<html><head></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><br><div><br><div>Begin forwarded message:</div><br class="Apple-interchange-newline"><blockquote type="cite"><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1);"><b>From: </b></span><span style="font-family:'Helvetica'; font-size:medium;">ALAIN AINA <<a href="mailto:aalain@afrinic.net">aalain@afrinic.net</a>><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1);"><b>Date: </b></span><span style="font-family:'Helvetica'; font-size:medium;">May 8, 2012 1:50:50 PM GMT+04:00<br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1);"><b>To: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><a href="mailto:mje@posix.co.za">mje@posix.co.za</a><br></span></div><div style="margin-top: 0px; margin-right: 0px; margin-bottom: 0px; margin-left: 0px;"><span style="font-family:'Helvetica'; font-size:medium; color:rgba(0, 0, 0, 1);"><b>Subject: </b></span><span style="font-family:'Helvetica'; font-size:medium;"><b>Re: [Dnssec-ops] Re: [AfriNIC-announce] DNSSEC signatures in reverse DNS zones now enabled</b><br></span></div><br><div><br>On May 7, 2012, at 1:45 PM, Mark Elkins wrote:<br><br><blockquote type="cite">I was expecting to be able to see DS records in the zones AfriNIC<br></blockquote><blockquote type="cite">generates by now.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite"># dig 2.4.1.0.0.2.IP6.ARPA ns +short<br></blockquote><blockquote type="cite"><a href="http://sec1.authdns.ripe.net">sec1.authdns.ripe.net</a>.<br></blockquote><blockquote type="cite"><a href="http://sec1.apnic.net">sec1.apnic.net</a>.<br></blockquote><blockquote type="cite"><a href="http://tinnie.arin.net">tinnie.arin.net</a>.<br></blockquote><blockquote type="cite"><a href="http://ns2.afrinic.net">ns2.afrinic.net</a>.<br></blockquote><blockquote type="cite"><a href="http://ns1.afrinic.net">ns1.afrinic.net</a>.<br></blockquote><blockquote type="cite"><a href="http://ns2.lacnic.net">ns2.lacnic.net</a>.<br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">...but <a href="http://ns1.afrinic.net">ns1.afrinic.net</a>. seems to have no DS's for my<br></blockquote><blockquote type="cite">0.a.2.4.1.0.0.2.ip6.arpa. zone yet. :-(<br></blockquote><blockquote type="cite">I do see 2.4.1.0.0.2.IP6.ARPA has DNSKEY records though.<br></blockquote><br><br>Mark,<br><br>As said in the announce, this is the Phase 2. Phase 3 includes sending DS to IP6.arpa and in-addr.arpa and start publishing DS from members.<br><br><a href="http://www.afrinic.net/dnssec/deployment.htm">http://www.afrinic.net/dnssec/deployment.htm</a><br><br>We expect to start Phase 3 by the end of the week, after we conclude phase 2<br><br>--Alain<br><br><br><br><br><br><br><br><blockquote type="cite"><br></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">On Thu, 2012-05-03 at 20:51 +0400, ALAIN AINA wrote:<br></blockquote><blockquote type="cite"><blockquote type="cite">On May 3, 2012, at 6:31 PM, Mark Elkins wrote:<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">On Thu, 2012-05-03 at 17:40 +0400, ALAIN AINA wrote:<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">On May 2, 2012, at 7:52 PM, Mark Elkins wrote:<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">On Wed, 2012-05-02 at 17:34 +0400, Babusha Radhakissoon wrote:<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Phase 2 involves the publication of DNSSEC records in the reverse<br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">zones delegated to us by IANA. Commencing on Thursday, 03 May 2012,<br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">AfriNIC will be publishing DNSSEC records on the following zones: <br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">IPv6<br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">2.4.1.0.0.2.ip6.arpa.<br></blockquote></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I'm probably the only person doing DNSSEC (OK - so maybe there is<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">another person or two? - would love to know).<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Yes, you are the only who submitted DS. We may give you an award :-)<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Good news on the IPv6!<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">What about the Legacy IPv4 address space - in particular the stuff for<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">160.in-addr.arpa and 192.in-addr.arpa. I know they are held with Arin,<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">but I uploaded my DS's to AfriNIC - which I see have been removed :-(<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Anyway - I have re-added my DS's for legacy space into <a href="http://my.afrinic.net">my.afrinic.net</a>.<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Is this enough?<br></blockquote></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">You didn't answer the question on the legacy (arin) space.<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">We will accept DS from all domain objects in our whois. <br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Yes, that is the only thing you need to do. We will start publishing<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">members DS when we submit DS to Parent zone which is expected for end<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">of next week<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Try to validate our zones and report. I attach the trusted keys.<br></blockquote></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">I take it then that once the AfriNIC DS's are in the respective parent<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">zones (in-addr.arpa and ip6.arpa ??) that just having the 'root' trusted<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">key would be enough?<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">...though until then I could add the key for 2.4.1.0.0.2.ip6.arpa into<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">my authoritative recursive resolvers....<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">Can you ping me when its worth checking?<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">I will send update at each stage. This step is injecting signed zones for testing and evaluating the DNS system.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">We are paying close attention to feedback, comments or problem from members and the community.<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite">--Alain<br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">-- <br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">. . ___. .__ Posix Systems - (South) Africa<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">/| /| / /__ <a href="mailto:mje@posix.co.za">mje@posix.co.za</a> - Mark J Elkins, Cisco CCIE<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite">/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496<br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote></blockquote><blockquote type="cite"><blockquote type="cite"><br></blockquote></blockquote><blockquote type="cite"><br></blockquote><blockquote type="cite">-- <br></blockquote><blockquote type="cite"> . . ___. .__ Posix Systems - (South) Africa<br></blockquote><blockquote type="cite">/| /| / /__ <a href="mailto:mje@posix.co.za">mje@posix.co.za</a> - Mark J Elkins, Cisco CCIE<br></blockquote><blockquote type="cite">/ |/ |ARK \_/ /__ LKINS Tel: +27 12 807 0590 Cell: +27 82 601 0496<br></blockquote><br></div></blockquote></div><br></body></html>