On 01/09/2014 05:40 AM, Olafur Gudmundsson wrote: > > On Jan 8, 2014, at 4:03 AM, Matthijs Mekking <[email protected]> wrote: > >> On 01/08/2014 05:53 AM, Olafur Gudmundsson wrote: >>> Note; >>> This case is one of the reasons I want children to remove the C* records >>> after parent performs the update, >>> then there is no chance of JoJo updates by parent depending on which >>> Nameserver is polled. >> >> But the parent would still need to deal with the case that the C* is the >> same: The child may not yet have removed the record because it had not >> yet come to the conclusion that all DS records at the parent name >> servers are in sync. In this scenario, the parent shall also not take >> action (just like if there was no C* RRset). >> >> I think looking at the inception time is a better approach to prevent >> JoJo updates. > > > So you want an Parental Agent to look inside the RRSIG(s) as tiebreaker ?
Yes. And I don't see any harm in that: The Parental Agent already has to check the packet because of the Continuity rule. Best regards, Matthijs > > Olafur > > > _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
