In message <[email protected]>, P Vixie wr ites: > > Note that this is rendezvous information for the management plane and has no > protocol significance. A distinct name in the child like _cds._dnssec.@ could > hold a DS record without confusion.
Which doesn't work if you have a DNAME at the zone apex. > Similarly, the current DS RR should really have been placed at _ds.child labe > l._dnssec.parentdomain to keep it unambiguously in the parent zone and away f > rom the delegation name. > > Is to late for the latter but not for the former. > > Let's not burn a type code just to keep CDS separate. If there is going to be zone scraping then the record must be at the zone apex. Mark -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: [email protected] _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
