[Dnssec-ops] Re: [AfriNIC-announce] DNSSEC signatures in reverse DNS zones now enabled

ALAIN AINA aalain at afrinic.net
Thu May 3 18:51:18 SAST 2012


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


On May 3, 2012, at 6:31 PM, Mark Elkins wrote:

> On Thu, 2012-05-03 at 17:40 +0400, ALAIN AINA wrote:
>> On May 2, 2012, at 7:52 PM, Mark Elkins wrote:
>> 
>>> On Wed, 2012-05-02 at 17:34 +0400, Babusha Radhakissoon wrote:
>>>> Phase 2 involves the publication of DNSSEC records in the reverse
>>>> zones delegated to us by IANA. Commencing on Thursday, 03 May 2012,
>>>> AfriNIC will be publishing DNSSEC records on the following zones: 
>>> 
>>> 
>>> 
>>>> IPv6
>>>> 2.4.1.0.0.2.ip6.arpa.
>>> 
>>> I'm probably the only person doing DNSSEC (OK - so maybe there is
>>> another person or two? - would love to know).
>> 
>> Yes, you are the only who submitted DS. We may give you an award :-)
>>> 
>>> Good news on the IPv6!
>>> 
>>> What about the Legacy IPv4 address space - in particular the stuff for
>>> 160.in-addr.arpa and 192.in-addr.arpa. I know they are held with Arin,
>>> but I uploaded my DS's to AfriNIC - which I see have been removed :-(
>>> 
>>> Anyway - I have re-added my DS's for legacy space into my.afrinic.net.
>>> Is this enough?
> 
> You didn't answer the question on the legacy (arin) space.

We will accept DS  from all domain objects in our whois. 


> 
>> Yes, that is the only thing you need to do. We will  start publishing
>> members DS when we submit DS to Parent zone which is expected  for end
>> of next week
>> 
>> Try to validate our zones and report. I attach the trusted keys.
> 
> I take it then that once the AfriNIC DS's are in the respective parent
> zones (in-addr.arpa and ip6.arpa ??) that just having the 'root' trusted
> key would be enough?
> 
> ...though until then I could add the key for 2.4.1.0.0.2.ip6.arpa into
> my authoritative recursive resolvers....
> 
> Can you ping me when its worth checking?
> 


I will send update at each stage. This step is injecting signed zones  for testing and evaluating the DNS system.
 We are paying close attention to feedback, comments or problem from members and the community.



- --Alain


> -- 
>  .  .     ___. .__      Posix Systems - (South) Africa
> /| /|       / /__       mje at posix.co.za  -  Mark J Elkins, Cisco CCIE
> / |/ |ARK \_/ /__ LKINS  Tel: +27 12 807 0590  Cell: +27 82 601 0496
> 

-----BEGIN PGP SIGNATURE-----
Version: GnuPG/MacGPG2 v2.0.12 (Darwin)

iQEcBAEBAgAGBQJPoreKAAoJEBJrxHiqT+EyW2QH/iDYPXCkQQM4JEHPvaSGseMU
isPTbLLwelBMmHUP3D50I0D/4uIpBL210I2+n3ZAeO/E/DukA6HfwlRDD7gkTHuA
uieEOX0z3zJWxXtSgjRTaxARHxKadPl22WlrBNWaQSzDNEhODzhLwlAlKFNoxjAg
vdVsmDgWQx8gSKRy9s8KX6DOnTJLHrs8SaR9/Umwz37FCer1kmI7qBFafnzYa+rP
zqFgRFyZaXBmwLdQPUspGG/HgDwCubomyN475BIBdyc7c+1Of2xlhy2YJr3afkNg
/qhd4y0b9ZCgu26SFi/lhoDuxM7CwOtNVr/TypcOWIf68OQ1Zbd/nxF6bdtvBfU=
=czOA
-----END PGP SIGNATURE-----


More information about the Dnssec-ops mailing list