On Aug 15 2014, Mark Andrews wrote:
[...]
The last delegation in the current chain is a secure delegation from
IN-ADDR.ARPA to 100.IN-ADDR.ARPA so there is a problem currently.
No one can safely setup their own reverse zones validation is now
starting to be done in stub resolvers and to do so would result in
validation failures.
Are you reacting to some other suggestion that one or both of ARIN and
IANA are keen to insert a secure delegation for each of those 64 zones?
I'm saying that there needs to be a delegation and that the delegation
needs to be insecure. There currently isn't a delegation at this level.
This thread reminds me that the same problem arises if one wants to
locally define reverse zones for the IPv4 multicast addresses described
in sections 6.1 and 6.2 of RFC 2365, i.e. parts of 239.192.0.0/10.
239.in-addr.arpa is signed with a chain of trust from the root, but
it doesn't contain any sort of delegation for these address ranges.
What would be the right way to officially request IANA to do for
239.192.0.0/10 what Mark Andrews is proposing for 100.64.0,0/10?
At least in this case ARIN is not involved: 239.in-addr.arpa is
all IANA's own work!
--
Chris Thompson University of Cambridge Information Services,
Email: [email protected] Roger Needham Building, 7 JJ Thomson Avenue,
Phone: +44 1223 334715 Cambridge CB3 0RB, United Kingdom.
_______________________________________________
DNSOP mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dnsop
