From 1c7195b13b6288ada1fb982d9817945aacb707b4 Mon Sep 17 00:00:00 2001 From: Martin Schanzenbach Date: Fri, 25 Feb 2022 19:50:47 +0100 Subject: fix supplemental records with ZDs and redirs --- draft-schanzen-gns.xml | 16 +++++++++++++--- 1 file changed, 13 insertions(+), 3 deletions(-) diff --git a/draft-schanzen-gns.xml b/draft-schanzen-gns.xml index 277113f..46dba5a 100644 --- a/draft-schanzen-gns.xml +++ b/draft-schanzen-gns.xml @@ -938,7 +938,10 @@ zTLD[126..129].zTLD[63..125].zTLD[0..62] A zone delegation record payload contains the public key of the zone to delegate to. A zone delegation record MUST have the CRTITICAL flag set - and MUST be the only record under a label. + and MUST be the only non-supplemental record under a label. + There MAY be inactive records of the same type which have + the SHADOW flag set in order to facilitate smooth key rollovers. + flag set No other records are allowed.
@@ -1404,7 +1407,11 @@ S-Decrypt(zk,label,expiration,ciphertext): REDIRECT A REDIRECT record is the GNS equivalent of a CNAME record in DNS. - A REDIRECT record MUST be the only record under a label. + A REDIRECT record MUST be the only non-supplemental + record under a label. + There MAY be inactive records of the same type which have + the SHADOW flag set in order to facilitate smooth changes of redirection + targets. No other records are allowed. Details on processing of this record is defined in . @@ -1443,7 +1450,10 @@ S-Decrypt(zk,label,expiration,ciphertext): There MAY be multiple GNS2DNS records under a label. There MAY also be DNSSEC DS records or any other records used to secure the connection with the DNS servers under the same label. - No other record types are allowed in the same record set. + There MAY be inactive records of the same type(s) which have + the SHADOW flag set in order to facilitate smooth changes of redirection + targets. + No other non-supplemental record types are allowed in the same record set. A GNS2DNS DATA entry is illustrated in .