[dns-operations] What would it take...

[Tony Finch]

Edward Lewis <edward.lewis at icann.org> wrote:
>
> Note that my request was not for a means to update the parent but to
> prevent the child from shooting themselves in the foot.  A much less
> involved operation.

In this immediate case the problem was caused by a change of operator for
the zone, and the registrar(s) failed to handle DNSSEC properly as part of
the transfer.

I think this is a simpler situation to deal with than a botched key
rollover, assuming registrars can be persuaded to add the necessary sanity
checks to their processes. This doesn't have to be anything ambitious like
fully secure domain transfers: either stop the transfer or ask the
registrant to make the domain insecure if the nameservers are changed and
the new ones do not have a properly signed zone.

Tony.
-- 
f.anthony.n.finch  <dot at dotat.at>  http://dotat.at/
Rockall, Malin, Hebrides, Bailey: West backing southeast then veering
southwest, 6 to gale 8 increasing gale 8 to storm 10, occasionally violent
storm 11 later in Rockall and Bailey. Very rough or high, becoming high or
very high except in Malin. Rain or showers. Moderate or poor.