Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-22 Thread Divya
Cc: bind-users@lists.isc.org Sent: Monday, November 22, 2021 3:49:30 PM Subject: Re: DNSSEC implementation on IPv6 PTR Zones How to create DS for 2409::/28 With Regards Divya Parashar From: m...@posix.co.za To: bind-users@lists.isc.org Cc: "Divya" Sent: Thursday, November

Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-22 Thread Tony Finch
Divya wrote: > How to create DS for 2409::/28 The fun / maddening part of managing reverse DNS is getting to know how your RIR handles it, and the weird differences from common-or-garden forward domain registrations. In your case, 2409::/28 is allocated by APNIC. They have a bit of document

Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-22 Thread Divya
How to create DS for 2409::/28 With Regards Divya Parashar From: m...@posix.co.za To: bind-users@lists.isc.org Cc: "Divya" Sent: Thursday, November 18, 2021 3:44:56 PM Subject: Re: DNSSEC implementation on IPv6 PTR Zones And I can testify that this works. I have 2001

Re: ***UNCHECKED*** Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-19 Thread raf
On Thu, Nov 18, 2021 at 09:47:03AM -0700, Grant Taylor via bind-users wrote: > On 11/18/21 3:14 AM, Mark Elkins wrote: > > With IPv6 - you might want to use NSEC3 - as there can be huge holes in > > the reverse zone. Make the bad guy work at guessing what is in the zone. > > Be mindful of curre

Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-18 Thread Grant Taylor via bind-users
On 11/18/21 3:14 AM, Mark Elkins wrote: With IPv6 - you might want to use NSEC3 - as there can be huge holes in the reverse zone. Make the bad guy work at guessing what is in the zone. Be mindful of current efforts for minimizing NSEC3 rounds / iterations which purportedly have a diminishing R

Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-18 Thread Blažej Krajňák
Hello št 18. 11. 2021 o 10:28 Divya napísal(a): > Dear Admin, > > Has anybody implemented DNSSEC on IPv6 reverse zones? > Kindly help us to configure DNSSEC on reverse zones of IPV6 segment with > BIND 9.17.16+CentOS 7.9. > > With Thanks & Regards > Divya > I can confirm working DNSSEC for I

Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-18 Thread Mark Elkins
And I can testify that this works. I have 2001:42a0::/32 signed via AFRINIC. One suggestion though. When one signs an IPv4 reverse - use NSEC - as everyone can guess what is there anyway. With IPv6 - you might want to use NSEC3 - as there can be huge holes in the reverse zone. Make the bad guy

Re: DNSSEC implementation on IPv6 PTR Zones

2021-11-18 Thread Mark Andrews
You do it exactly the same as any other zone. You create DNSKEYs. You sign the zone. You add DS records to the parent zone. -- Mark Andrews > On 18 Nov 2021, at 20:28, Divya wrote: > >  > Dear Admin, > > Has anybody implemented DNSSEC on IPv6 reverse zones? > Kindly help us to configure

DNSSEC implementation on IPv6 PTR Zones

2021-11-18 Thread Divya
Dear Admin, Has anybody implemented DNSSEC on IPv6 reverse zones? Kindly help us to configure DNSSEC on reverse zones of IPV6 segment with BIND 9.17.16+CentOS 7.9. With Thanks & Regards Divya ___ Please visit https://lists.isc.org/mailman/listi