hi mark, > I'm interested in knowing if it is standard practice amongst folks to > sign .arpa zones. Is there a compelling use case for signing reverse > zones?
standard practice? you some kinda control freak? first there is the arguments about whether reverse zones are useful and should be populated. i happen to use reverse lookup daily, so i try to maintain them well for all the address space for which i am responsible. so, given that i am gonna maintain the zone, why would i not want to also sign the data? the amount of work is trivial, and it's just one more step in trying to paint security on the horribly insecure internet. otoh, some ipv6 providers (ahem!) do not seem to sign reverse parents in ip6.arpa, so it can be hard to get one's delegated /56-48 properly DSed. randy _______________________________________________ dns-operations mailing list [email protected] https://lists.dns-oarc.net/mailman/listinfo/dns-operations dns-jobs mailing list https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
