[dns-operations] GOV zone operational update: DNSSEC transition to algorithm 13
Christian Elmerot
christian at elmerot.se
Wed May 22 08:35:49 UTC 2024
On 2024-05-22 10:01, Stephane Bortzmeyer wrote:
> On Wed, May 22, 2024 at 09:23:12AM +0200,
> Christian Elmerot <christian at elmerot.se> wrote
...
>> We are putting the transition on hold for the moment until all the root
>> servers are publishing the same version of the root zone
>
> Note that .INT's new DS with ECDSA has been published but C root does
> not see it. I assume .INT will hold its transition as well.
>
> % dig +short @a.root-servers.net int DS
> 59895 13 2 10C789F286599316D3A74C2C513434C3F8A33B9238976D5DE2A178E5 4DA353F3
> 27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E17 0B40CA4F
>
> % dig +short @c.root-servers.net int DS
> 27433 7 2 5864812D4DF2A4A455D905AF311389F479AFCD96FD369060941C7E17 0B40CA4F
In the absence of messaging I'd not assume anything. Let's hope they
don't remove the algo 7 DS and more importantly don't remove the algo 7
DNSKEYs before C-root has been fixed + DS TTLs
--
Christian Elmerot
Cloudflare Authoritative DNS
More information about the dns-operations
mailing list