24efde7b35aed63 /doc/handbook/chapters/developer.texi
parent	404c9065789248a5eba44fb4bc320bfeaa988da6 (diff)
download	gnunet-e3f6a5c29d2ea1cef92e10f142b7883ee6347ca7.tar.gz gnunet-e3f6a5c29d2ea1cef92e10f142b7883ee6347ca7.zip

diff --git a/doc/handbook/chapters/developer.texi b/doc/handbook/chapters/developer.texi index 2da262b34..a1b5583cb 100644 --- a/doc/handbook/chapters/developer.texi +++ b/doc/handbook/chapters/developer.texi
@@ -8080,7 +8080,7 @@ This includes some of well known utilities, like "ping" and "nslookup".
8080	@c %**end of header	8080	@c %**end of header
8081		8081
8082	This section discusses the challenges and problems faced when writing the	8082	This section discusses the challenges and problems faced when writing the
8083	ascension tool. It also takes a look at possible improvements in the future.	8083	Ascension tool. It also takes a look at possible improvements in the future.
8084		8084
8085	@menu	8085	@menu
8086	* Conversions between DNS and GNS::	8086	* Conversions between DNS and GNS::
@@ -8093,7 +8093,7 @@ ascension tool. It also takes a look at possible improvements in the future.
8093		8093
8094	The differences between the two name systems lies in the details	8094	The differences between the two name systems lies in the details
8095	and is not always transparent. For instance an SRV record is converted to a	8095	and is not always transparent. For instance an SRV record is converted to a
8096	gnunet only BOX record.	8096	GNS only BOX record.
8097		8097
8098	This is done by converting to a BOX record from an existing SRV record:	8098	This is done by converting to a BOX record from an existing SRV record:
8099		8099
@@ -8120,14 +8120,14 @@ example. Very important to note are the rname and mname keys.
8120	604800 ; expire	8120	604800 ; expire
8121	600 ) ; ttl	8121	600 ) ; ttl
8122	# Recordline for adding the record	8122	# Recordline for adding the record
8123	gnunet-namestore -z example.com -a -n @ -t SOA -V rname=master.example.com \	8123	$ gnunet-namestore -z example.com -a -n @ -t SOA -V rname=master.example.com \
8124	mname=hostmaster.example.com 2017030300,3600,1800,604800,600 -e 7200s	8124	mname=hostmaster.example.com 2017030300,3600,1800,604800,600 -e 7200s
8125	@end example	8125	@end example
8126		8126
8127	The transformation of MX records is done in a simple way.	8127	The transformation of MX records is done in a simple way.
8128	@example	8128	@example
8129	# mail.example.com. 3600 IN MX 10 mail.example.com.	8129	# mail.example.com. 3600 IN MX 10 mail.example.com.
8130	gnunet-namestore -z example.com -n mail -R 3600 MX n 10,mail	8130	$ gnunet-namestore -z example.com -n mail -R 3600 MX n 10,mail
8131	@end example	8131	@end example
8132		8132
8133	Finally, one of the biggest struggling points were the NS records that are found	8133	Finally, one of the biggest struggling points were the NS records that are found
@@ -8136,9 +8136,47 @@ records for those so that gnunet-gns can resolve records for those domains on
8136	its own. This requires migration of the DNS GLUE records as well, provided that	8136	its own. This requires migration of the DNS GLUE records as well, provided that
8137	they are within the same zone.	8137	they are within the same zone.
8138		8138
		8139	The following two examples show one record with a GLUE record and the other one
		8140	does not have a GLUE record. This takes place in the 'com' TLD.
		8141
		8142	@example
		8143	# ns1.example.com 86400 IN A 127.0.0.1
		8144	# example.com 86400 IN NS ns1.example.com.
		8145	$ gnunet-namestore -z com -n example -R 86400 GNS2DNS n example.com@@127.0.0.1
		8146
		8147	# example.com 86400 IN NS ns1.example.org.
		8148	$ gnunet-namestore -z com -n example -R 86400 GNS2DNS n example.com@@ns1.example.org
		8149	@end example
		8150
		8151	As you can see, one of the GNS2DNS records has an IP address listed and the
		8152	other one a DNS name. For the first one there is a GLUE record to do the
		8153	translation directly and the second one will issue another DNS query to figure
		8154	out the IP of ns1.example.org.
		8155
8139	A solution was found by creating a hierarchical zone structure in GNS and linking	8156	A solution was found by creating a hierarchical zone structure in GNS and linking
8140	the zones using PKEY records to one another. This allows the resolution of the	8157	the zones using PKEY records to one another. This allows the resolution of the
8141	nameservers to work within GNS while not taking control over unwanted zones.	8158	name servers to work within GNS while not taking control over unwanted zones.
		8159
		8160	Currently the following record types are supported:
		8161	@itemize @bullet
		8162	@item A
		8163	@item AAAA
		8164	@item CNAME
		8165	@item MX
		8166	@item NS
		8167	@item SRV
		8168	@item TXT
		8169	@end itemize
		8170
		8171	This is not due to a technical limitation but rather a practical one. The
		8172	problem occurs with DNSSEC enabled DNS zones. As records within those zones are
		8173	signed periodically, and every new signature is an update to the zone, there are
		8174	many revisions of zones. This results in a problem with bigger zones as there
		8175	are lots of records that have been signed again but no major changes. Also
		8176	trying to add records that are unknown that require a different format take time
		8177	as they cause a CLI call of the namestore. Furthermore certain record types
		8178	need transformation into a GNS compatible format which, depending on the record
		8179	type, takes more time.
8142		8180
8143	@node DNS Zone Size	8181	@node DNS Zone Size
8144	@subsubsection DNS Zone Size	8182	@subsubsection DNS Zone Size
@@ -8162,11 +8200,17 @@ are still displayed when calling gnunet-namestore but do not resolve with
8162	gnunet-gns. When doing incremental zone transfers this becomes especially	8200	gnunet-gns. When doing incremental zone transfers this becomes especially
8163	apparent.	8201	apparent.
8164		8202
		8203	I estimate that the limit lies at about 200'000 records in a zone as this is
		8204	the limit that my machine is capable of adding within one hour. This was
		8205	calculated by running cProfile on the application with a zone of 5000 records
		8206	and calculating what abouts a much bigger zones with 8 million records would
		8207	take. This results in a nice metric of records migrated per hour.
		8208
8165	@node Performance	8209	@node Performance
8166	@subsubsection Performance	8210	@subsubsection Performance
8167	The performance when migrating a zone using the ascension tool is limited by a	8211	The performance when migrating a zone using the Ascension tool is limited by a
8168	handful of factors. First of all ascension is written in python3 and calls the	8212	handful of factors. First of all ascension is written in Python3 and calls the
8169	CLI tools of gnunet. Furthermore all the records that are added to the same	8213	CLI tools of GNUnet. Furthermore all the records that are added to the same
8170	label are signed using the zones private key. This signing operation is very	8214	label are signed using the zones private key. This signing operation is very
8171	resource heavy and was optimized during development by adding the '-R'	8215	resource heavy and was optimized during development by adding the '-R'
8172	(Recordline) option to gnunet-namestore. This allows to add multiple records	8216	(Recordline) option to gnunet-namestore. This allows to add multiple records
@@ -8176,16 +8220,15 @@ The result of this was a much faster migration of TLD zones, as most records
8176	with the same label have two name servers.	8220	with the same label have two name servers.
8177		8221
8178	Another improvement that could be made is with the addition of multiple threads	8222	Another improvement that could be made is with the addition of multiple threads
8179	when opening the gnunet CLI tools. This could be implemented by simply creating	8223	when opening the GNUnet CLI tools. This could be implemented by simply creating
8180	more workers in the program but performance improvements were not tested.	8224	more workers in the program but performance improvements were not tested.
8181		8225
8182	During the entire development of the ascension tool sqlite was used as a	8226	During the entire development of Ascension sqlite was used as a database
8183	database backend. Other backends need to be tested in the future.	8227	backend for GNUnet. Other backends have not been tested yet.
8184		8228
8185	In conclusion there are many bottlenecks still around in the program, namely the	8229	In conclusion there are many bottlenecks still around in the program, namely the
8186	signing process and the single threaded implementation. In the future a solution	8230	signing process and the single threaded implementation. In the future a solution
8187	that uses the c api would be cleaner and better.	8231	that uses the C API would be cleaner and better.
8188
8189		8232
8190	@cindex GNS Namecache	8233	@cindex GNS Namecache
8191	@node GNS Namecache	8234	@node GNS Namecache