nanog mailing list archives

Re: Dnssec and ptr records

From: John Curran <jcurran () arin net>
Date: Tue, 18 Oct 2011 16:56:07 +0000

(Presuming, of course, that you've got an ARIN assignment
or allocation.  If you're in a provider-assigned block, 
you'll need to chat with your ISP about the DS linkage
for your PTR zones...  /John )

On Oct 18, 2011, at 12:31 PM, John Curran wrote:

On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote:

Well it makes sense we should, just that all the examples, discussion, and such I've read dealt with forward records.

I guess I get to dig some more. Thanks.


Eric - 

Your in-addr zone first needs to be signed and then the DS 
records are put in the parent in-addr zone to link into the 
signed IN-ADDR.ARPA hierarchy.   In the ARIN region, this can 
be done via the DNSSEC DS record management in ARIN Online or
via the RESTful provisioning interface.

ARIN DNSSEC Project overview:  https://www.arin.net/resources/dnssec/
ARIN Online/DNSEC Tutorials: https://www.arin.net/knowledge/dnssec/index.html

FYI,
/John

John Curran
President and CEO
ARIN

Current thread:

Dnssec and ptr records Eric J Esslinger (Oct 18)
- Re: Dnssec and ptr records Randy Bush (Oct 18)
- Re: Dnssec and ptr records Phil Regnauld (Oct 18)
  - RE: Dnssec and ptr records Eric J Esslinger (Oct 18)
    - Re: Dnssec and ptr records John Curran (Oct 18)
    - Re: Dnssec and ptr records John Curran (Oct 18)
    - RE: Dnssec and ptr records Eric J Esslinger (Oct 18)
- Re: Dnssec and ptr records bmanning (Oct 18)
- Re: Dnssec and ptr records Edward Lewis (Oct 18)