It appears that Mark Elkins <m...@posix.co.za> said: >> What has changed is the start of some Registrars taking on the role of >> "agent" for Registrants doing DNSSEC. ... >> So, the NOTIFY target could be such an agent (Registrar) who then >> forwards the appropriate update to the TLD via EPP. >> I.e. the target would not be the TLD itself (directly).
That was the thought. There's a certain amount of hand waving about how you find the NOTIFY target but no more than there is now for SOA NOTIFY. >This is certainly the approach I'd like to see. As a Registrar, about >40% of the Domains I've registered on behalf of Registrants are under my >DNS management and thus there is no need for either Polling or >Notifies. I'd also rather be in the path of any Updates by Registrants >that outsource their DNS. For the large fraction of domains managed by the registrar, this stuff doesn't matter unless a registrant delegates subdomains and wants to sign those. There are registries doing CDS scanning now, and registrars testing it. I agree that the flow back to the registrar if the registry does it is ugly so registrar is better where possible. We'll probably end up with both since some registrars aren't up to it. R's, John _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop