Evan Hunt <e...@isc.org> wrote: > > In the present context, I was only suggesting this method be used for > NOTIFY, not UPDATE -- to signal the parent that it should poll the child > for CDS/CDNSKEY. (I guess CSYNC could be included in the mix as well, > though, for updating NS and glue.)
Yes. > I would suggest the child should be polled periodically regardless. If > the SRV record were spoofed, causing the child to send a NOTIFY to the > wrong address, synchronization should still occur, just not as quickly. The starting point for this thread was parental agents saying they don't like polling, but having thought about this a bit more I think I agree that it would be unwise not to poll. If there's a way to get polled early by NOTIFY then that's probably still good for both parent and child - parent can poll more slowly, and child can get prompt updates. I read Mark Elkins' article with interest. I would prefer to use NOTIFY rather than a web hook because it's much more plausible to imagine supporting this inside a DNS server with some kind of notify-parent feature. I like the idea of being able to automatically discover where to send parental notifies. But this can only work if the parental agent doesn't require TSIG. On the other hand, we can't rely on autodiscovery because I wouldn't bet on the registries publishing the necessary SRV records... Any opinions on whether this is worth pursuing? Tony. -- f.anthony.n.finch <d...@dotat.at> http://dotat.at/ - I xn--zr8h punycode Viking, North Utsire: Northwesterly backing westerly 5 to 7. Moderate or rough, occasionally very rough later in north. Squally showers. Good. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
