This archive is retained to ensure existing URLs remain functional. It will not contain any emails sent to this mailing list after July 1, 2024. For all messages, including those sent before and after this date, please visit the new location of the archive at https://mailman.ripe.net/archives/list/[email protected]/
[dns-wg] Using CDS delegation to add DS records (was Re: NCC reverse delegation criteria)
- Previous message (by thread): [dns-wg] NCC reverse delegation criteria
- Next message (by thread): [dns-wg] Using CDS delegation to add DS records (was Re: NCC reverse delegation criteria)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Shane Kerr
shane at time-travellers.org
Mon Jun 10 18:04:59 CEST 2019
Tony, On 10/06/2019 17.44, Tony Finch wrote: > Shane Kerr <shane at time-travellers.org> wrote: >> >> The good news is that as a member of the RIPE community, you and all of the >> rest of us have a chance to shape the policy here. If we think that we need a >> RIPE policy or other RIPE community recommendation to the RIPE NCC regarding >> delegation to open resolvers, we have a policy process we can follow to make >> one. > > I couldn't find out how to use the policy process to get RFC 7344 CDS > automation in place :-( Shortly before RIPE 75 people (including yourself) called for CDS/CDNSKEY support: https://labs.ripe.net/Members/anandb/the-future-of-dnssec-at-the-ripe-ncc At RIPE 77, Anand mentioned that the RIPE NCC was thinking about CDS/CDNSKEY, but wanted some discussion beforehand: https://ripe77.ripe.net/wp-content/uploads/presentations/137-RIPE77_DNS_Update.pdf You again asked for support of CDS/CDNSKEY during the meeting itself. The RIPE NCC recently announced at RIPE 78 that they now support RFC 8078 for reverse DNS: https://ripe78.ripe.net/presentations/138-138-RIPE78_DNS_Update.pdf This is only for updates (and I guess removals?) of DS records; the initial delegation has to be done manually. It seems like everything worked pretty well to me, although I suppose one could argue that the wait was too long. I'm not sure that we need any more policies than what we have. Of course, if the goal was ADDING of DS records, then I admit that the system is not there. I can see the benefit of being able to add DS records to the parent via CDS/CDNSKEY, especially for operators trying to secure (for example) reverse DNS for lots of /24's. Is this important to you (or anyone else)? Cheers, -- Shane
- Previous message (by thread): [dns-wg] NCC reverse delegation criteria
- Next message (by thread): [dns-wg] Using CDS delegation to add DS records (was Re: NCC reverse delegation criteria)
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
[ dns-wg Archives ]