On 04/14/2014 02:32 PM, Antoin Verschuren wrote: > op 12-04-14 09:28, Patrik Fältström schreef: >> No, I want B. That CDS and CDNSKEY is staying in the zone. > > To keep it in the same thread, > I want: > > C: The child MAY remove the CDS/CDNSKEY RR from the zone once the > parent has published it, and this is how to do that safely. > > So I'm ok if they stay in, but we need a way to get them out for the > ones that need that.
I actually am for C too, mainly because the parental agent has to deal with this scenario anyway. As long as this is not the default scenario, it is fine with me. Hence MAY sounds reasonable to me. The rules can be: Wait until the new CDS and/or CDNSKEY RRsets have propagated to all the child name servers. Then, for each parent name server, query the DS RRset and make sure it is in sync with the CDS and/or CDNSKEY RRset. Only then it is safe to remove the CDS and/or CDNSKEY RRsets again. Best regards, Matthijs > _______________________________________________ > DNSOP mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dnsop > _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
