On Thu, 13 Nov 2025, Kim Davies wrote:
It seems the overarching concept is to implement technical mechanisms that limit the ability for someone to administer a zone with extreme deference to subordinate delegations. If that was a sound practice, I would think a general purpose mechanism that is promoted at all levels of the DNS should be considered rather than one specific to one zone.
You have a point. I could see it being useful in a situation where you're more worried about incompetence than malice. No, I don't care what that consultant told you, you don't get to change this part of our DNS unless we sign it with *our* key.
R's, John _______________________________________________ DNSOP mailing list -- [email protected] To unsubscribe send an email to [email protected]
