[dns-operations] Root Zone DNSSEC Deployment Technical Status Update
joe.abley at icann.org
Wed Jul 14 22:12:36 UTC 2010
Root Zone DNSSEC Deployment
Technical Status Update 2010-07-14
This is the eleventh of a series of technical status updates intended
to inform a technical audience on progress in signing the root zone
of the DNS.
Details of the project, including documentation published to date,
can be found at <http://www.root-dnssec.org/>.
We'd like to hear from you. If you have feedback for us, please
send it to rootsign at icann.org.
KSK CEREMONY 2 COMPLETE
The second KSK ceremony for the root zone was completed this week
in El Segundo, CA, USA. The Ceremony Administrator was Mehmet Akcin.
The second production Key Signing Request (KSR) generated by VeriSign
has now been processed by ICANN using the root zone KSK generated
in KSK Ceremony 1, and the resulting Signed Key Response (SKR) has
been accepted by VeriSign. This SKR contains signatures for Q4 2010,
for use between 2010-10-01 and 2010-12-31.
Audit materials relating to both the first and second ceremonies
will be published today at <http://www.iana.org/dnssec/>.
FULL PRODUCTION SIGNED ROOT ZONE
The transition from Deliberately-Unvalidatable Root Zone (DURZ) to
production signed root zone is scheduled take place on 2010-07-15
within a maintenance window which begins at 1930 UTC and ends at
2330 UTC. This is the usual window for the generation and distribution
of root zones with SOA serials ending in 01.
PLANNED DEPLOYMENT SCHEDULE
2010-01-27: L starts to serve DURZ
2010-02-10: A starts to serve DURZ
2010-03-03: M, I start to serve DURZ
2010-03-24: D, K, E start to serve DURZ
2010-04-14: B, H, C, G, F start to serve DURZ
2010-05-05: J starts to serve DURZ
2010-06-16: First Key Signing Key (KSK) Ceremony
2010-07-12: Second Key Signing Key (KSK) Ceremony
2010-07-15: Distribution of validatable, production, signed root
zone; publication of root zone trust anchor
(Please note that this schedule is tentative and subject to change
based on testing results or other unforeseen factors.)
More information about the dns-operations