[dns-operations] GOV zone operational update: DNSSEC transition to algorithm 13
Stephane Bortzmeyer
bortzmeyer at nic.fr
Wed May 22 08:01:36 UTC 2024
On Wed, May 22, 2024 at 09:23:12AM +0200,
Christian Elmerot <christian at elmerot.se> wrote
a message of 68 lines which said:
> We are fully aware and monitoring the situation around the C-root
> servers and will not proceed with the ongoing DNSSEC algorithm roll
> until it has stabilized.
> The .GOV TLD is now publishing DNSKEYs for both algorithm 8 and 13 and
> using both to sign the zone.
> Update to add the new algorithm 13 DS records to the root had been
> submitted to IANA but are not yet published.
> We are putting the transition on hold for the moment until all the root
> servers are publishing the same version of the root zone
Note that .INT's new DS with ECDSA has been published but C root does
not see it. I assume .INT will hold its transition as well.
% dig +short @a.root-servers.net int DS
59895 13 2 10C789F286599316D3A74C2C513434C3F8A33B9238976D5DE2A178E5 4DA353F3
27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E17 0B40CA4F
% dig +short @c.root-servers.net int DS
27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E17 0B40CA4F
More information about the dns-operations
mailing list