Reverse DNS RFCs and Recommendations

Masataka Ohta mohta at
Fri Nov 1 22:50:15 UTC 2013

Mark Andrews wrote:

>> It is a lot simpler and a lot more practical just to
>> use shared secret between a CPE and a ISP's name server
>> for TSIG generation.
> No it isn't.  It requires a human to transfer the secret to the CPE
> device or to register the secret with the ISP.

Not necessarily. When the CPE is configured through DHCP (or
PPP?), the ISP can send the secret.

> I'm talking about just building this into CPE devices and having it
> just work with no human involvement.

See above.

Involving DNSSEC here is overkill and unnecessarily introduce

						Masataka Ohta

More information about the NANOG mailing list