Root Zone KSK Rollover Update - ICANN & Verisign Collaboration

Root Zone KSK Rollover Update - ICANN & Verisign Collaboration
Slide Note
Embed
Share

On 11 October 2018, a significant key change occurred for the DNS root zone involving ICANN, Verisign, and other stakeholders. This event marked a crucial phase in internet security infrastructure, with a detailed timeline of events highlighting the meticulous approach taken by the involved parties. Despite challenges like outdated DNSSEC-enabled browsers and plugins, the transition was navigated successfully, showcasing the expertise and vigilance of the Amsterdam team. Monitoring continues to ensure the stability and security of the root zone.

  • Root Zone
  • KSK Rollover
  • ICANN
  • Verisign
  • Internet Security
deff726
deff726 Follow

Uploaded on Mar 09, 2025 | 0 Views

Download Presentation

Please find below an Image/Link to download the presentation.

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.

You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.

Download Presentation

The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.

E N D

Presentation Transcript

  1. Root Zone KSK Rollover update Matt Larson VP of Research, ICANN and many, many others at ICANN and Verisign | 1

  2. When Does the Rollover Take Place? On 16 September 2018, the ICANN Board passed a resolution directing the organization to proceed with its plans to change or roll the key for the DNS root zone On 11 October 2018 at 1600 UTC, the new KSK signature over the root DNSKEY RRset was published for the first time This is an informal overview of what happened during that day from the perspective of the Root Zone Management Partners | 2

  3. Timeline of events (UTC) 13:00 Root Zone Management Partners join conference bridge 13:00 Verisign generates root zone file 13:15 Verisign inspects root zone file 13:30 Verisign sends root zone file to ICANN 13:30 ICANN inspects root zone file 15:30 ICANN Go/No-go call 15:45 ICANN approves the zone for publication 15:45 Verisign reminds root server operators of scheduled zone push 16:00 Verisign approves root zone file push 16:05 Verisign informs root server operators zone file has been pushed | 3

  4. Amsterdam team | 4

  5. Monitoring | 5

  6. Known issues No direct reports to ICANN yet Various other reports via Twitter Old DNSSEC enabled browsers and plugins: Bloodhound (based on Firefox) is old, unsupported code DNSSEC-Validator is old, unsupported code Both did not have the new key Debian dnsruby package was updated overnight Some monitoring tools had the old KSK hardcoded and started warnings No report of broken resolvers Some (two) issues mentioned on mailing lists and IRC | 6

Related


Protecting Your Landscape: The Complete Guide to Tree Root Barriers

Protecting Your Landscape: The Complete Guide to Tree Root Barriers

Abhishek1
Formation of Hertwig's Epithelial Root Sheath in Tooth Development

Formation of Hertwig's Epithelial Root Sheath in Tooth Development

zadie
Integrated Coastal Zone Management & Exclusive Economic Zone (EEZ) - Sustainable Coastal Management

Integrated Coastal Zone Management & Exclusive Economic Zone (EEZ) - Sustainable Coastal Management

sekani
Pediatric Dental Crown and Root Fractures Management Guidelines

Pediatric Dental Crown and Root Fractures Management Guidelines

erasmus
Capacity Zone Modeling for Forward Capacity Auction 17 Results

Capacity Zone Modeling for Forward Capacity Auction 17 Results

francesco
Earth's Climatic Zones

Earth's Climatic Zones

raya
Federal Consistency in Coastal Zone Management

Federal Consistency in Coastal Zone Management

raees
Root Development in Tooth Growth Process

Root Development in Tooth Growth Process

kelsey
Water Absorption in Plant Root Systems

Water Absorption in Plant Root Systems

atarah
Development of Visit, Board, Search and Seizure (VBSS) Curricula for the Sulu Zone

Development of Visit, Board, Search and Seizure (VBSS) Curricula for the Sulu Zone

teddy
Root Operations in ICD-10-PCS for Body Part Procedures

Root Operations in ICD-10-PCS for Body Part Procedures

karter
Comprehensive Green Zone Ally Training

Comprehensive Green Zone Ally Training

aleena
Root Morphology and Chemistry Data Collection in Plant Study

Root Morphology and Chemistry Data Collection in Plant Study

geam562
Root Zone Management Changes Process Overview

Root Zone Management Changes Process Overview

kirchoff_k
DNS Testing and Signatures Rollover Analysis

DNS Testing and Signatures Rollover Analysis

naif959
Embracing a Growth Mindset for Success in Education

Embracing a Growth Mindset for Success in Education

darl_79
ICANN Board-GAC Clarifying Questions Discussion

ICANN Board-GAC Clarifying Questions Discussion

chand
Weekly Wave Data & Information Systems Update

Weekly Wave Data & Information Systems Update

mhay
L-Root: An Overview of ICANN DNS Operations

L-Root: An Overview of ICANN DNS Operations

sum_cab
Global Internet Governance: ICANN Presentation to WIPO Standing Committee

Global Internet Governance: ICANN Presentation to WIPO Standing Committee

braylonr
Evolution of GAC Operating Principles: A Working Group Initiative

Evolution of GAC Operating Principles: A Working Group Initiative

lean322
Maize Root Anatomy: An In-depth Examination

Maize Root Anatomy: An In-depth Examination

amillian

More Related Content