Note that this is rendezvous information for the management plane and has no
protocol significance. A distinct name in the child like _cds._dnssec.@ could
hold a DS record without confusion.
Similarly, the current DS RR should really have been placed at _ds.child
label._dnssec.parentdomain to keep it unambiguously in the parent zone and away
from the delegation name.
Is to late for the latter but not for the former.
Let's not burn a type code just to keep CDS separate.
Tony Finch <[email protected]> wrote:
>Paul Hoffman <[email protected]> wrote:
>>
>> Except that this thread has brought out many problems in the -01
>draft
>> that will likely result in changes that will make CDS special, not
>just
>> like other records. At that point, you will have to decide if having
>a
>> CDS record is a better idea than just re-using DS.
>
>Re-using DS simply won't work, because you can't specify which side of
>the
>zone cut to query when the child and parent are on the same server.
>
>From the point of view of name servers and resolvers, CDS is not
>special.
>
>It is slightly special for signers, and the parent update systems that
>consumes CDS records need slightly special validators.
>
>Tony.
>--
>f.anthony.n.finch <[email protected]> http://dotat.at/
>Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at
>first.
>Rough, becoming slight or moderate. Showers, rain at first. Moderate or
>good,
>occasionally poor at first.
>_______________________________________________
>DNSOP mailing list
>[email protected]
>https://www.ietf.org/mailman/listinfo/dnsop
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
