Tony Finch <d...@dotat.at> writes: > The draft is operational advice, so I think the relevant advice here is > that if you are signing your zone with sloooow NSEC3 parameters, make sure > your secondaries are willing to serve such a zone first.
[this is sort of unrelated to the call for adoption, is good discussion about future text] So, what guidance do we want to insert? We have two potential guidance to include: guidance for primaries and guidance for secondaries. Maybe something like (better wordsmithing needed still): Operators of secondary services should advertise the parameter caps their servers will support. Primaries need to ensure that secondaries support the NSEC3 parameters they expect to use in their zones. Primaries, after changing parameters, should query their secondaries with appropriate known non-existent queries to verify the secondary servers are responding as expected. -- Wes Hardaker USC/ISI _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
