Mark's right.
Mark Andrews <[email protected]> wrote:
>
>In message <[email protected]>, P
>Vixie wr
>ites:
>>
>> Note that this is rendezvous information for the management plane and
>has no
>> protocol significance. A distinct name in the child like
>_cds._dnssec.@ could
>> hold a DS record without confusion.
>
>Which doesn't work if you have a DNAME at the zone apex.
>
>> Similarly, the current DS RR should really have been placed at
>_ds.child labe
>> l._dnssec.parentdomain to keep it unambiguously in the parent zone
>and away f
>> rom the delegation name.
>>
>> Is to late for the latter but not for the former.
>>
>> Let's not burn a type code just to keep CDS separate.
>
>If there is going to be zone scraping then the record must be at
>the zone apex.
>
>Mark
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: [email protected]
>_______________________________________________
>DNSOP mailing list
>[email protected]
>https://www.ietf.org/mailman/listinfo/dnsop
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
