[dns-operations] .mil DNSSEC operational message
Cassell, James D CIV DISA NS233
jcassell at nic.mil
Wed Sep 7 19:04:58 UTC 2011
The United States Department of Defense (DoD) has authorized the DoD Network
Information Center (NIC) to sign the .mil zone using DNSSEC. The DoD NIC
will sign the .mil zone using a phased implementation plan that will span a
three (3) month period.
The first phase will consist of signing the .mil zone with an unvalidatable
key, similar to the method used to initially sign several other gTLDs, as
well as the root zone.
During the second phase, the .mil zone will be signed using a validatable
key. However, this key will not be released to IANA for inclusion in the
root zone until an operational test and assessment have been completed.
Essentially, the .mil domain will remain an island (for DNSSEC purposes)
during this phase.
The third and final phase will consist of submitting the .mil key to IANA
for publication in the Internet root zone to allow Internet-wide validation
of .mil DNS responses.
Tentative timeline to a signed .mil zone:
Sep 14-Sep 18 .mil zone signed with an unvalidatable key
Sep 19-Dec 11 .mil zone signed with an unpublished, validatable key
Dec 12 .mil zone signed, and its DS record is included in the root
This rollout is expected to be transparent to the Internet user community,
however, if there are issues during this period, please contact the DoD NIC
at 1-800-365-3642; +1 614-692-2708.
DoD NIC Administration
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 5209 bytes
Desc: not available
More information about the dns-operations