On Mar 3, 2010, at 2:24 PM, Tony Finch wrote:
On Wed, 3 Mar 2010, Jay Daley wrote:
But my point is that in the absence of a similar automated
mechanism for
NS records we use cut and paste and it works fine
No it doesn't. Delegations are frequently partially broken. It would
be
a wasted opportunity to automate DS maintenance without automating NS
maintenance. Reducing the inconsistency problem would be an ENORMOUS
improvement.
You excluded the previous line from Jay's email "I'm sure we could and
an automated update of DS records is a good idea."
I agree an automated mechanism is a good idea (although I am not sure
it will scale well to large zones). However, all registrants must
already have some secure way to get their NS to the parent. There is
no reason, as far as I can see, that with minimal work the same
mechanism could not be altered to cope with DS records.
John
---
John Dickinson
Sinodun Internet Technologies Ltd.
Stables 4, Suite 11
Howbery Park,
Wallingford,
Oxfordshire,
OX10 8BA,
U.K.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
