Mark's right.
Mark Andrews <ma...@isc.org> wrote:
>
>In message <d1b81df4-99d1-4e1f-9654-e73a90d19...@email.android.com>, P
>Vixie wr
>ites:
>>
>> Note that this is rendezvous information for the management plane and
>has no
>> protocol significance. A distinct name in the child like
>_cds._dnssec.@ could
>> hold a DS record without confusion.
>
>Which doesn't work if you have a DNAME at the zone apex.
>
>> Similarly, the current DS RR should really have been placed at
>_ds.child labe
>> l._dnssec.parentdomain to keep it unambiguously in the parent zone
>and away f
>> rom the delegation name.
>>
>> Is to late for the latter but not for the former.
>>
>> Let's not burn a type code just to keep CDS separate.
>
>If there is going to be zone scraping then the record must be at
>the zone apex.
>
>Mark
>--
>Mark Andrews, ISC
>1 Seymour St., Dundas Valley, NSW 2117, Australia
>PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org
>_______________________________________________
>DNSOP mailing list
>DNSOP@ietf.org
>https://www.ietf.org/mailman/listinfo/dnsop
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
