DNSSEC deployment on the reverse tree.
[Apologies for duplicates] Dear Colleagues The RIPE NCC has been involved with the development of the DNSSEC protocol. Now that the protocol has become available, we plan to implement DNSSEC on our domains in the reverse DNS tree. The deployment of DNSSEC is the second and last phase of the Reverse DNS restructuring project. You can find more information about this project at: http://www.ripe.net/rs/reverse/dnssec/index.html To implement DNSSEC, we propose extending the policy for Policy for Reverse Address Delegation of IPv4 and IPv6 Address Space in the RIPE NCC Service Region. You can find the proposed policy at: http://www.ripe.net/rs/reverse/dnssec/draft-dnssec-policy.html. We welcome your feedback on this poposal before 1 August 2005. Please send your comments to the DNS Working Group Mailing List. We are also introducing two new procedures: "DNSSEC Key Maintenance Procedure" http://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html and "Procedure for Requesting DNSSEC Delegations" http://www.ripe.net/rs/reverse/dnssec/registry-procedure.html Your feedback on these drafts is also welcome, again please send this to the DNS Working Group Mailing List. As part of the "Procedure for Requesting DNSSEC Delegations" we plan to add a "ds-rdata:" attribute to DOMAIN objects. Regards Olaf M Kolkman New Projects, RIPE NCC.
hi olaf, for us simple-minded folk who do not track dnssec details, could you tell us what trusted key(s) we will have to load to securely verify the signed zones? and is there an idiot's howto? randy
participants (2)
-
Olaf M. Kolkman
-
Randy Bush