DNSSEC implementation on IPv6 PTR Zones
Grant Taylor
gtaylor at tnetconsulting.net
Thu Nov 18 16:47:03 UTC 2021
On 11/18/21 3:14 AM, Mark Elkins wrote:
> With IPv6 - you might want to use NSEC3 - as there can be huge holes in
> the reverse zone. Make the bad guy work at guessing what is in the zone.
Be mindful of current efforts for minimizing NSEC3 rounds / iterations
which purportedly have a diminishing RoI for higher counts.
--
Grant. . . .
unix || die
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4017 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.isc.org/pipermail/bind-users/attachments/20211118/d2007787/attachment.bin>
More information about the bind-users
mailing list