>>>>> "Shane" == Shane Kerr <[EMAIL PROTECTED]> writes:
>> No. While technically they're allowed, they make no sense to
>> actually use. PTR records (for this purpose) are useful only
>> if there's some way to verify them.
Shane> It's also not clear to me how a wildcard PTR is different
Shane> from (or better than) a NS record.
Well as someone already said, signing wildcard RRs can't be done
easily (if at all) with DNSSEC. "Here's a SIG record for the name that
you looked up even though that name doesn't exist and only matches a
wildcard." At least the NS record(s) and the delegation of the zone
they serve can be signed.
