Wolfgang, On Fri, 2011-05-06 at 14:22 +0200, Wolfgang Nagele wrote:
APNIC has just enabled support for DNSSEC-enabled delegations for their reverse space.
This means that RIPE NCC members with ERX space assignments in the APNIC region can now also make use of DNSSEC.
To do so, please submit a domain object which includes the ds-rdata field as you would for any other DNSSEC-enabled delegation.
Very cool. I'm thinking of the case where someone has old space, across several RIRs, and some ERX space can have reverse DNS secured with DNSSEC and some cannot. Does the update check that a given DOMAIN object is actually secure before accepting a "ds-rdata:" field? Or is there any warning or other indication on the reply from the RIPE database? I don't know what the timelines are for the remaining RIRs to implement DNSSEC for the reverse tree, so maybe this is not important. :) Thanks, -- Shane