Hi,

On Thu, 6 Sep 2012 11:08:39 +0200 Phil Regnauld <regna...@nsrc.org> wrote:

>       There are indeed many ways to facilitate recovery, not all of them
>       practical or realistic.

Yes, currently there are some cases listed in the document, but I'd 
like to narrow down the list and remain 1 or 2 as a best practice in 
the succeeding document.

>       Case 6: always have a backup (fallback) DS, published alongside the
>       existing (production) DS record or records (during rollover) currently
>       associated with the currently active (production) KSK.

This is yet another preventive countermeasure.  Child zone administrator 
who take this practice should use short TTL for DNSKEY.  I'll take into 
consideration your suggestion.

>       The problem with the ID may be that there are so many different ways
>       of doing this (hinted at by the phrase "Registration system (or zone
>       generation system) of parent zone will be complicated.")...

As mentioned above, I'd like to compare each cases based on experiences 
and select 1 or 2 as best practice.

Regards,

-- 
Yoshiro YONEYA <yoshiro.yon...@jprs.co.jp>

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to