> Let me just point out a key distinction: the typical use case > of DELEG should be kind-of child centric. Most people will only use a simple alias-mode DELEG at the parent, pointing somewhere > into their DNS hoster's namespace. That's practically important, > because all the information can then be managed by that entity > without touching the parent (e.g. on KSK rollovers).
To avoid confusion, we should avoid calling DELEG in alias mode 'child centric'. The target of a DELEG alias cannot be stored in the child zone. It would not resolve if you do. Resolvers cannot judge whether the alias at the parent seems sensible or not. So if the parent makes a mistake and points the alias to a random other DNS provider then resolvers will just blindly follow that link even if they have the child zone cached already. Personally, I think that is fine. I think a parent delegates name space to a child, the parent can also take it back and point it somewhere else. However for people who feel strong about child centric, something else might be needed. _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
