Hi, On Thu, 6 Sep 2012 11:08:39 +0200 Phil Regnauld <regna...@nsrc.org> wrote:
> There are indeed many ways to facilitate recovery, not all of them > practical or realistic. Yes, currently there are some cases listed in the document, but I'd like to narrow down the list and remain 1 or 2 as a best practice in the succeeding document. > Case 6: always have a backup (fallback) DS, published alongside the > existing (production) DS record or records (during rollover) currently > associated with the currently active (production) KSK. This is yet another preventive countermeasure. Child zone administrator who take this practice should use short TTL for DNSKEY. I'll take into consideration your suggestion. > The problem with the ID may be that there are so many different ways > of doing this (hinted at by the phrase "Registration system (or zone > generation system) of parent zone will be complicated.")... As mentioned above, I'd like to compare each cases based on experiences and select 1 or 2 as best practice. Regards, -- Yoshiro YONEYA <yoshiro.yon...@jprs.co.jp> _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop