In article <[email protected]> you write: >> point back to that key, but not enough just to publish the secondaries' >> names directly. I don't get it. > >That could work, but'd mean the primary having to store >all the records and an extra lookup if even if you had the >public key cached. I believe the former could be an issue >if there are many secondaries, at least according to one >chat I had with someone involved with many domains (which >I'm not).
Well, OK, if that's an issue you spread the names out like we did with VBR. If the primary is foo.com and the secondary is bar.org: bar.org._same.foo.com. SAME . ; yes, we're a primary for whatever name that was _same.bar.org. SAME foo.com. ; yes, we're secondary for foo.com. This makes it somewhat more difficult to scrape all the secondaries for a primary which may be a feature. R's, John _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
