[145732] in North American Network Operators' Group
Re: Dnssec and ptr records
daemon@ATHENA.MIT.EDU (John Curran)
Tue Oct 18 12:32:17 2011
From: John Curran <jcurran@arin.net>
To: Eric J Esslinger <eesslinger@fpu-tn.com>
Date: Tue, 18 Oct 2011 16:31:57 +0000
In-Reply-To: <D2D37F15EBBD524693E9F3CB32D0208042C8FE5D73@exchange.corp.fpu-tn.com>
Cc: "nanog@nanog.org" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote:
> Well it makes sense we should, just that all the examples, discussion, an=
d such I've read dealt with forward records.
>=20
> I guess I get to dig some more. Thanks.
Eric -=20
Your in-addr zone first needs to be signed and then the DS=20
records are put in the parent in-addr zone to link into the=20
signed IN-ADDR.ARPA hierarchy. In the ARIN region, this can=20
be done via the DNSSEC DS record management in ARIN Online or
via the RESTful provisioning interface.
ARIN DNSSEC Project overview: https://www.arin.net/resources/dnssec/
ARIN Online/DNSEC Tutorials: https://www.arin.net/knowledge/dnssec/index.ht=
ml
FYI,
/John
John Curran
President and CEO
ARIN
