[dns-operations] signing reverse zones
Peter Koch
pk at DENIC.DE
Tue Feb 11 10:30:55 UTC 2014
On Mon, Feb 10, 2014 at 03:47:57PM -0800, Mark Boolootian wrote:
> I'm interested in knowing if it is standard practice amongst folks to
> sign .arpa zones.
probably no more or less than for the forward tree. I find ~ 2000 IN-ADDR.ARPA
and IP6.ARPA zones with key material registered in the RIPE database.
> Is there a compelling use case for signing reverse zones?
Assuming you do accept the case for the forward tree, are PTR RRs
worth less than other RR types? Also, there are a number of proposals
to populate the reverse tree with other information.
-Peter
More information about the dns-operations
mailing list