If the zone is configured with an A or AAAA RRset at the same DNS
node as ANAME, then the ANAME is considered to have been pre-expanded
for zone transfer purposes. When a zone is being transferred to a
secondary server, if any address record already exists at the same
node as an ANAME RR, then the ANAME RR MUST NOT be further expanded
by the authoritative server.
(I have a more fundamental concern about the coexistence as stated
above, but ignoring it in this context) I'm afraid this text talks
about something not explained before this point or not even
explained clearly anywhere in the draft. I guess the "pre-expand"
means the following behavior described in section 3.3, but not
necessarily with RRSIGs:
Implementers MAY allow address records associated with the ANAME to
be populated and signed by the primary server, then sent along with
their RRSIGs to secondaries via zone transfer.
If my understanding is correct, the concept of population/pre-expand
behavior for zone transfer should be explicitly introduced before
the discussion in Section 3.2.
Via Jinmei: