On Thu, 3 Oct 2013, Dickson, Brian wrote:
This allows children to present DS to those parents who want DS, and
DNSKEY to those who would prefer to calculate DS on their children's
behalf.
I still strongly prefer CDS (and CDNSKEY) to keep the record formats
identical, making things a lot easier on implementors and humans editing
zone files. I see no strong reason to merge these two things into one
RRTYPE of CTA.
There is the issue of "big zone operators would need to do twice as many
queries".
Why? The big zone operators only need to support one type - the type
that matches their policy. If they need a DNSKEY, they look for CDNSKEY.
If they need a DS, they look for CDS.
What if someone puts both types in their zone?
Ignore both?
Admittedly there are the possible cases of CTA records of both flavors,
but that is much less likely to occur deliberate or accidentally, than
having both CDS and CDNSKEY.
I'm not sure about that.
Copy/paste, file merge, script errors - all have non-zero chance of "same
record format" => "conflicting entries" occurring.
On the other hand, the odds of someone writing a script, or
copying/pasting, into a DIFFERENT format, are near zero.
In this case, different format is a feature, not a bug. :-)
Using dig to check child and parent is a better feature :P
Paul
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
