On Thu, 7 Mar 2013, Doug Barton wrote:
I also think it makes more sense to signal the parent to act, rather than having the parent need to periodically poll the zone to detect the existence of special records, or updates to those records. I also like signalling in order to avoid cluttering the child zone with these types of hints to the parent.
signaling won't work for too many reasons: - hidden primaries - hidden DNSSEC signers - unwillingness for large AUTH servers to add complexity to their main public servers. - firewalls between child and parent - firewalls between parent and signer - additional security checks of the signalling, anti-DDOS measures, etc If you have a parent-child signaling relationship that works, why not use something like dynamic updates? Or for the RRR case, you could do some signaling over EPP. Paul _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
