[dns-operations] .COM Zone DNSSEC Operational Update -- ZSK length change

Matt Nordhoff lists at mn0.us
Sat Dec 28 16:50:22 UTC 2019


On Mon, Oct 14, 2019 at 6:34 PM Wessels, Duane via dns-operations
<dns-operations at dns-oarc.net> wrote:
> All,
>
> Verisign is in the process of increasing the size and strength of
> the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that
> it operates.  As part of this process, the ZSK for the .COM zone will
> be increased in size from 1024 to 1280 bits.
>
> On October 10, 2019 the 1280 bit ZSK was pre-published in the .COM zone.
> On October 15, we plan to sign the .COM zone with the 1280 bit ZSK.
> On October 20, we plan to remove the old 1024 bit ZSK from the zone.

D'y'all have an updated ETA on step 3?

> We do not anticipate any problems from this upgrade.  In accordance
> with our normal operating procedures we have a rollback process should
> it become necessary to revert to the 1024 bit ZSK.
>
> DW
-- 
Matt Nordhoff


More information about the dns-operations mailing list