Named at least will forward UPDATE to the primary servers. It’s off by default because it hides the source address and UPDATE may be restricted by IP address but it works with both TSIG and SIG(0). This is standards defined behaviour. TSIG was designed to support this. SIG(0) requires a bit more care as the QID is coved by the SIG(0). Adding forwarding of NOTIFY(CDS), NOTIFY(CDNSKEY) would be trivial. Directing it to another “server" would also be trivial.
Keep in mind that this is a new and different use of NOTIFY for CDS rather than AXFR. The message format is the same but the flow goes in a completely different direction, from child zone to parent, not primary to secondary.
Regards, John Levine, jo...@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
