Thanks for all the interesting replies! The reason for the question is to do with child-side tools for updating delegations. RFC 7344 CDS/CDNSKEY records are brilliant for this because they provide a standard interface between key management / signing software and registr* API client software: the registr* client can just [*] look at a zone file to work out what the delegation should be. And clearly a generic "gimme the secure delegation" function needs to have both DS and DNSKEY modes.
[*] modulo caveats about glue records Tony. -- f.anthony.n.finch <[email protected]> http://dotat.at/ the quest for freedom and justice can never end _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations
