I think what we have here is (as Daffy Duck famously put it) "pronoun trouble".
The target for a NOTIFY would necessarily be found in the SOA record of the registrant's zone, not the parent's zone. I think that's where the confusion has arisen. The SOA record would need to be initially configured appropriately, based on instructions from the Registrar (for example), or the CCTLD operator (for non-RRR situations). That initial step is converting what would otherwise have needed to be out-of-band into an in-band mechanism. NB: that information would be intended for human consumption and zone configuration, or for use by appropriate tools that get supplied the parameter(s). I don't think specifying locations for tooling to scrape data and use it is a good idea. The NOTIFY would most likely be signaling the existence of something like a CDS and/or CDNSKEY record. The NOTIFY would not be sent to a destination derived from the parent zone's SOA, in all likelihood. BTW, this use of registrant's zone's SOA.MNAME supports both the non-hidden master/signer, and the hidden master/signer use cases, AFAICT. Brian On Wed, Nov 8, 2023 at 12:49 PM John R Levine <jo...@taugh.com> wrote: > On Wed, 8 Nov 2023, Joe Abley wrote: > > I think the idea is that these two existing and well-implemented > mechanisms should be considered first to see if they fit before anybody > goes to the trouble of inventing new ones. > > The most likely use case for this stuff is for a domain registrant to > update the DNSSEC info in a TLD, and I'm pretty sure you know more about > the way .ORG is set up than I do. Since the registrant is a customer of > her registrar, that's where the NOTIFY needs to go. > > How well do you think it would work to send NOTIFY to the anycast mirrors > that serve the .ORG zone? FWIW, even for my own tiny DNS setup, I use > NOTIFY to sync with a mirror at a nearby ISP and I have to notify his > hidden primary which does not appear in any NS or SOA records. > > R's, > John > > _______________________________________________ > DNSOP mailing list > DNSOP@ietf.org > https://www.ietf.org/mailman/listinfo/dnsop >
_______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop