[dns-operations] .mil DNSSEC operational message

Cassell, James D CIV DISA NS233 jcassell at nic.mil
Wed Sep 7 19:04:58 UTC 2011


The United States Department of Defense (DoD) has authorized the DoD Network
Information Center (NIC) to sign the .mil zone using DNSSEC.  The DoD NIC
will sign the .mil zone using a phased implementation plan that will span a
three (3) month period.

The first phase will consist of signing the .mil zone with an unvalidatable
key, similar to the method used to initially sign several other gTLDs, as
well as the root zone.
  
During the second phase, the .mil zone will be signed using a validatable
key.  However, this key will not be released to IANA for inclusion in the
root zone until an operational test and assessment have been completed.
Essentially, the .mil domain will remain an island (for DNSSEC purposes)
during this phase.

The third and final phase will consist of submitting the .mil key to IANA
for publication in the Internet root zone to allow Internet-wide validation
of .mil DNS responses.
 
Tentative timeline to a signed .mil zone:
Sep 14-Sep 18  .mil zone signed with an unvalidatable key
Sep 19-Dec 11  .mil zone signed with an unpublished, validatable key
Dec 12         .mil zone signed, and its DS record is included in the root
zone

This rollout is expected to be transparent to the Internet user community,
however, if there are issues during this period, please contact the DoD NIC
at 1-800-365-3642; +1 614-692-2708.

Thank you,
DoD NIC Administration
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5209 bytes
Desc: not available
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20110907/2d4d27dd/attachment.bin>


More information about the dns-operations mailing list