I have also had a look at this document which I in general do believe is sound, although there are a few events I would like to have described in the document. Reason for this is that I see it being really important that it is implemented the same way in all usage scenarios.
One such situation is what is to happen when NS records changes in the parent zone. An immediate reaction is that change of NS records should trigger fetch of CDS record from the child zone so that the new DS can be included in the new version of the zone that have the new NS records. Careful thinking should say whether that is a correct thinking of me. Another situation is what to do (by the parent) when inconsistent CDS records are found from the authoritative servers for the zone (with and without identical serial numbers in the SOA). And a third if the auth servers queried at should be the ones that there are NS records for in the parent zone or the NS records that exists in the child zone. This to resolve inconsistencies between information in parent and child zones and between auth servers. Lastly, I think it should be very clear not only what the priority is between different versions of CDS records, but also between CDS records and epp commands. If different registries implement different policies here, the world might risk being much messier than what we want. Hope this helps. Patrik _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
