How to DNSSEC Sign Bind9 Reverse Zone

I'm using bind9 and dnssec-keygen/dnssec-signzone. I've had no problem signing my forward zones however I cannot seem to find any documentation on signing reverse zones. What is the process for this?


The reason why there is no separate documentation for reverse zones is that reverse zones are just a subset of zones which there is plenty of documentation for. The thing that sets a reverse zone apart from other zones is how it is (typically) used, not how it actually operates.

Ie, the only thing that is actually different is that your typical lookup of a name inside a reverse zone is for type PTR and for a name which is the result of having mapped an IP address into a name based on the standardized convention of reversing the IP address and appending .in-addr.arpa or .ip6.arpa for IPv4 and IPv6 respectively. The reverse zone itself operates just the same as any other zone and neither the authoritative nameserver or the resolver server needs any special handling for this at all.