[DNSOP] data at delegation points

Paul Vixie <paul@redbarn.org> Tue, 14 April 2020 15:44 UTC

Return-Path: <paul@redbarn.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 02A7A3A09BA for <dnsop@ietfa.amsl.com>; Tue, 14 Apr 2020 08:44:05 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.899
X-Spam-Status: No, score=-1.899 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id Qg_ylzqhcpb5 for <dnsop@ietfa.amsl.com>; Tue, 14 Apr 2020 08:44:03 -0700 (PDT)
Received: from family.redbarn.org (family.redbarn.org [IPv6:2001:559:8000:cd::5]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0279A3A09B3 for <dnsop@ietf.org>; Tue, 14 Apr 2020 08:44:02 -0700 (PDT)
Received: from [IPv6:2001:559:8000:c9:ed85:ad69:1e97:9524] (unknown [IPv6:2001:559:8000:c9:ed85:ad69:1e97:9524]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client did not present a certificate) by family.redbarn.org (Postfix) with ESMTPSA id 69816B074A for <dnsop@ietf.org>; Tue, 14 Apr 2020 15:44:00 +0000 (UTC)
To: "dnsop@ietf.org" <dnsop@ietf.org>
From: Paul Vixie <paul@redbarn.org>
Message-ID: <060513e7-742d-6de9-cf16-c367fbb13845@redbarn.org>
Date: Tue, 14 Apr 2020 08:43:59 -0700
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:52.0) Gecko/20100101 PostboxApp/7.0.12
MIME-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Language: en-US
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/KzMd8qU9Rsh_GccMmei8GhHYHss>
Subject: [DNSOP] data at delegation points
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Apr 2020 15:44:05 -0000

today it was proposed that NS2 be added as a new record-set type that 
could exist in either the parent or the child, similar to NS, and 
reminding several of us about the DS debacle.

DS should never have been placed at the delegation point, and has led to 
a decade or longer of bugs and corner cases and complexity. it ought to 
have been a nephew domain of the delegation point, but, in the parent:

so instead of example.com DS, it should have been example._dnssec.com DS.

this is the approach i suggest for anything like NS2.

P Vixie