On 05/07/2011 3:48 PM, Chris Thompson wrote:
On Jun 30 2011, Olafur Gudmundsson wrote:
[... snip ...]
It would be nice, and make the system more robust. FWIW I think NS can
be automatically maintained after we have DNSSEC by having the parent
copy what the child publishes.
At first sight this looks as though it only involves the parent and
child, but there could be problems with automatically updating glue.
The authoritative value of "required glue" may come from a grandchild
zone which is not signed, even if the child is, and "sibling glue"
could similarly involve unsigned zones.
Well is this any worse than what we have today with
stale/unneeded/forged glue ?
It is not just grand child glue we need to worry about it is sibling
glue and glue loops.
I do not know what is the right answer :-)
Olafur
_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop
