10 May
2011
10 May
'11
12:09 p.m.
Hi Shane,
Does the update check that a given DOMAIN object is actually secure before accepting a "ds-rdata:" field? Or is there any warning or other indication on the reply from the RIPE database? There are two things. One is that we only accept the ds-rdata once we have the OK from the RIR receiving that space that they can support it. This is what this announcement was about. So if you would try to submit ERX domain objects for space with for instance AfriNIC the database would refuse the ds-rdata there because AfriNIC does not yet support it.
The other thing is that the delegation checker like for any other delegation checks if the ds-rdata (at least one of them) corresponds to a DNSKEY in that zone. Cheers, W