Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-15 Thread Tony Finch
Paul Wouters wrote: > On Tue, 14 Nov 2017, Jacques Latour wrote: > > > Personally, I like a mix of #3 and #1, on a regular basis poll the entire > > zone for changes, and have a mechanism to listen to child notifications > > for urgent changes. > > Agreed. Yes. > > _AND_

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-14 Thread Paul Wouters
On Tue, 14 Nov 2017, Jacques Latour wrote: Personally, I like a mix of #3 and #1, on a regular basis poll the entire zone for changes, and have a mechanism to listen to child notifications for urgent changes. Agreed. _AND_ remember, the preferred method by far is to submit a DS/DNSKEY

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-14 Thread Jacques Latour
Parental synchronization is inevitable so we would be better to find the best way to make it happen. I think there are 3 plausible methods to do the synchronization. 1. Child Notification: Child sends NOTIFY to a predefined parental destination. The parent then polls the child zone for changes

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-14 Thread Tony Finch
Evan Hunt wrote: > > In the present context, I was only suggesting this method be used for > NOTIFY, not UPDATE -- to signal the parent that it should poll the child > for CDS/CDNSKEY. (I guess CSYNC could be included in the mix as well, > though, for updating NS and glue.) Yes.

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-14 Thread Mark Elkins
On 14/11/2017 01:37, Evan Hunt wrote: > On Tue, Nov 14, 2017 at 09:16:43AM +1100, Mark Andrews wrote: >> Remember the draft was designed to handle ALL record updates to the >> parent zone after being approved by the registrar in a unified manner. >> NS, DS, A, DNAME, , TXT, CNAME, etc. This

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-13 Thread Evan Hunt
On Tue, Nov 14, 2017 at 09:16:43AM +1100, Mark Andrews wrote: > Remember the draft was designed to handle ALL record updates to the > parent zone after being approved by the registrar in a unified manner. > NS, DS, A, DNAME, , TXT, CNAME, etc. This isn’t restricted to DS > records. In the

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-13 Thread Mark Andrews
> On 14 Nov 2017, at 5:45 am, Edward Lewis wrote: > > On 11/13/17, 13:30, "DNSOP on behalf of Evan Hunt" behalf of e...@isc.org> wrote: > >> Mark's idea to push updates to the parent instead of relying on polling used >> a SRV query to

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-13 Thread Paul Vixie
Evan Hunt wrote: ... Mark's idea to push updates to the parent instead of relying on polling used a SRV query to identify the correct recipient of an UPDATE: https://tools.ietf.org/html/draft-andrews-dnsop-update-parent-zones-04 The same trick could be used to find the right NOTIFY target.

Re: [DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-13 Thread Evan Hunt
On Mon, Nov 13, 2017 at 03:19:23PM +, Tony Finch wrote: > It seems to me that a reasonable in-band mechanism would be to send a > NOTIFY to the parental agent. I can only find a little discussion of this > idea in 2014, and it wasn't very enthusiastic - there were questions like, > how do you

[DNSOP] CDS polling, was Re: [Ext] Re: Clarifying referrals (#35)

2017-11-13 Thread Tony Finch
Edward Lewis wrote: > > The same issue came into play when trying to design the "Automating > DNSSEC Delegation Trust Maintenance" - related to scaling (the parent > has to poll the children, not the other way around). (In "Detecting a > Changed CDS/CDNSKEY", the parent