-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 op 11-04-14 23:12, Warren Kumari schreef: > > Can folk please let us know if they would prefer: A: The child > SHOULD remove the CDS/CDNSKEY RR from the zone once the parent has > published it (currently documented behavior) or > > B: The child SHOULD NOT remove the CDS/CDNSKEY RR (will require a > small edit to the doc)
I can remember the arguments against leaving them in the zone. They were: - -Leaving them in the zone makes the zone larger for a longer period of time, consuming more memory and bandwith for master-slave transfers. I think this is only minor, but it is an argument. - -Zones that do not support CDNSKEY/CDS don't have those records in the zone as well, so a provision by the server what to do in absence of the records should be made anyway for backward compatibility. - -If a zone is transfered to an operator not (yet) supporting CDNSKEY/CDS, what's the procedure for removing the records from the zone if they were compulsary? That's why we concluded that it was not compulsory to leave them in the zone, or even have them in the zone, but no harm should be done if people left them in the zone. I think the current text assumes people should allways remove the records. That I think is wrong. The text should say: - -It's ok to leave the records in the zone. - -It's also ok to take the records out of the zone, but if you do so, please follow these rules about the order to take them out: State rules. Because the procedure HOW to take the records out consumes more text, it looks like that's the standard procedure, but it isn't. That should be made more clear. Both leaving them in and taking them out are ok with me. So the text I would go with would be: C: The child MAY remove the CDS/CDNSKEY RR from the zone once the parent has published it, and this is how to do that safely. - -- Antoin Verschuren Technical Policy Advisor SIDN Meander 501, PO Box 5022, 6802 EA Arnhem, The Netherlands P: +31 26 3525500 M: +31 6 23368970 Mailto: [email protected] XMPP: [email protected] HTTP://www.sidn.nl/ -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.11 (GNU/Linux) iQEcBAEBAgAGBQJTS5aRAAoJEDqHrM883AgnkmkH+gINnriK4+jXSt60Fxv5RCSB s5HlL+D5ddfI9yq25p1Y/D438bqsSzOhiAufh3c9FVOmS36rTC3VJO2S5AcTLcOx IiCAI1yZW8zft6JEDGvz8ZGz/oA0lHuxIhrZLbMIGwDN4NPcAMOVsn/WbRrZ/7Eg ibrNrJ5ws87CzVyLIe0R6+ZQ/x65vyryai/Oq2plK6wXmmPPQPz5rw+da3qD2HI2 3b5VeIAGuo4TRgPZbF4Byo6BILZynTN0y5WQxzlTfX0OsRMQIdKQp3/C++uXCSTl 4kULKymoa6qjNuaxfBz3zuo+yQjdOv50iX0ULxx+GBC151iiTWD0bjJMggKSxhE= =rHOE -----END PGP SIGNATURE----- _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
