2013-11-19 - News - Chris Thompson
First, a note that the IPv6 reverse zone delegated to the Computer Laboratory,
2.0.2.1.2.0.0.3.6.0.1.0.0.2.ip6.arpa, has been added to the list of zones
in https://jackdaw.cam.ac.uk/ipreg/nsconfig/sample.named.conf that can be
slaved stealthily within the CUDN. Some of the commentary in that file has
also been brought up to date.
The main news is that the zones
- cl.cam.ac.uk
- 232.128.in-addr.arpa
- 2.0.2.1.2.0.0.3.6.0.1.0.0.2.ip6.arpa
are now all signed. They are therefore much larger than before, and have larger and more frequent incremental updates. Those who are slaving them may need to be aware of that.
As regards DNSSEC validation, cl.cam.ac.uk now has a chain of trust from the root zone. We expect that 232.128.in-addr.arpa will also have one before long. The IP reverse zone has DS (delegation signer) records in 1.2.0.0.3.6.0.1.0.0.2.ip6.arpa, but that itself can be validated only via the dlv.isc.org lookaside zone, as JANET have not yet signed its parent zone 0.3.6.0.1.0.0.2.ip6.arpa (despite an 18-month-old promise on their part).