[dns-operations] DNSSEC for .nz, status update
Sebastian Castro
sebastian at nzrs.net.nz
Fri Dec 9 02:32:02 UTC 2011
(Apologies in advance if you have seen this announcement on a different
mailing list)
Continuing with the DNSSEC deployment scheduled detailed in
http://nzrs.net.nz/dns/dnssec, on December 9th 2011 at 10:00am the
signed version of the .nz zone containing an un-obscured DNSKEY set was
published. This effectively enables the validation of DNS data in the
.nz zone. Later during the day, after verification, we submitted the DS
records to IANA's Root Zone Management.
The DNSKEY set looks like this:
nz. 3600 IN DNSKEY 256 3 8 (
BAABAAGD+q3p2XDCb6SvAbACB/NPdljxhpBx2O9ZnvF2
OYb6kViMJ5dgxYDcFtvL5RW31Bc7UDvseoQPUK1wora3
BtUTylo1xd5PN/lV600mrNGRxfmw77Hen/MXH5GQrjaj
O+rFP1xce1/jdyvCciJzrYRcPL9p4c/eGoJK3ZMubiu1
OQ==
) ; key id = 27212, ZSK
nz. 3600 IN DNSKEY 257 3 8 (
BAABAAGwfTiEoh71o6S55+Mdy1qqVRnpKY1VHznrv+wx
rPfvRGB5VivFFPFN+33fsaTxJQTceOtOna7IKxTffj6p
bBG4a9vtk2FqF551IwXomKWJnzRVKqYzuAx+Os/5gLIN
BH7+qRWAkJwCdQXIaJGyGmshkO5Ci5Ex5Cm3EZCeVrie
0fLI03Ufjuhi6IJ7gLzjEWw84faLIxWHEj8w0UVcXfaI
2VL0oUC/R+9RaO7BJKv93ZqoZhTOSg9nH51qfubbK6FM
svOWEyVcUNE6NESYEbuCiUByKfxanvzzYUUCzmm+JwV7
7Ebj3XZSBnWnA2ylLXQ4+HD84rnqb1SgGXu9HZYn
) ; key id = 2517, KSK
The DS records submitted to IANA are:
nz. 3600 IN DS 2517 8 1 cb5f686cb7a500b344e33dbc5ca8183a4e5579ec
nz. 3600 IN DS 2517 8 2
02240b41dfddaeca2d6227d75a3575d5ba2fd07e21577f1c506d98be491d6ff3
When IANA has processed the change request, the process of enabling the
trust chain for the .nz zone will be complete.
We advise against using these DS records as a trust anchor. The only
valid trust anchor for .nz will be the DS records in the root zone.
Kind Regards,
--
Sebastian Castro
DNS Specialist
.nz Registry Services (New Zealand Domain Name Registry Limited)
desk: +64 4 495 2337
mobile: +64 21 400535
More information about the dns-operations
mailing list