IETF RFC 7477 PDF

Introduction

This document specifies how a child zone in the DNS ([RFC1034] [RFC1035]) can publish a record to indicate to a parental agent (see Section 1.1 for a definition of "parental agent") that it can copy and process certain records from the child zone. The existence of the record and any change in its value can be monitored by a parental agent and acted on depending on local policy.

Currently, some resource records (RRs) in a parent zone are typically expected to be in sync with the source data in the child's zone. The most common records that should match are the nameserver (NS) records and any necessary associated address records (A and AAAA), also known as "glue records". These records are referred to as "delegation records".

It has been challenging for operators of child DNS zones to update their delegation records within the parent's set in a timely fashion. These difficulties may stem from operator laziness as well as from the complexities of maintaining a large number of DNS zones. Having an automated mechanism for signaling updates will greatly ease the child zone operator's maintenance burden and improve the robustness This document introduces a new Resource Record Type (RRType) named "CSYNC" that indicates which delegation records published by a child DNS operator should be processed by a parental agent and used to update the parent zone's DNS data.

This specification was not designed to synchronize DNSSEC security records, such as DS RRsets. For a solution to this problem, see the complementary solution [RFC7344], which is designed to maintain security delegation information. In addition, this specification does not address how to perform bootstrapping operations, including to get the required initial DNSSEC‐secured operating environment in place.