I was looking at our server to evaluate the MIXFR implementation and it seams to me that the current text covering dnssec aware client logic don't take in account that a posterior record at the addition section, by an MIXFR DNSSEC aware server, will implicitly replace the RRSIG RRset.
Logic could be simplified only to Deletions of RRs, when they conclude a removal of a RRset, or RRsets by itself. All the other cases, addition or replacement, will be covered automatically by an addition or replace of a RRSIG RRset. There is no need to extra client logic to remove RRSIG, at addition of a RR, and at deletion of a RR if it not remove the RRset. This is documented as issue #10 and includes proposed text. https://github.com/matje/mixfr/issues/10 Fred _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop