[145734] in North American Network Operators' Group
RE: Dnssec and ptr records
daemon@ATHENA.MIT.EDU (Eric J Esslinger)
Tue Oct 18 13:12:34 2011
From: Eric J Esslinger <eesslinger@fpu-tn.com>
To: "'nanog@nanog.org'" <nanog@nanog.org>
Date: Tue, 18 Oct 2011 12:12:23 -0500
In-Reply-To: <95D3A3D2-7A0F-4DF5-90BF-68A7C0158D41@arin.net>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
> -----Original Message-----
> From: John Curran [mailto:jcurran@arin.net]
> Sent: Tuesday, October 18, 2011 11:56 AM
> To: Eric J Esslinger
> Cc: nanog@nanog.org Operators' Group
> Subject: Re: Dnssec and ptr records
>
>
> (Presuming, of course, that you've got an ARIN assignment
> or allocation. If you're in a provider-assigned block,
> you'll need to chat with your ISP about the DS linkage
> for your PTR zones... /John )
>
> On Oct 18, 2011, at 12:31 PM, John Curran wrote:
> > On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote:
> >
> >> Well it makes sense we should, just that all the examples,
> >> discussion, and such I've read dealt with forward records.
> >>
> >> I guess I get to dig some more. Thanks.
> >
> > Eric -
> >
> > Your in-addr zone first needs to be signed and then the DS
> > records are put in the parent in-addr zone to link into the
> > signed IN-ADDR.ARPA hierarchy. In the ARIN region, this can
> > be done via the DNSSEC DS record management in ARIN Online or
> > via the RESTful provisioning interface.
> >
> > ARIN DNSSEC Project overview:
> https://www.arin.net/resources/dnssec/
> > ARIN Online/DNSEC Tutorials:
> > https://www.arin.net/knowledge/dnssec/index.html
> >
> > FYI,
> > /John
> >
> > John Curran
> > President and CEO
> > ARIN
> >
Thank you. That gives me information to work with, and I now have a solid u=
nderstanding of what I need to do for the proper delegation setup. I'll hav=
e to talk to my current ISP for the blocks I currently have, though I don't=
believe they do dnssec at this time. I am expecting to get an Arin allocat=
ion shortly (and return their existing allocations to us) as we are going m=
ultihomed soon. I may just have to wait till then to get everything fully s=
etup.
This message may contain confidential and/or proprietary information and is=
intended for the person/entity to whom it was originally addressed. Any us=
e by others is strictly prohibited.
