peacekeeper
commented
2 years ago An entire DNS zone can be transfered using AXFR (https://en.wikipedia.org/wiki/DNS_zone_transfer), but this is often not enabled, and sometimes considered bad security practice.
DNS queries have to be made for a specific RR, rather than retrieving "all" RRs in a zone and then filter them.
Therefore steps 3 and 5 in https://danubetech.github.io/did-method-dns/#resolve are a bit imprecise, and it may not be possible to just "retrieve all keys" with a single query.
Also, we have to make sure we have to be compliant with how the URI RR works (and we should reference RFC 7553 - https://datatracker.ietf.org/doc/html/rfc7553).
Compare to how section 3.1 on "Owner Name" is written here: https://datatracker.ietf.org/doc/draft-mayrhofer-did-dns/