About RIPE | Contact  | Search | Sitemap    
Homepage RIPE  
RIPE Community Mail Archives
search  
     
Next Sectionyou are here: RIPE -> RIPE Maillists > Archives
RIPE Navigation Ends
About RIPE Maillists
Maillists Archive
Global Lists
Non Active Lists
RIPE NCC Navigation Ends
Next Section
<<< Chronological >>> Author Index    Subject Index <<< Threads >>>

Re: [dns-wg] RIPE NCC DNSSEC on the reverse tree update.

  • To: "Brett Carr" <
    >
  • From: Alexander Gall <
    >
  • Date: Mon, 28 Nov 2005 08:47:21 +0100
Brett,

What's going on with 195.in-addr.arpa?  All DNSSEC records are gone,
e.g. 

; <<>> DiG 9.4.0a2 <<>> @193.0.0.195 195.in-addr.arpa. dnskey
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1037
;; flags: qr aa rd; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 0
;; WARNING: recusion requested but not available

;; QUESTION SECTION:
;195.in-addr.arpa.              IN      DNSKEY

;; AUTHORITY SECTION:
195.in-addr.arpa.       7200    IN      SOA     ns-pri.ripe.net. ops.ripe.net. 2005112722 43200 7200 1209600 7200

;; Query time: 49 msec
;; SERVER: 193.0.0.195#53(193.0.0.195)
;; WHEN: Mon Nov 28 08:41:30 2005
;; MSG SIZE  rcvd: 89

The same happened to {193,194,212}.in-addr.arpa, but the other inverse
zones are fine.

--
Alex

On Thu, 24 Nov 2005 14:13:29 +0100, "Brett Carr" brettcarr@localhost said:

> Dear Colleagues,
> As part of the project to deploy DNSSEC in the RIPE NCC service region, the
> RIPE NCC has further expanded the signing of zones from the reverse tree.

> The following zones are now signed:

> ripe.net
> ripencc.com
> ripencc.net
> ripencc.org
> ripe-ncc.com
> ripe-ncc.net
> ripe-ncc.org
> 89.in-addr.arpa
> 90.in-addr.arpa
> 213.in-addr.arpa
> 213.in-addr.arpa.
> 193.in-addr.arpa.
> 195.in-addr.arpa.
> 212.in-addr.arpa.
> 194.in-addr.arpa.
> 145.in-addr.arpa.

> If you want to configure your resolvers to verify these zones using DNSSEC,
> *key signing keys* for these zones are available at:
> https://www.ripe.net/projects/disi/keys/ripe-ncc-dnssec-keys.txt

> For information about how to use the keys, and for further details about
> DNSSEC deployment at the RIPE NCC, please see:
> http://www.ripe.net/projects/disi/keys/

> The following zones will now accept secure delegations (DS Records) via the
> addition of a "ds-rdata:" record in the whois domain object for the zone:

> 89.in-addr.arpa.
> 90.in-addr.arpa.
> 213.in-addr.arpa.
> 193.in-addr.arpa.
> 195.in-addr.arpa.

> Regards

> Brett Carr
> RIPE NCC
Post To The List:

Replies

Message References

<<< Chronological >>> Author    Subject <<< Threads >>>
 

Next Section
     About RIPE | Site Map | LIR Portal | About the RIPE NCC | Contact | © RIPE Community. All rights reserved.
RIPE.NET Homepage LIR Portal RIPE Community