On 7/12/13 8:19 AM, Warren Kumari wrote:
On Jul 8, 2013, at 3:32 PM, Patrik Fältström <p...@frobbit.se> wrote:
On 8 jul 2013, at 20:49, "Dickson, Brian" <bdick...@verisign.com> wrote:
However, maybe something like a "PNS" (parent NS) in the child, where the
child is authoritative for the data, could signal {change | validation}
(depending on the RRR requirements), would do the trick?
Might solve some events, but I do not think it solves the most important
situation, that DNS is moved from one DNS provider to another. The old DNS
provider can not be asked to enter NS records for the gaining provider... And
using NS (in reality, as you look for auth servers) to fetch NS data seems to
me be a bit...fishy... ;-) The attack vector against such a situation is very
complicated.
And is *precisely* why this document / technique is not trying to "solve" it.
This is why this is a good idea to me.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
