On Mar 6, 2012, at 9:32 AM, Dick Visser wrote: >>> Any ideas/policies/bestpratice/rumours about signing reverse DNS zones? >> >> I sign all my reverse zones just as my forward zones - are there any >> differences? > > No, but I since I don't see too much information about it I thought > I'd ask around. > I guess I'm looking for a Best Practices document ;-)
You might want to have a quick look at: http://www.ripe.net/data-tools/dns/dnssec/procedure-for-requesting-dnssec-delegations But that is more a hook for provisioning than best practices. For operational practices there is not much difference between forward and reverse (as said), except perhaps issues of key-maintenance and administrative exposure, all those tradeoffs are described in http://tools.ietf.org/html/draft-ietf-dnsop-rfc4641bis --Olaf ________________________________________________________ Olaf M. Kolkman NLnet Labs http://www.nlnetlabs.nl/
signature.asc
Description: Message signed with OpenPGP using GPGMail
_______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
