[dns-operations] signing reverse zones

Mark Boolootian booloo at ucsc.edu
Wed Feb 12 22:03:22 UTC 2014

Hi Randy,

>> I'm interested in knowing if it is standard practice amongst folks to
>> sign .arpa zones.  Is there a compelling use case for signing reverse
>> zones?
> standard practice?  you some kinda control freak?

Learned at the feet of the masters (and thank you :-)

> first there is the arguments about whether reverse zones are useful and
> should be populated.  i happen to use reverse lookup daily, so i try to
> maintain them well for all the address space for which i am responsible.

We do likewise.

> so, given that i am gonna maintain the zone, why would i not want to
> also sign the data?  the amount of work is trivial, and it's just one
> more step in trying to paint security on the horribly insecure internet.

I was anticipating more of a beating for my question, but apparently
there is an overabundance of politeness here :-)    All points taken.


More information about the dns-operations mailing list