On Sat, 8 Mar 2014, Mark Andrews wrote:
nsupdate requires a new set of credentials, as well as a new API as to
where to send the nsupdate to, possibly with new firewall holes. It
requires dynamic zones or custom software pretending to run dynamic
zones to take the update. The domain owner would need to keep another
secret on their "live nsupdate machine" apart from the private KSK key.
Which is a whole load do FUD.
Could you be a little more specific?
Paul
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
