The IESG has received a request from the Domain Name System Operations WG (dnsop) to consider the following document: - 'Clarifications on CDS/CDNSKEY and CSYNC Consistency' <draft-ietf-dnsop-cds-consistency-09.txt> as Proposed Standard
The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the [email protected] mailing lists by 2025-10-29. Exceptionally, comments may be sent to [email protected] instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract Maintenance of DNS delegations requires occasional changes of the DS and NS record sets on the parent side of the delegation. For the case of DS records, "Automating DNSSEC Delegation Trust Maintenance" (RFC 7344) provides automation by allowing the child to publish CDS and/or CDNSKEY records holding the prospective DS parameters which the parent can ingest. Similarly, "Child-to-Parent Synchronization in DNS" (RFC 7477) specifies CSYNC records to indicate a desired update of the delegation's NS (and glue) records. Parent-side entities (e.g., Registries and Registrars) can query these records from the child and, after validation, use them to update the parent- side Resource Record Sets (RRsets) of the delegation. This document specifies that when performing such queries, parent- side entities has to ensure that updates triggered via CDS/CDNSKEY and CSYNC records are consistent across the child's authoritative nameservers, before taking any action based on these records. This document updates RFC 7344 and RFC 7477. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-dnsop-cds-consistency/ No IPR declarations have been submitted directly on this I-D. _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
