How to DNSSEC Sign Bind9 Reverse Zone

domain-name-system reverse-dns bind dnssec

I'm using bind9 and dnssec-keygen/dnssec-signzone. I've had no problem signing my forward zones however I cannot seem to find any documentation on signing reverse zones. What is the process for this?


The reason why there is no separate documentation for reverse zones is that reverse zones are just a subset of zones which there is plenty of documentation for. The thing that sets a reverse zone apart from other zones is how it is (typically) used, not how it actually operates.

Ie, the only thing that is actually different is that your typical lookup of a name inside a reverse zone is for type PTR and for a name which is the result of having mapped an IP address into a name based on the standardized convention of reversing the IP address and appending .in-addr.arpa or .ip6.arpa for IPv4 and IPv6 respectively. The reverse zone itself operates just the same as any other zone and neither the authoritative nameserver or the resolver server needs any special handling for this at all.

Related

Ansible vs. custom made solution
Can you configure per-network SSH settings?
systemd unit stops when required unit is stopped, but then does not start again when required unit starts
Postfix forwarding - SPF issues - Sender rewrite
Can haproxy log unknown headers?
login failed in initializing the provider
Configuring Hyper-V on Windows 10 for pass-through DHCP
How to properly setup SSL with Apache2 and multiple Docker containers?
OpenVPN doesn't works with TCP
How to map internal OIDC group to external K8s cluster roles
How to use fn-key (function keys) with an external keyboard that has no fn-key? [duplicate]
How to use the balance on your apple account in app store?