<html><body><div style="font-family: georgia,serif; font-size: style=" font-size:="" 13pt;="" color:="" #000099"=""><div><!--StartFragment--><span style="color: #000099; font-family: georgia, serif; font-size: 17.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #000099; font-family: georgia, serif; font-size: 17.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"><span style="color: #000099; font-family: georgia, serif; font-size: 17.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #000099; font-family: georgia, serif; font-size: 17.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #ffffff; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">Not able to sign the zone for <!--StartFragment--><span style="color: #000000; font-family: georgia, serif; font-size: 17.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #fdfcfa; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #000000; font-family: georgia, serif; font-size: 17.3333px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: #fdfcfa; text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;">2409::/28 </span><!--EndFragment--></span></span><div style="clear: both;" data-mce-style="clear: both;"><br></div><!--EndFragment--><div style="clear: both;" data-mce-style="clear: both;"><span style="font-size: 13pt;" data-mce-style="font-size: 13pt;"><span style="font-size: 13pt;" data-mce-style="font-size: 13pt;">dnssec-signzone -A -3 $(head -c 1000 /dev/random | sha1sum | cut -b 1-16) -N INCREMENT -o <!--StartFragment--><span style="color: #333333; font-family: 'Courier New', Courier, monospace; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgba(211, 223, 235, 0.75); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;" data-mce-style="color: #333333; font-family: 'Courier New', Courier, monospace; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgba(211, 223, 235, 0.75); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; display: inline !important; float: none;"><span style="font-family: Calibri, sans-serif; font-size: 13pt;" data-mce-style="font-family: Calibri, sans-serif; font-size: 13pt;">0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.9.0.4.2.ip6.arpa.</span> </span></span></span><span style="font-size: 13pt;"> -t Zone</span></div><div style="clear: both;" data-mce-style="clear: both;"><span style="font-size: 13pt;">Pls help..</span></div></div><div data-marker="__SIG_PRE__"><div style="font-family:'arial' , 'helvetica' , sans-serif;text-align:left"><span style="font-family:'georgia' , serif;color:rgb( 0 , 0 , 128 );font-size:12pt"><br></span></div><div style="font-family:'arial' , 'helvetica' , sans-serif;text-align:left"><span style="font-family:'georgia' , serif;color:rgb( 0 , 0 , 128 );font-size:12pt">With Regards<br></span></div><div style="font-family:'arial' , 'helvetica' , sans-serif;text-align:left"><br data-mce-bogus="1"></div></div><hr id="zwchr" data-marker="__DIVIDER__"><div data-marker="__HEADERS__"><b>From: </b>"Divya" <divya.p@nic.in><br><b>To: </b>mje@posix.co.za<br><b>Cc: </b>bind-users@lists.isc.org<br><b>Sent: </b>Monday, November 22, 2021 3:49:30 PM<br><b>Subject: </b>Re: DNSSEC implementation on IPv6 PTR Zones<br></div><div><br></div><div data-marker="__QUOTED_TEXT__"><div><div style="font-family: georgia, serif;"><div><span style="font-family: georgia, serif; font-size: 13pt;">How to create DS for <span style="color: rgb(0, 0, 0); font-style: normal; font-weight: 400; letter-spacing: normal; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; background-color: rgb(253, 252, 250); float: none; display: inline !important;">2409::/28 ....</span></span><br></div><div><div style="font-family: arial, helvetica, sans-serif; text-align: left;"><span style="font-family: georgia, serif; color: rgb(0, 0, 128); font-size: 12pt;"><br></span></div><div style="font-family: arial, helvetica, sans-serif; text-align: left;"><span style="font-family: georgia, serif; color: rgb(0, 0, 128); font-size: 12pt;">With Regards<br></span></div><div style="font-family: arial, helvetica, sans-serif; text-align: left;"><span style="font-family: georgia, serif; color: rgb(153, 51, 0); font-size: 12pt;">Divya Parashar</span></div></div><br><hr id="zwchr"><div><b>From: </b>mje@posix.co.za<br><b>To: </b>bind-users@lists.isc.org<br><b>Cc: </b>"Divya" <divya.p@nic.in><br><b>Sent: </b>Thursday, November 18, 2021 3:44:56 PM<br><b>Subject: </b>Re: DNSSEC implementation on IPv6 PTR Zones<br></div><br><div><div>
<p>And I can testify that this works. I have 2001:42a0::/32 signed
via AFRINIC.</p>
<p>One suggestion though. When one signs an IPv4 reverse - use NSEC
- as everyone can guess what is there anyway.<br>
With IPv6 - you might want to use NSEC3 - as there can be huge
holes in the reverse zone. Make the bad guy work at guessing what
is in the zone.<br>
Also - if signing a brand new zone - try using Algo 13 (Elliptical
curve) as it will generate shorter keys - so less chance of your
zone being used in a DNS DDOS amplification attack - it doesn't
amplify as much.</p>
<p><br>
</p>
<div>On 11/18/21 12:07 PM, Mark Andrews
wrote:<br>
</div>
<blockquote>
</blockquote>
You do it exactly the same as any other zone. You create DNSKEYs.
You sign the zone. You add DS records to the parent zone. <br>
<br>
<div dir="ltr">--
<div>Mark Andrews</div>
</div>
<div dir="ltr"><br>
<blockquote>On 18 Nov 2021, at 20:28, Divya
<a href="mailto:divya.p@nic.in" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank"><divya.p@nic.in></a> wrote:<br>
<br>
</blockquote>
</div>
<blockquote>
<div dir="ltr">
<div style="font-family: georgia, serif;">
<div>Dear Admin,<br>
<br>
Has anybody implemented DNSSEC on IPv6 reverse zones?</div>
<div> Kindly help us to
configure DNSSEC on reverse zones of IPV6 segment with
BIND 9.17.16+CentOS 7.9.<br>
<br>
With Thanks & Regards <br>
Divya <br>
<br>
<br>
</div>
</div>
<br>
<p><a href="https://amritmahotsav.nic.in/" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank"><img style="width: 450px; height: 113px;" src="https://email.gov.in/videos/images/75.jpg" saveddisplaymode=""></a></p>
<br>
_______________________________________________<br>
Please visit
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to
unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid
support subscriptions. Contact us at
<a href="https://www.isc.org/contact/" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</div>
</blockquote>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<pre class="moz-quote-pre">_______________________________________________
Please visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.
bind-users mailing list
<a href="mailto:bind-users@lists.isc.org" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">bind-users@lists.isc.org</a>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a>
</pre>
<div>-- <br>
</div>
</div></div></div><title></title>
<p>Mark James ELKINS - Posix Systems - (South) Africa<br>
<a href="mailto:mje@posix.co.za" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">mje@posix.co.za</a> Tel: +27.826010496<br>
For fast, reliable, low cost Internet in ZA: <a href="https://ftth.posix.co.za" rel="nofollow noopener noreferrer nofollow noopener noreferrer" target="_blank">https://ftth.posix.co.za</a><br>
<br>
<img alt="Posix
Systems" width="250" height="165" pnsrc="cid:8bd09b176d699a50e255980b37fb1951f333553d@zimbra" src="cid:03bde021a6d2c6e8db1ac216683b8a4f72c67d22@zimbra"><img alt="VCARD for
MJ Elkins" title="VCARD, Scan me please!" width="164" height="164" pnsrc="cid:7c79e9b047b42ef5485aa7ab8318516672bfa08d@zimbra" src="cid:78fcbc808d2cbdfa4cae7ddc468b5717bd99900f@zimbra"><br>
</p>
</div><br></div></div>
<br><html><head></head><body>
<p><a href="https://amritmahotsav.nic.in/" target="_blank"><img style="width: 450px; height: 113px;" src='https://email.gov.in/videos/images/75.jpg'/></a></p>
</body></html>
<br></body></html>