Reverse DNS RFCs and Recommendations
Masataka Ohta
mohta at necom830.hpcl.titech.ac.jp
Fri Nov 1 07:03:56 UTC 2013
Mark Andrews wrote:
> That said it is possible to completely automate the secure assignment
> of PTR records. It is also possible to completely automate the
> secure delegation of the reverse name space. See
> http://tools.ietf.org/html/draft-andrews-dnsop-pd-reverse-00
It is a lot simpler and a lot more practical just to
use shared secret between a CPE and a ISP's name server
for TSIG generation.
As the secret can be directly shared end to end, it is more
secure than DNSSEC involving untrustworthy third parties.
Masataka Ohta
More information about the NANOG
mailing list