It appears that Mark Elkins  <m...@posix.co.za> said:
>> What has changed is the start of some Registrars taking on the role of 
>> "agent" for Registrants doing DNSSEC. ...
>> So, the NOTIFY target could be such an agent (Registrar) who then 
>> forwards the appropriate update to the TLD via EPP.
>> I.e. the target would not be the TLD itself (directly).

That was the thought. There's a certain amount of hand waving about
how you find the NOTIFY target but no more than there is now for SOA
NOTIFY.

>This is certainly the approach I'd like to see. As a Registrar, about 
>40% of the Domains I've registered on behalf of Registrants are under my 
>DNS management and thus there is no need for either Polling or 
>Notifies. I'd also rather be in the path of any Updates by Registrants 
>that outsource their DNS.

For the large fraction of domains managed by the registrar, this stuff
doesn't matter unless a registrant delegates subdomains and wants to
sign those.

There are registries doing CDS scanning now, and registrars testing
it. I agree that the flow back to the registrar if the registry does
it is ugly so registrar is better where possible. We'll probably end
up with both since some registrars aren't up to it.

R's,
John

_______________________________________________
DNSOP mailing list
DNSOP@ietf.org
https://www.ietf.org/mailman/listinfo/dnsop

Reply via email to