Reverse DNS RFCs and Recommendations
mohta at necom830.hpcl.titech.ac.jp
Fri Nov 1 07:03:56 UTC 2013
Mark Andrews wrote:
> That said it is possible to completely automate the secure assignment
> of PTR records. It is also possible to completely automate the
> secure delegation of the reverse name space. See
It is a lot simpler and a lot more practical just to
use shared secret between a CPE and a ISP's name server
for TSIG generation.
As the secret can be directly shared end to end, it is more
secure than DNSSEC involving untrustworthy third parties.
More information about the NANOG