[dnssec-deployment] Problems with DS change in registry/registrar environment
paul at xelerance.com
Tue Jun 30 10:33:15 EDT 2009
On Tue, 30 Jun 2009, Patrik Fältström wrote:
> A.3. Have the registry remove DS implicitly if domain is transferred to
> registrar that does NOT handle DNSSEC.
> My suggestion is that we look carefully on option A.3. This does not imply
> any changes to any pieces of the protocol, deployed operation or such. And
Note that if you remove the DS record from the parent, you should then wait
the TTL before allowing the transfer, or else you will still have the domain
go dark for those who validators that have the DS record cached.
More information about the Dnssec-deployment