Hi Michael,
#) if I do host a given number of zone files, and
Unfortunately, this feature has a limitation that the given number of
(forward) zones must be only 1 (for each reverse zone). But we might be
working on relaxing this limitation for future versions of Knot.
#) if all those zones use AAAA records of the same IPv6 reverse zone,
This is not even necessary, the AAAA records from a single (forward)
zone might be in multiple reverse zones, provided that you configure
them all (or all that you want to have generated).
#) I don't even need to create and maintain an ip6.arpa zone file?
You still need to create the reverse zone as usual, including the zone
file with some skeleton (SOA, NS, ....), but the PTR records will be
filled in by Knot.
Does that mean that I do only need to include ...
| - domain: b.0.0.0.a.0.0.0.f.e.e.b.d.a.e.d.ip6.arpa"
| dnssec-signing: on
… in knot.conf and my reverse zone is signed. Correct?
Yes, you still might need to configure some more stuff (zone transfers,
zone file, journal, DNSSEC policy), but basically it's as easy as for
normal zones. And don't forget the key option which is "reverse-generate".
But what about KSK for my reverse zone and DNSKEY "upload to the registrar"?
I do have the feeling I am missing an important part here ;-)
Uploading your KSKs to your registrar is out of scope for us (unless the
registry supports RFC 7344), because every registrar has this different.
But the process is equivalent for normal and reverse zones.
Libor
--
