Re: DNSSEC Deployment in ARPA Children
On 2010-04-28, at 9:29 AM, Joe Abley wrote: Colleagues, ICANN plans to begin a test deployment of DNSSEC in various zones starting on 2010-04-29: IN-ADDR-SERVERS.ARPA IP6.ARPA IP6-SERVERS.ARPA IRIS.ARPA URI.ARPA URN.ARPA These zones will be signed using RSASHA256 and NSEC with 2048-bit KSKs and 1024-bit ZSKs. The maintenance is complete, all of the zones are now DNSSEC signed. We expect to include trust anchors for these zones following a testing period of around two weeks, given no observed or reported harmful effects. If you observe any issues, or have any concerns please let us know at tic...@dns.icann.org. Kind regards, Dave Knight Senior DNS Engineer, ICANN
.ORG is signed
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Colleagues, On behalf of PIR Technical Support I would like to announce that as of today, 2009-06-02, at 16:00 UTC .ORG is DNSSEC signed. The following KSK is now valid for .ORG org.IN DNSKEY 257 3 7 ( AwEAAYpYfj3aaRzzkxWQqMdl7YExY81NdYSv+qayuZDo dnZ9IMh0bwMcYaVUdzNAbVeJ8gd6jq1sR3VvP/SR36mm GssbV4Udl5ORDtqiZP2TDNDHxEnKKTX+jWfytZeT7d3A bSzBKC0v7uZrM6M2eoJnl6id66rEUmQC2p9DrrDg9F6t XC9CD/zC7/y+BNNpiOdnM5DXk7HhZm7ra9E7ltL13h2m x7kEgU8e6npJlCoXjraIBgUDthYs48W/sdTDLu7N59rj CG+bpil+c8oZ9f7NR3qmSTpTP1m86RqUQnVErifrH8Kj DqL+3wzUdF5ACkYwt1XhPVPU+wSIlzbaAQN49PU= ) ; key id = 21366 Please note that due to the use of NSEC3 this key should not be used with BIND versions less than 9.6.0. Please refer to http://www.pir.org/dnssec for more information. As always, please report operational concerns with any Afilias-hosted zone to n...@afilias-nst.info dave - -- Dave Knight Director, Resolution Services Afilias PIR Technical Support URL: http://www.pir.org E-mail: techsupp...@pir.org Phone: +1.416.646.3308 Fax: +1.416.646.3305 -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.8 (Darwin) iEYEARECAAYFAkoljz8ACgkQVFeEx/p946ad1ACfRgX0xjsA19jEgv8FC5ol7CME 8qUAoOx39+ZB/GIQj0/qHPnAA843iVqa =stCt -END PGP SIGNATURE-
