[dns-operations] signing reverse zones

Mark Andrews marka at isc.org
Tue Feb 11 00:05:42 UTC 2014

In message <CAMCLrkGpqt+KLGfhh+9yZTJhke+-9UY9_d9VgEjefJbBEfBKaQ at mail.gmail.com>
, Mark Boolootian writes:
> I'm interested in knowing if it is standard practice amongst folks to
> sign .arpa zones.  Is there a compelling use case for signing reverse
> zones?

All zones should be signed.  For structured zones like these NSEC3
is pointless.  With a signed reverse zone can be leveraged to provide
cryptographic secure communication to a ip.

> Thoughts appreciated,
> mark
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the dns-operations mailing list