[dns-wg] Update RIPE's DNS Zonemaster

Hi Anand,

Thank you for your quick reply!

* Anand Buddhdev <anandb at ripe.net> [2020-12-23 13:14 (+0100)]:
>On 21/12/2020 11:31, Arsen STASIC wrote:
>> RIPE's DNS Zonemaster version might be outdated, because it does not
>> support DNSSEC algorithm ED25519. This is the error message:
>> Signature for DNSKEY with tag 52537 failed to verify with error 'Unknown
>> cryptographic algorithm'.
>> https://dnscheck.ripe.net/test/328db6c75665721b
>
>You are correct. We are using an older version of Zonemaster, and it
>does not support ED25519.
>
>> But the Zonemaster software (Versions: engine 4.0.3, backend 6.0.2, GUI
>> 3.2.1) has already support for DNSSEC algorithm ED2551:
>> https://www.zonemaster.net/result/c1607f01d96a8d60
>>
>> It would be good if RIPE's Zonemaster could also list its version numbers.
>
>We are already testing the latest version of Zonemaster, but we also
>need to update the OS it runs on, since we need newer versions of
>OpenSSL with support for ED25519.
>
>I don't have a date for you, but we hope to update Zonemaster to the
>latest version very soon.

I highly appreciate your efforts.

>In the meantime, if you need to add or update a DS record for your
>zones, please email dns at ripe.net with a complete copy of your domain
>object, and we will do the updates for you manually.

This worked out very well.
Now is the first reverse DNS zone out of RIPE's address space signed with ED25519.

cheers
-arsen