[dns-operations] signing reverse zones
Mark Boolootian
booloo at ucsc.edu
Wed Feb 12 22:03:22 UTC 2014
Hi Randy,
>> I'm interested in knowing if it is standard practice amongst folks to
>> sign .arpa zones. Is there a compelling use case for signing reverse
>> zones?
>
> standard practice? you some kinda control freak?
Learned at the feet of the masters (and thank you :-)
> first there is the arguments about whether reverse zones are useful and
> should be populated. i happen to use reverse lookup daily, so i try to
> maintain them well for all the address space for which i am responsible.
We do likewise.
> so, given that i am gonna maintain the zone, why would i not want to
> also sign the data? the amount of work is trivial, and it's just one
> more step in trying to paint security on the horribly insecure internet.
I was anticipating more of a beating for my question, but apparently
there is an overabundance of politeness here :-) All points taken.
mark
More information about the dns-operations
mailing list