[dns-operations] signing reverse zones
Mark Andrews
marka at isc.org
Tue Feb 11 00:05:42 UTC 2014
In message <CAMCLrkGpqt+KLGfhh+9yZTJhke+-9UY9_d9VgEjefJbBEfBKaQ at mail.gmail.com>
, Mark Boolootian writes:
> I'm interested in knowing if it is standard practice amongst folks to
> sign .arpa zones. Is there a compelling use case for signing reverse
> zones?
All zones should be signed. For structured zones like these NSEC3
is pointless. With a signed reverse zone can be leveraged to provide
cryptographic secure communication to a ip.
> Thoughts appreciated,
> mark
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the dns-operations
mailing list