On 27 feb 2013, at 14:18, Alexander Mayrhofer <[email protected]> wrote:
> We've been discussing internally whether or not including DS records into a > zone without respective NS record(s) makes any sense (assuming that there are > no other RRSETs for the respective label in the zone itself - pure > "delegation" scenario)... My personal assumption is that it does not, since > the DS record can never be used to verify the information in the > (unreachable) delegated zone? It sort of does not make any sense, but I would be nervous if you set a policy that force the NS to exist before you publish DS. This because adding NS and adding DS are two different epp operations, and you would set a constraint on in what order such things could happen. And for example that removing NS would not be allowed if not DS is removed first (or DS implicitly be removed if NS is removed). That in turn would create race conditions in the case NS is changed completely because even for a fraction of a section a domain name that is registered might exist in the registry without any NS records, but with DS. So, I this "makes no real sense" be one of acceptable things that domain name holders should be allowed to do if they want. And/or the registrar of course that have their internal algorithms regarding in what order various epp commands are made. paf _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
