[ARIN-Suggestions] ACSP 2020.13: Improve Reverse DNS Security Closed on 29 July

ARIN info at arin.net
Thu Jul 29 09:45:45 EDT 2021

On 29 July, ARIN closed ACSP 2020.13: Improve Reverse DNS Security with the following response:

Thank you for your suggestion, numbered 2020.13 on confirmed receipt, asking that we use SHA-256 keys for xx.in-addr.arpa and ip6.arpa (reverse DNS) zones. We have rolled our key signing keys (KSKs) and zone signing keys (ZSKs) to a stronger algorithm (RSA/SHA256, algorithm 8) per your request and guidance from RFC 8624 (https://datatracker.ietf.org/doc/html/rfc8624#section-3.1). Additionally, we no longer publish DS records using digest type 1 (SHA-1), instead only publishing digest type 2 (SHA-256), per updated recommendations from RFC 8624 (https://datatracker.ietf.org/doc/html/rfc8624#section-3.3).

Because this work is completed, we are closing this suggestion. Thank you for participating in the ARIN Consultation and Suggestion Process.

The full text and response of the suggestion can be found at:


American Registry for Internet Numbers (ARIN)

More information about the arin-suggestions mailing list