Quoting Stephane Bortzmeyer on Friday November 10, 2017: > > > I'll note that from a technical/mechanical perspective, ICANN's and > > Verisign's root zone management systems already know how to deal > > with delegations. A DNAME in the root would require an unknown level > > of development by both parties. > > I've never read the source code of the root zone management system, > but it seems surprising that it could be a non-trivial level of > development. I assume this system is complicated because it is highly > sensitive, and because it needs to incorporate a lot of defenses > against both mistakes and attacks, but they should be more or less the > same for DNAME and NS/A/AAAA, no? ... > Wild guess (and I pay beers if I'm wrong): the technical work will > take much less time than the process one.
I suspect that would be a distinction without a difference. Any process changes need to be mapped into technical changes to the systems, as the whole business process from beginning to end is processed in the systems. Allowing DNAME records in the root zone is adding a new concept into root zone management that hasn't been catered to before. Just one of the many things that would need to be looked at is how to transmit DNAME provisioning requests via EPP. I don't know if there is even an EPP mapping for this. We haven't studied what would be involved, but I feel confident in predicting the whole exercise would be non-trivial. kim _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
