[115707] in North American Network Operators' Group
Re: ARIN and DNSSEC
daemon@ATHENA.MIT.EDU (Dan White)
Mon Jul 6 10:36:14 2009
Date: Mon, 06 Jul 2009 09:35:56 -0500
From: Dan White <dwhite@olp.net>
To: Mark Kosters <markk@arin.net>
In-Reply-To: <20090702150644.GB12635@arin.net>
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Hi Mark,
Are there any high level operational details you could share?
Specifically, are you using any commercial/OSS software to handle the
(automated?) periodic key roll overs?
Are you using bind? Do you have any experience or suggestions on what
version to start with?
Given that phase 3 is still a work in progress - do you anticipate
giving ARIN members an automated/scripted way to submit their delegation
records?
Thanks!
- Dan
Mark Kosters wrote:
> Hi
>
> ARIN is now signing the /8 zones that it is authoritative for (eg
> 192.in-addr.arpa, etc).
>
> This the phase two of a three-phase process. Given that in-addr.arpa is
> not yet signed, we have published a list of trust anchors that you can
> download to configure on your local recursive resolvers.
>
> Additional details are at http://www.arin.net/about_us/dnssec/
>
> Regards,
> Mark Kosters
> ARIN CTO
>
>
