[dns-operations] Reverse DNSSEC--delegating to a child

Joe Abley jabley at hopcount.ca
Tue Jul 24 14:43:06 UTC 2012

On 2012-07-24, at 08:03, Chris Thompson wrote:

> On Jul 23 2012, Joe Abley wrote:
> [...]
>> When you have signed 207.151.in-addr.arpa and are confident that it
>> validates correctly, you will need to get a DS record published in the
>> parent zone, 151.in-addr.arpa. That zone is operated by the RIPE NCC,
>> and so you will need to talk to them.
> This isn't in the RIPE NCC database, so I suspect it is ERX space and
> you need to "talk" to your own RIR (ARIN?). The RIRs that are up to speed
> on this exchange NS + DS data for delegations of ERX space so that they
> end up in the right high-level reverse zone.

Ah, thanks for that. 151.in-addr.arpa does seem to be served by the RIPE NCC, but also contain big lumps of space which are maintained by ARIN.

> "Talk" ought to mean "use the web interface". It certainly would if
> you were in fact updating the RIPE NCC database.

PGP-signed e-mail to the auto-dbm at ripe.net robot still works just fine, for the grey-haired crowd.


More information about the dns-operations mailing list