<html>

  <head>

    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8">

  </head>

  <body>

    <p>And I can testify that this works. I have 2001:42a0::/32 signed

      via AFRINIC.</p>

    <p>One suggestion though. When one signs an IPv4 reverse - use NSEC

      - as everyone can guess what is there anyway.<br>

      With IPv6 - you might want to use NSEC3 - as there can be huge

      holes in the reverse zone. Make the bad guy work at guessing what

      is in the zone.<br>

      Also - if signing a brand new zone - try using Algo 13 (Elliptical

      curve) as it will generate shorter keys - so less chance of your

      zone being used in a DNS DDOS amplification attack - it doesn't

      amplify as much.</p>

    <p><br>

    </p>

    <div class="moz-cite-prefix">On 11/18/21 12:07 PM, Mark Andrews

      wrote:<br>

    </div>

    <blockquote type="cite"

      cite="mid:B4555DE4-7062-4DBA-A82F-01427340CC72@isc.org">

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      You do it exactly the same as any other zone.  You create DNSKEYs.

      You sign the zone. You add DS records to the parent zone. <br>

      <br>

      <div dir="ltr">-- 

        <div>Mark Andrews</div>

      </div>

      <div dir="ltr"><br>

        <blockquote type="cite">On 18 Nov 2021, at 20:28, Divya

          <a class="moz-txt-link-rfc2396E" href="mailto:divya.p@nic.in"><divya.p@nic.in></a> wrote:<br>

          <br>

        </blockquote>

      </div>

      <blockquote type="cite">

        <div dir="ltr">

          <div id="zimbraEditorContainer" style="font-family:

            georgia,serif; font-size: style=" font-size:="" 13pt;=""

            color:="" #000099"="" class="2">

            <div data-marker="__QUOTED_TEXT__">Dear Admin,<br>

              <br>

              Has anybody implemented  DNSSEC on IPv6 reverse  zones?</div>

            <div data-marker="__QUOTED_TEXT__"> Kindly help us to

              configure DNSSEC on reverse zones of IPV6 segment with

              BIND 9.17.16+CentOS  7.9.<br>

              <br>

              With Thanks & Regards <br>

              Divya <br>

              <br>

              <br>

            </div>

          </div>

          <br>

          <p><a href="https://amritmahotsav.nic.in/" target="_blank"

              moz-do-not-send="true"><img style="width: 450px; height:

                113px;" src="https://email.gov.in/videos/images/75.jpg"

                data-unique-identifier="" moz-do-not-send="true"></a></p>

          <br>

          <span>_______________________________________________</span><br>

          <span>Please visit

            <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to

            unsubscribe from this list</span><br>

          <span></span><br>

          <span>ISC funds the development of this software with paid

            support subscriptions. Contact us at

            <a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.</span><br>

          <span></span><br>

          <span></span><br>

          <span>bind-users mailing list</span><br>

          <span><a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a></span><br>

          <span><a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a></span><br>

        </div>

      </blockquote>

      <br>

      <fieldset class="mimeAttachmentHeader"></fieldset>

      <pre class="moz-quote-pre" wrap="">_______________________________________________

Please visit <a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at <a class="moz-txt-link-freetext" href="https://www.isc.org/contact/">https://www.isc.org/contact/</a> for more information.

bind-users mailing list

<a class="moz-txt-link-abbreviated" href="mailto:bind-users@lists.isc.org">bind-users@lists.isc.org</a>

<a class="moz-txt-link-freetext" href="https://lists.isc.org/mailman/listinfo/bind-users">https://lists.isc.org/mailman/listinfo/bind-users</a>

</pre>

    </blockquote>

    <div class="moz-signature">-- <br>

      <meta http-equiv="content-type" content="text/html; charset=UTF-8">

      <title></title>

      <p>Mark James ELKINS  -  Posix Systems - (South) Africa<br>

        <a class="moz-txt-link-abbreviated" href="mailto:mje@posix.co.za">mje@posix.co.za</a>       Tel: <a href="tel:+27826010496">+27.826010496</a><br>

        For fast, reliable, low cost Internet in ZA: <a

          href="https://ftth.posix.co.za">https://ftth.posix.co.za</a><br>

        <br>

        <img moz-do-not-send="false"

          src="cid:part5.BD5B2C89.D321F7C0@posix.co.za" alt="Posix

          Systems" width="250" height="165"><img moz-do-not-send="false"

          src="cid:part6.E2702D26.F97BFA28@posix.co.za" alt="VCARD for

          MJ Elkins" title="VCARD, Scan me please!" width="164"

          height="164"><br>

      </p>

    </div>

  </body>

</html>