[dns-operations] DS RR in authoritative NS?
Casey Deccio
casey at deccio.net
Fri Aug 7 17:19:12 UTC 2015
On Fri, Aug 7, 2015 at 1:02 PM, Jim Popovitch <jimpop at gmail.com> wrote:
> Looking for best practice advice on whether or not an authoritative NS
> should publish DS RRs.
The zone authoritative for DS records is the parent zone (RFC 4033, section
2, "Authoritative RRset"). So, if you want a secure link between parent
and child, then you publish the DS records in the parent. But you never
publish them in the child; it would be considered out-of-zone data.
Cheers,
Casey
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20150807/2bfad019/attachment.html>
More information about the dns-operations
mailing list