[dns-operations] .UK is DNSSEC signed

[Roy Arends]

Today, Nominet UK, the internet registry for .UK domain names has deployed a signed UK zone. 

We have introduced DNSSEC information into five of the eleven UK nameservers.  The keys have been obscured; although DNSSEC information is present, it will not be possible to validate it.  For one week we will monitor the traffic on all our nameservers to look for any significant change in access patterns.

Assuming that nothing untoward is seen, on Monday 8 March, all eleven UK nameservers will serve DNSSEC information and the zone will contain proper DNSKEY material.  However, we recommend against configuring the DNSKEY key as a trust anchor or adding it to DLV repositories. The next few months are an operational test and although we do plan to roll our DNSKEY at some point, we do not plan to announce it publicly.  When the root zone announces that it is ready to accept DS records, the one for .uk will be submitted for publication.

Kind regards,

Roy Arends
Sr. Researcher
Nominet UK