----- Original Message ----- From: "Shane Kerr" <sh...@isc.org> To: "Wolfgang Nagele" <wnag...@ripe.net> Cc: <dnsop@ietf.org> Sent: Thursday, July 01, 2010 9:01 PM Subject: Re: [DNSOP] Fwd: New Version Notification fordraft-mekking-dnsop-auto-cpsync-00
> I do think that George's approach only makes sense if some more work is > done fleshing out the actual algorithm the parent uses. For example, > what happens when some of the child name servers disagree? Well I don't expect the parent to consult multiple servers, unless some servers are non-responsive, but yes, there could be problems with incoherence. The parent server might see the new CDS RRset on one nameserver, but later fetch the old one from a slave that has not yet been updated, which could result in the new DS appearing, and then disappearing (bad). I guess the parent should check the signature inception of the RRSIG for the CDS, and ignore the RRset if the signature inception has decreased ( serial number arithmetic ). I will incorporate that in the next version of the draft unless someone comes up with a better idea. - George _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
