On Mar 23 2011, Wolfgang Nagele wrote:
ARIN has just announced that they are now supporting DNSSEC-enabled delegations for their reverse space.
For more information, see: https://www.arin.net/announcements/2011/20110321.html
This means that RIPE NCC members with ERX space assignments in the ARIN region can now also make use of DNSSEC.
This is excellent news. Thanks to all at RIPE NCC for their persistence with getting this on the road,
To do so, please submit a domain object which includes the ds-rdata field as you would for any other DNSSEC-enabled delegation.
For more information on how to do this, see: http://www.ripe.net/data-tools/dns/dnssec/procedure-for-requesting-dnssec-de...
I was a bit surprised by this section: | These tests will only be done for "ds-rdata:" attributes using | supported digest types [1 section 5.1.3]. Currently we support | digest type 1(SHA1). | | If the "ds-rdata:" attribute uses an unsupported digest type, you | will see a warning message, however the "ds-rdata:" content will | still be copied into the parent zone. Is there some technical reason that you can't check digest type 2 (SHA-256) records? It wouldn't seem to be exactly bleeding edge technology! -- Chris Thompson University of Cambridge Computing Service, Email: cet1@ucs.cam.ac.uk New Museums Site, Cambridge CB2 3QH, Phone: +44 1223 334715 United Kingdom.