Search RPD Archives
Limit search to: Subject & Body Subject Author
Sort by:

[AfriNIC-rpd] AFRINIC ACCEPTING DS IN SIGNED RDNS ZONES

McTim dogwallah at gmail.com
Fri May 18 12:55:39 UTC 2012 

Hi,

On Thu, May 17, 2012 at 1:21 PM, ALAIN AINA <aalain at afrinic.net> wrote:
> McTim,
>
> On May 17, 2012, at 7:16 PM, McTim wrote:
>
>> hi Alain,
>>
>> some questions below:
>>
>> On Thu, May 17, 2012 at 9:09 AM, ALAIN AINA <aalain at afrinic.net> wrote:
>>> Dear colleagues,
>>>
>>> We are pleased to inform you that  we have completed phase 2 ( https://lists.afrinic.net/pipermail/rpd/2012/002109.html) and implemented phase 3  of our DNSSEC deployment plan.
>>>
>>> Phase 3 involves getting DS records of AFRINIC RDNS zones  into the "ip6.arpa" and "in-addr.arpa" zones and  processing  DS records into  these zones.
>>
>> How does one do this?  Is MyAfriNIC the ONLY path to give you a DS
>> record? Just curious.
>
> Members are given  two options to submit  their DS to AFRINIC:
>
> 1- Through MyAFRINIC
>
> 2- through the E-mail  update (auto-dbm)
>
> This is just about updating domain objects.
>
>>
>>
>>>
>>> Effective  Monday 14th May  2012,  AFRINIC RDNS provisioning systems  will accept and sign DS records in domain objects from the whois database.
>>>
>>> This includes  prefixes for zones delegated to us by IANA  as well as ERX  prefixes for zones delegated to
>>
>> do you mean "from" other RIRs, not "to"?
>
>
> I meant "to"
>
> We managed nine(9) RDNS zones and submit ERX resources DNS "TO" RDNS zones  delegated to other RIRs.


I see, I had mis-read it the first time


>>
>>
>> other RIRs except the following:
>>>
>>> 163.in-addr.arpa
>>> 200.in-addr.arpa
>>> 202.in-addr.arpa
>>
>> Why these 3?
>
>
> 200.in-addr.arpa is not yet sign by LACNIC.
>
> 163.in-addr.arpa and 202.addr.arpa are dnssec enabled by APNIC, but they are not yet accepting DS for subdomains under other RIRs control (ERX transfer)
>
>
> =====
> ;; ANSWER SECTION:
> 163.in-addr.arpa.       82828   IN      DS      51517 5 2 76C591AA0C5B9A018263917E7A6439355A662720F8FB91503F9A43EA 13A20BD5
> 163.in-addr.arpa.       82828   IN      DS      51517 5 1 636B1AC81E8366474F97A5CABA7192A09F14E31E
> 163.in-addr.arpa.       82828   IN      RRSIG   DS 8 3 86400 20120524211703 20120517132523 46609 in-addr.arpa. YBGzv1EdpnEzPXye+gtUO830cETu9hpMUiqEwxl1YmpnuvsTnRCrRsP4 xps/DioRannCp7iE9ZS2RFVQM8zgaVB1a5OuTaoOHceNreX9Vs9/mDTA dMWhlVVDDNYXg1dT+EYIJEKf/lNPQZtuv56SC/ZphZHUaUZBWEeSIDEZ 6UI=
>
>
> ;; ANSWER SECTION:
> 202.in-addr.arpa.       65198   IN      DS      4751 5 2 CF5068EBCC732A95977A421735D0CE0EDB66C39547B8BB756E212A62 AF18B277
> 202.in-addr.arpa.       65198   IN      DS      4751 5 1 4E62F00A228E9ECB3DD39DCEAE0FDABDE42A4564
> 202.in-addr.arpa.       65198   IN      RRSIG   DS 8 3 86400 20120524115652 20120517072525 46609 in-addr.arpa. puDZdIzhu95XStREKJZwjPCLVKenElfGYjo7doPNxq8Rj27L8a0KoRd9 iPdMkYvLXLMcpbkiQyfnNPAvRS4u26OLF3ephhQXZBwaUGyKIcHoEP8W A0NT7C5zz5IClDAWONIlXsQ5go7u9XaGDfAQ36UesgdWE3cuZbXdUh0o lj0=
>
>
>
> Hope this helps


yes, it is clear now, thanks!


-- 
Cheers,

McTim
"A name indicates what we seek. An address indicates where it is. A
route indicates how we get there."  Jon Postel

More information about the RPD mailing list