It appears that <[email protected]> said: >-=-=-=-=-=- > > >Hi. > >During a meeting today of ROW (https://regiops.net), the I-D on CDS >bootstrapping by using a DNSSEC-signed name at name server >zone (https://datatracker.ietf.org/doc/draft-ietf-dnsop-dnssec-bootstrapping/) >was discussed. >In that discussion, it was mentioned that the current draft only supports >out-of-bailiwick name servers; I replied that the >same principle could be applied to in-bailiwick name server by usage of the >reverse DNS zones for IPv4 and IPv6.
Urrgh. In principle, you can put anything you want in a reverse zone. (Send mail to [email protected]. and it'll work.) In practice, I doubt that enough reverse zones are signed or that the provisoning crudware that people use for reverse zones would work often enough to be worth trying to do this. I did some surveys of zones and found that in-bailiwick NS are quite uncommon, only a few percent of the ones in large gTLDs. R's, John _______________________________________________ DNSOP mailing list [email protected] https://www.ietf.org/mailman/listinfo/dnsop
