[145733] in North American Network Operators' Group
Re: Dnssec and ptr records
daemon@ATHENA.MIT.EDU (John Curran)
Tue Oct 18 12:57:16 2011
From: John Curran <jcurran@arin.net>
To: Eric J Esslinger <eesslinger@fpu-tn.com>
Date: Tue, 18 Oct 2011 16:56:07 +0000
In-Reply-To: <40D00D35-DFEB-4E8B-A5F4-D98E00684E65@arin.net>
Cc: "nanog@nanog.org Operators' Group" <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
(Presuming, of course, that you've got an ARIN assignment
or allocation. If you're in a provider-assigned block,=20
you'll need to chat with your ISP about the DS linkage
for your PTR zones... /John )
On Oct 18, 2011, at 12:31 PM, John Curran wrote:
> On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote:
>=20
>> Well it makes sense we should, just that all the examples, discussion, a=
nd such I've read dealt with forward records.
>>=20
>> I guess I get to dig some more. Thanks.
>=20
> Eric -=20
>=20
> Your in-addr zone first needs to be signed and then the DS=20
> records are put in the parent in-addr zone to link into the=20
> signed IN-ADDR.ARPA hierarchy. In the ARIN region, this can=20
> be done via the DNSSEC DS record management in ARIN Online or
> via the RESTful provisioning interface.
>=20
> ARIN DNSSEC Project overview: https://www.arin.net/resources/dnssec/
> ARIN Online/DNSEC Tutorials: https://www.arin.net/knowledge/dnssec/index.=
html
>=20
> FYI,
> /John
>=20
> John Curran
> President and CEO
> ARIN
>=20
>=20
