[dns-operations] DS RR in authoritative NS?

Jim Popovitch jimpop at gmail.com
Fri Aug 7 20:56:26 UTC 2015


On Fri, Aug 7, 2015 at 1:19 PM, Casey Deccio <casey at deccio.net> wrote:
> On Fri, Aug 7, 2015 at 1:02 PM, Jim Popovitch <jimpop at gmail.com> wrote:
>>
>> Looking for best practice advice on whether or not an authoritative NS
>> should publish DS RRs.
>
>
> The zone authoritative for DS records is the parent zone (RFC 4033, section
> 2, "Authoritative RRset").  So, if you want a secure link between parent and
> child, then you publish the DS records in the parent.  But you never publish
> them in the child; it would be considered out-of-zone data.
>
> Cheers,
> Casey

Thanks Casey.

-Jim P.



More information about the dns-operations mailing list