On Jan 8, 2014, at 4:03 AM, Matthijs Mekking <[email protected]> wrote:
> On 01/08/2014 05:53 AM, Olafur Gudmundsson wrote:
>> Note;
>> This case is one of the reasons I want children to remove the C* records
>> after parent performs the update,
>> then there is no chance of JoJo updates by parent depending on which
>> Nameserver is polled.
>
> But the parent would still need to deal with the case that the C* is the
> same: The child may not yet have removed the record because it had not
> yet come to the conclusion that all DS records at the parent name
> servers are in sync. In this scenario, the parent shall also not take
> action (just like if there was no C* RRset).
>
> I think looking at the inception time is a better approach to prevent
> JoJo updates.
So you want an Parental Agent to look inside the RRSIG(s) as tiebreaker ?
Olafur
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
