[Opendnssec-user] Reverse zones?

Olaf Kolkman olaf at NLnetLabs.nl
Tue Mar 6 11:34:25 UTC 2012


On Mar 6, 2012, at 9:32 AM, Dick Visser wrote:

>>> Any ideas/policies/bestpratice/rumours about signing reverse DNS zones?
>> 
>> I sign all my reverse zones just as my forward zones - are there any differences?
> 
> No, but I since I don't see too much information about it I thought
> I'd ask around.
> I guess I'm looking for a Best Practices document ;-)


You might want to have a quick look at: http://www.ripe.net/data-tools/dns/dnssec/procedure-for-requesting-dnssec-delegations

But that is more a hook for provisioning than best practices. For operational practices there is not much difference between forward and reverse (as said), except perhaps issues of key-maintenance and administrative exposure, all those tradeoffs are described in http://tools.ietf.org/html/draft-ietf-dnsop-rfc4641bis

--Olaf


________________________________________________________ 

Olaf M. Kolkman                        NLnet Labs
http://www.nlnetlabs.nl/











     

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 841 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.opendnssec.org/pipermail/opendnssec-user/attachments/20120306/75c1a22f/attachment.bin>


More information about the Opendnssec-user mailing list