Re: DNSSEC implementation on IPv6 PTR Zones

Thu, 18 Nov 2021 02:16:48 -0800 

And I can testify that this works. I have 2001:42a0::/32 signed via AFRINIC.
One suggestion though. When one signs an IPv4 reverse - use NSEC - as everyone can guess what is there anyway. With IPv6 - you might want to use NSEC3 - as there can be huge holes in the reverse zone. Make the bad guy work at guessing what is in the zone. Also - if signing a brand new zone - try using Algo 13 (Elliptical curve) as it will generate shorter keys - so less chance of your zone being used in a DNS DDOS amplification attack - it doesn't amplify as much. 


On 11/18/21 12:07 PM, Mark Andrews wrote:
You do it exactly the same as any other zone.  You create DNSKEYs. You sign the zone. You add DS records to the parent zone. 

--
Mark Andrews


On 18 Nov 2021, at 20:28, Divya <divy...@nic.in> wrote:


Dear Admin,

Has anybody implemented  DNSSEC on IPv6 reverse  zones?
Kindly help us to configure DNSSEC on reverse zones of IPV6 segment with BIND 9.17.16+CentOS  7.9. 

With Thanks & Regards
Divya



<https://amritmahotsav.nic.in/>


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. 


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--

Mark James ELKINS  -  Posix Systems - (South) Africa
m...@posix.co.za       Tel: +27.826010496 <tel:+27826010496>
For fast, reliable, low cost Internet in ZA: https://ftth.posix.co.za <https://ftth.posix.co.za> 

Posix SystemsVCARD for MJ Elkins


_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

ISC funds the development of this software with paid support subscriptions. 
Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Reply via email to