On 13 okt 2013, at 10:26, Marco Davids (SIDN) <[email protected]> wrote:
> For instance, what would happen if the registrar would upload the wrong > DNSKEY/DS to the parent and want to correct that? Would be impossible, > because validation is broken at that time? This is a rat hole. We have had the discussion many times whether lame delegation is ok to produce when a child names its auth servers to the parent. We do not agree on whether the parent should validate that. Some registries do validate not only that but many other things (that MX exists, that A record exists etc), and we will have similar issues with DS/DNSKEY. I just do not see it being possible to agree here. What we should spend time on is instead to, for example, agree on whether DS or DNSKEY is what the registry want, and after that agreement work on making it even easier for people to do the right thing. That is, I think, the only way we can minimize the number of cases people do the wrong thing. Patrik
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
