[dns-operations] .BR DNSSEC Algorithm Rollover - Announcement

Frederico A C Neves fneves at registro.br
Sat Aug 18 15:35:56 UTC 2018

As previously announced [1], the .br will perform a DNSSEC Algorithm
Rollover starting next Monday Aug the 20th.

The new key with algorithm ECDSAP256SHA256 (13) was created during a
ceremony held on Aug the 8th. The DNSKEY with key tag 2471 is

( i9GgZ+/z2Y7VbG3AHrh7KD7FUHGxmCKHfoVGv/zZ3DAc
  XTVnAywWTopCBxqZas4JkzaPdAGd0rVtRsKGRDhiFg== )

The rollover will follow the liberal approach and will be executed in
4 DNS acts. Double Signing, Second Level DS change, Second Level old
algorithm removal, .br old algorithm removal.

Below the schedule with times reported in UTC. The final act is
tentative as it depends on the IANA interaction and DS change at the

2018-08-20T12:00:00 publish-key br-20180808-17057
2018-08-20T12:00:00 publish-key br-2018080800-2471
2018-08-20T12:00:00 publish-key generic-20180808-16341
2018-08-20T12:00:00 enable-key br-20180808-17057
2018-08-20T12:00:00 enable-key generic-20180808-16341
2018-08-20T12:00:00 full-pub
2018-08-20T17:00:00 publish-ds generic-20180808-16341
2018-08-20T17:00:00 unpublish-ds generic-20180516-7923
2018-08-20T17:00:00 unpublish-ds generic-20180516-8239
2018-08-20T19:00:00 remove-key generic-20180516-7923
2018-08-20T19:00:00 remove-key generic-20180516-8239
2018-08-20T19:00:00 full-pub
2018-08-27T12:00:00 remove-key br-2014120800-45673
2018-08-27T12:00:00 remove-key br-20171205-7320
2018-08-27T12:00:00 full-pub

This rollover will be monitored in a distributed way (Luminati / RIPE
Atlas), thanks to our colleagues at SIDN Labs, but if you happen to
see any issue, specially validation errors, please report at this
thread or to hostmaster at registro.br.

Frederico Neves

[1] https://static.ptbl.co/static/attachments/169303/1520891993.pdf

More information about the dns-operations mailing list