On Mar 7, 2013, at 10:58 , Tony Finch wrote: > Paul Wouters <[email protected]> wrote: >> >> To get back to the draft: I have not seen too many people talk about the >> CNS/GLUE record types. Should those be in this draft, a separate draft, >> or no where? > > Why not use the child's normal NS records?
So, while I'm really late to this party due to travel, I would like to say that I strongly believe this to be the right approach. As many of you know I've been advocating this for years, and am using this in production since about 2006 or so. I.e. "sync" of the NS RRset, and the glue is trivial really, because it is data that is authoritative in the child, has a signature by the child and can be validated by the parent. The only reason that we're even discussing the CDS proposal (which I'm all in favour of) is that the DS record has the distinction of not being authoritative in the child, and hence not having a signature by the child anywhere. So we need a new record for that, enter CDS. Complicating this further than having the parent validate something that the child is authoritative for and if it validates then just copy it into the parent zone (assuming that's the parent's policy) does send off lots of danger signals and I fear we may rathole for a very long time. So while things like the swiss army knife approach a la "PARENT [subtype]" may look clever and flexible, I really think it is a howitzer disguised as an army knife. And all we need is a very small weapon to kill a rather small (but important) problem. The KISS principle. Regards, Johan _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
