Edward Lewis <edward.le...@icann.org> wrote: > > The same issue came into play when trying to design the "Automating > DNSSEC Delegation Trust Maintenance" - related to scaling (the parent > has to poll the children, not the other way around). (In "Detecting a > Changed CDS/CDNSKEY", the parent either polls or has to have something > out-of-DNS-band: " The delegation user interface has a button".)
Funny you should mention that - I have been thinking about it. One of the most common reactions I have seen to RFC 7344 is the scaling issue (though you need to be over a million signed delegations before it gets seriously problematic, I guess). It seems to me that a reasonable in-band mechanism would be to send a NOTIFY to the parental agent. I can only find a little discussion of this idea in 2014, and it wasn't very enthusiastic - there were questions like, how do you know where to send the NOTIFY? On the other hand there are similar questions about how you would make an out-of-band request. (From my point of view, adding some also-notify configurations would be a lot easier than implementing draft-latour-dnsoperator-to-rrr-protocol!) Dunno if this is worth pursuing ... Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode South Fitzroy: Northeasterly 4 or 5, occasionally 6 in east. Moderate or rough. Fair. Good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
