Fwd: [Dnssec-ops] Re: [AfriNIC-announce] DNSSEC signatures in reverse
DNS zones now enabled
ALAIN AINA
aalain at afrinic.net
Tue May 8 11:52:00 SAST 2012
Begin forwarded message:
> From: ALAIN AINA <aalain at afrinic.net>
> Date: May 8, 2012 1:50:50 PM GMT+04:00
> To: mje at posix.co.za
> Subject: Re: [Dnssec-ops] Re: [AfriNIC-announce] DNSSEC signatures in reverse DNS zones now enabled
>
>
> On May 7, 2012, at 1:45 PM, Mark Elkins wrote:
>
>> I was expecting to be able to see DS records in the zones AfriNIC
>> generates by now.
>>
>> # dig 2.4.1.0.0.2.IP6.ARPA ns +short
>> sec1.authdns.ripe.net.
>> sec1.apnic.net.
>> tinnie.arin.net.
>> ns2.afrinic.net.
>> ns1.afrinic.net.
>> ns2.lacnic.net.
>>
>> ...but ns1.afrinic.net. seems to have no DS's for my
>> 0.a.2.4.1.0.0.2.ip6.arpa. zone yet. :-(
>> I do see 2.4.1.0.0.2.IP6.ARPA has DNSKEY records though.
>
>
> Mark,
>
> As said in the announce, this is the Phase 2. Phase 3 includes sending DS to IP6.arpa and in-addr.arpa and start publishing DS from members.
>
> http://www.afrinic.net/dnssec/deployment.htm
>
> We expect to start Phase 3 by the end of the week, after we conclude phase 2
>
> --Alain
>
>
>
>
>
>
>
>>
>>
>> On Thu, 2012-05-03 at 20:51 +0400, ALAIN AINA wrote:
>>> On May 3, 2012, at 6:31 PM, Mark Elkins wrote:
>>>
>>>> On Thu, 2012-05-03 at 17:40 +0400, ALAIN AINA wrote:
>>>>> On May 2, 2012, at 7:52 PM, Mark Elkins wrote:
>>>>>
>>>>>> On Wed, 2012-05-02 at 17:34 +0400, Babusha Radhakissoon wrote:
>>>>>>> Phase 2 involves the publication of DNSSEC records in the reverse
>>>>>>> zones delegated to us by IANA. Commencing on Thursday, 03 May 2012,
>>>>>>> AfriNIC will be publishing DNSSEC records on the following zones:
>>>>>>
>>>>>>
>>>>>>
>>>>>>> IPv6
>>>>>>> 2.4.1.0.0.2.ip6.arpa.
>>>>>>
>>>>>> I'm probably the only person doing DNSSEC (OK - so maybe there is
>>>>>> another person or two? - would love to know).
>>>>>
>>>>> Yes, you are the only who submitted DS. We may give you an award :-)
>>>>>>
>>>>>> Good news on the IPv6!
>>>>>>
>>>>>> What about the Legacy IPv4 address space - in particular the stuff for
>>>>>> 160.in-addr.arpa and 192.in-addr.arpa. I know they are held with Arin,
>>>>>> but I uploaded my DS's to AfriNIC - which I see have been removed :-(
>>>>>>
>>>>>> Anyway - I have re-added my DS's for legacy space into my.afrinic.net.
>>>>>> Is this enough?
>>>>
>>>> You didn't answer the question on the legacy (arin) space.
>>>
>>> We will accept DS from all domain objects in our whois.
>>>
>>>
>>>>
>>>>> Yes, that is the only thing you need to do. We will start publishing
>>>>> members DS when we submit DS to Parent zone which is expected for end
>>>>> of next week
>>>>>
>>>>> Try to validate our zones and report. I attach the trusted keys.
>>>>
>>>> I take it then that once the AfriNIC DS's are in the respective parent
>>>> zones (in-addr.arpa and ip6.arpa ??) that just having the 'root' trusted
>>>> key would be enough?
>>>>
>>>> ...though until then I could add the key for 2.4.1.0.0.2.ip6.arpa into
>>>> my authoritative recursive resolvers....
>>>>
>>>> Can you ping me when its worth checking?
>>>>
>>>
>>>
>>> I will send update at each stage. This step is injecting signed zones for testing and evaluating the DNS system.
>>> We are paying close attention to feedback, comments or problem from members and the community.
>>>
>>>
>>>
>>> --Alain
>>>
>>>
>>>> --
>>>> . . ___. .__ Posix Systems - (South) Africa
>>>> /| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
>>>> / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
>>>>
>>>
>>
>> --
>> . . ___. .__ Posix Systems - (South) Africa
>> /| /| / /__ mje at posix.co.za - Mark J Elkins, Cisco CCIE
>> / |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: https://lists.afrinic.net/pipermail/dnssec-ops/attachments/20120508/978f9779/attachment.htm
More information about the Dnssec-ops
mailing list