[dns-operations] Root Zone DNSSEC Deployment Technical Status Update

Joe Abley joe.abley at icann.org
Wed Jul 14 22:12:36 UTC 2010


Root Zone DNSSEC Deployment
Technical Status Update 2010-07-14

This is the eleventh of a series of technical status updates intended
to inform a technical audience on progress in signing the root zone
of the DNS.


RESOURCES

Details of the project, including documentation published to date,
can be found at <http://www.root-dnssec.org/>.

We'd like to hear from you. If you have feedback for us, please
send it to rootsign at icann.org.


KSK CEREMONY 2 COMPLETE

The second KSK ceremony for the root zone was completed this week
in El Segundo, CA, USA. The Ceremony Administrator was Mehmet Akcin.

The second production Key Signing Request (KSR) generated by VeriSign
has now been processed by ICANN using the root zone KSK generated
in KSK Ceremony 1, and the resulting Signed Key Response (SKR) has
been accepted by VeriSign. This SKR contains signatures for Q4 2010,
for use between 2010-10-01 and 2010-12-31.

Audit materials relating to both the first and second ceremonies
will be published today at <http://www.iana.org/dnssec/>.


FULL PRODUCTION SIGNED ROOT ZONE

The transition from Deliberately-Unvalidatable Root Zone (DURZ) to
production signed root zone is scheduled take place on 2010-07-15
within a maintenance window which begins at 1930 UTC and ends at
2330 UTC. This is the usual window for the generation and distribution
of root zones with SOA serials ending in 01.


PLANNED DEPLOYMENT SCHEDULE

Already completed:

  2010-01-27: L starts to serve DURZ

  2010-02-10: A starts to serve DURZ

  2010-03-03: M, I start to serve DURZ

  2010-03-24: D, K, E start to serve DURZ

  2010-04-14: B, H, C, G, F start to serve DURZ

  2010-05-05: J starts to serve DURZ

  2010-06-16: First Key Signing Key (KSK) Ceremony

  2010-07-12: Second Key Signing Key (KSK) Ceremony

To come:

  2010-07-15: Distribution of validatable, production, signed root
    zone; publication of root zone trust anchor

  (Please note that this schedule is tentative and subject to change
  based on testing results or other unforeseen factors.)




More information about the dns-operations mailing list