Chris Thompson wrote:
I hope this is the appropriate place to raise this.
I think so :-)
There are legacy network allocations whose reverse zone is managed via RIPE, but actually delegated from higher level reverse zones run by ARIN. To take a specific example, 131.111/16 is allocated to the University of Cambridge, we manage the delegation info for 111.131.in-addr.arpa via RIPE, but 131.in-addr.arpa belongs to ARIN.
Now 111.131.in-addr.arpa is signed (since September 2009), and currently registered at dlv.isc.org. Along with the other high-level ARIN reverse zones, 131.in-addr.arpa is also signed, and
Looking at this from a slightly different angle (with ERX in mind) ... Excerpt from the above webpage: "Today, delegations under in-addr.arpa are served by servers operated by ARIN and its contractors,..." Seems to indicate that ARIN has the complete and exclusive control over the full (IPv4-) Reverse Tree? If so, what's the situation for IP6.ARPA?
indicates that they may be accepting signed delegations Fairly Soon Now (depending on what you think "the first part of 2010" means).
Is it understood yet how (or even if) this will work for legacy network allocations? Ideally, this would just be a matter of supplying RIPE with the "ds-rdata" attributes as described in
https://www.ripe.net/rs/reverse/dnssec/registry-procedure.html
and they would get transferred seamlessly into the ARIN zones (and signed there).
Wilfried