[dns-operations] GOV zone operational update: DNSSEC transition to algorithm 13

Stephane Bortzmeyer bortzmeyer at nic.fr
Wed May 22 08:01:36 UTC 2024


On Wed, May 22, 2024 at 09:23:12AM +0200,
 Christian Elmerot <christian at elmerot.se> wrote 
 a message of 68 lines which said:

> We are fully aware and monitoring the situation around the C-root 
> servers and will not proceed with the ongoing DNSSEC algorithm roll 
> until it has stabilized.
> The .GOV TLD is now publishing DNSKEYs for both algorithm 8 and 13 and
> using both to sign the zone.
> Update to add the new algorithm 13 DS records to the root had been 
> submitted to IANA but are not yet published.
> We are putting the transition on hold for the moment until all the root
> servers are publishing the same version of the root zone

Note that .INT's new DS with ECDSA has been published but C root does
not see it. I assume .INT will hold its transition as well.

% dig +short  @a.root-servers.net int DS
59895 13 2 10C789F286599316D3A74C2C513434C3F8A33B9238976D5DE2A178E5 4DA353F3
27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E17 0B40CA4F

% dig +short  @c.root-servers.net int DS
27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E17 0B40CA4F


More information about the dns-operations mailing list