The purpose of this page is to give an overview of the EnforcerNG design, design decisions, and implementation details.
Future work on EnforcerNG
Recommendation: Further work on profiling the enforcement of zones is required!
A decision was taken to re-factor the entire database layer in March 2014. Here are some suggestions for how the re-factor could be done:
- There has been some discussion on the developer list as to why and how the re-factor should be done. It is recommended that this page is used to hold design documents as the re-factor moves forward. It would be helpful from an architectural and knowledge sharing point of view if the following documents were created:
- the architecture of the system immediately prior to the re-factor and the
- the proposed design for the re-factor and the reasons for it
- the actual design after the re-factor
- It is also proposed that a review team of at least 3 developers is involved in the re-factor as it progresses. This is to reduce the risk of
- a single developer making design decisions in isolation
- ending up with a component that is only well understood by a single developer, which is clearly a risk for the project
- sufficient documentation not being produced
- It is recommended that as many regression tests as possible are enabled before the re-factor is done to provide as much automated regression testing as possible
- It is also recommended that the benchmarking tests are improved and re-run as each of the stages of the re-factor are completed to ensure that the previous levels of performance are met or exceeded.
Enforcer NG (Q4 2013-Q1 2014)
Enforcer NG 2011-2013
This section contains documents generated in the developmet done mostly during 2011-2103:
- Yuri's paper on DNSSSEC key state transitions: enforcer_rules.pdf
- Yuri's paper on "Flexible and Robust Key Rollover in DSNSSEC": satin2012-Schaeffer.pdf
- Underlying key states as described in the above paper: