[dns-operations] Fwd: ISC Operational Notification re: root-zone trust-anchors

Ray Bellis ray at isc.org
Thu Sep 28 21:45:52 UTC 2017


FYI, for those running BIND but not subscribed to bind-announce:

-------- Forwarded Message --------Subject: Operational Notification:
KSK-2010 will be retired from the
root zone, potentially affecting validating resolvers
Date: Thu, 28 Sep 2017 13:10:18 -0800
From: Michael McNally <mcnally at isc.org>
To: bind-announce at lists.isc.org

To all BIND server operators --

Many of you may already be aware of yesterday's announcement
from ICANN concerning the postponement of one of the steps
in the currently-in-progress root zone KSK rollover.

  https://www.icann.org/news/announcement-2017-09-27-en

Specifically, they have announced that the 11 October 2017
date that was planned for the retirement of KSK-2010 will
be postponed for at least three months because root zone
trust anchor telemetry data sent by servers running BIND and
other DNS server software indicates that many operators are
still unprepared for the change and using soon-to-be-retired
trust anchors.

To help our users be sure that they are prepared for the
transition when it occurs we have prepared an Operational
Notification concerning the KSK rollover:

  https://kb.isc.org/article/AA-01529/169/KSK-2010-Rollover.html

If you are operating a server which performs DNSSEC validation
we suggest that you take a few moments to read the notification
and follow its suggestions to ensure that you are prepared when
ICANN resume the root KSK rollover.

Michael McNally
ISC Security Officer




More information about the dns-operations mailing list