Dnssec and ptr records
Eric J Esslinger
eesslinger at fpu-tn.com
Tue Oct 18 17:12:23 UTC 2011
> -----Original Message-----
> From: John Curran [mailto:jcurran at arin.net]
> Sent: Tuesday, October 18, 2011 11:56 AM
> To: Eric J Esslinger
> Cc: nanog at nanog.org Operators' Group
> Subject: Re: Dnssec and ptr records
> (Presuming, of course, that you've got an ARIN assignment
> or allocation. If you're in a provider-assigned block,
> you'll need to chat with your ISP about the DS linkage
> for your PTR zones... /John )
> On Oct 18, 2011, at 12:31 PM, John Curran wrote:
> > On Oct 18, 2011, at 10:21 AM, Eric J Esslinger wrote:
> >> Well it makes sense we should, just that all the examples,
> >> discussion, and such I've read dealt with forward records.
> >> I guess I get to dig some more. Thanks.
> > Eric -
> > Your in-addr zone first needs to be signed and then the DS
> > records are put in the parent in-addr zone to link into the
> > signed IN-ADDR.ARPA hierarchy. In the ARIN region, this can
> > be done via the DNSSEC DS record management in ARIN Online or
> > via the RESTful provisioning interface.
> > ARIN DNSSEC Project overview:
> > ARIN Online/DNSEC Tutorials:
> > https://www.arin.net/knowledge/dnssec/index.html
> > FYI,
> > /John
> > John Curran
> > President and CEO
> > ARIN
Thank you. That gives me information to work with, and I now have a solid understanding of what I need to do for the proper delegation setup. I'll have to talk to my current ISP for the blocks I currently have, though I don't believe they do dnssec at this time. I am expecting to get an Arin allocation shortly (and return their existing allocations to us) as we are going multihomed soon. I may just have to wait till then to get everything fully setup.
This message may contain confidential and/or proprietary information and is intended for the person/entity to whom it was originally addressed. Any use by others is strictly prohibited.
More information about the NANOG