today it was proposed that NS2 be added as a new record-set type that
could exist in either the parent or the child, similar to NS, and
reminding several of us about the DS debacle.
DS should never have been placed at the delegation point, and has led to
a decade or longer of bugs and corner cases and complexity. it ought to
have been a nephew domain of the delegation point, but, in the parent:
so instead of example.com DS, it should have been example._dnssec.com DS.
this is the approach i suggest for anything like NS2.
--
P Vixie
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
