Technical Summary
Maintenance of DNS delegations requires occasional changes of the DS
and NS record sets on the parent side of the delegation. For the
case of DS records, "Automating DNSSEC Delegation Trust Maintenance"
(RFC 7344) provides automation by allowing the child to publish CDS
and/or CDNSKEY records holding the prospective DS parameters which
the parent can ingest. Similarly, "Child-to-Parent Synchronization
in DNS" (RFC 7477) specifies CSYNC records to indicate a desired
update of the delegation's NS (and glue) records. Parent-side
entities (e.g., Registries and Registrars) can query these records
from the child and, after validation, use them to update the parent-
side Resource Record Sets (RRsets) of the delegation.
This document specifies that when performing such queries, parent-
side entities has to ensure that updates triggered via CDS/CDNSKEY
and CSYNC records are consistent across the child's authoritative
nameservers, before taking any action based on these records.
This document updates RFC 7344 and RFC 7477.
Working Group Summary
There was no controversary during the development of the document in the WG.
Comments from the WG and from the DNS Directorate Early Review, in particular,
were adequately addressed.
Document Quality
This draft has been implemented by:
* TANGO Registry Services
* CORE Registry
Also, Oli Schafer reported on the WG mailing list: "We (Switch, ch./li.)
implemented CDS consistency checking based on this draft in our CDS record
scanner."
Personnel
The Document Shepherd for this document is Ondřej Surý.
The Responsible Area Director is Mohamed Boucadair.