[apops] Root Zone DNSSEC Deployment Technical Status Update

  • To: "apops at apops dot net" <apops at apops dot net>
  • Subject: [apops] Root Zone DNSSEC Deployment Technical Status Update
  • From: Joe Abley <joe.abley at icann dot org>
  • Date: Mon, 3 May 2010 05:17:58 -0700
  • Accept-language: en-US
  • Acceptlanguage: en-US
  • Delivered-to: apops at mailman dot apnic dot net
  • List-archive: <http://mailman.apnic.net/mailing-lists/apops>
  • List-help: <mailto:apops-request@apops.net?subject=help>
  • List-id: Asia Pacific Operators Forum <apops.apops.net>
  • List-post: <mailto:apops@apops.net>
  • List-subscribe: <http://mailman.apnic.net/mailman/listinfo/apops>, <mailto:apops-request@apops.net?subject=subscribe>
  • List-unsubscribe: <http://mailman.apnic.net/mailman/listinfo/apops>, <mailto:apops-request@apops.net?subject=unsubscribe>
  • Thread-index: AcrquqtJkkIOZ/2fT/STbSEccQjU7w==
  • Thread-topic: Root Zone DNSSEC Deployment Technical Status Update
    • Technical Status Update 2010-05-03
      
      This is the fifth of a series of technical status updates intended
      to inform a technical audience on progress in signing the root zone
      of the DNS.
      
      
      **  The final transition to the DURZ will take place on
      **  J-Root, on 2010-05-05 between 1700--1900 UTC.
      **
      **  After that maintenance all root servers will be serving the
      **  DURZ, and will generate larger responses to DNS
      **  queries that request DNSSEC information.
      **
      **  If you experience technical problems or need to contact
      **  technical project staff, please send e-mail to rootsign at icann dot org
      **  or call the ICANN DNS NOC at +1 310 301 5817, e-mail preferred
      **  if possible.
      **
      **  See below for more details.
      
      
      RESOURCES
      
      Details of the project, including documentation published to date,
      can be found at <http://www.root-dnssec.org/>.
      
      We'd like to hear from you. If you have feedback for us, please
      send it to rootsign at icann dot org.
      
      
      DEPLOYMENT STATUS
      
      The incremental deployment of DNSSEC in the Root Zone is being
      carried out first by serving a Deliberately Unvalidatable Root Zone
      (DURZ), and subsequently by a conventionally signed root zone.
      Discussion of the approach can be found in the document "DNSSEC
      Deployment for the Root Zone", as well as in the technical presentations
      delivered at RIPE, NANOG, IETF and ICANN meetings.
      
      Twelve of the thirteen root servers have already made the transition
      to the DURZ.  No harmful effects have been identified.
      
      The final root server to make the transition, J-Root, will start
      serving the DURZ in a maintenance window scheduled for 1700--1900
      UTC on 2010-05-05.
      
      Initial observations relating to this transition will be presented
      and discussed at the DNS Working Group meeting at the RIPE meeting
      in Prague on 2010-05-06.
      
      
      PLANNED DEPLOYMENT SCHEDULE
      
      Already completed:
      
        2010-01-27: L starts to serve DURZ
      
        2010-02-10: A starts to serve DURZ
      
        2010-03-03: M, I start to serve DURZ
      
        2010-03-24: D, K, E start to serve DURZ
      
        2010-04-14: B, H, C, G, F start to serve DURZ
      
      To come:
      
        2010-05-05: J starts to serve DURZ
      
        2010-07-01: Distribution of validatable, production, signed root
          zone; publication of root zone trust anchor
      
        (Please note that this schedule is tentative and subject to change
        based on testing results or other unforeseen factors.)
      
      A more detailed DURZ transition timetable with maintenance windows
      can be found in the document "DNSSEC Deployment for the Root Zone",
      the most recent draft of which can be found on the project web page
      at <http://www.root-dnssec.org/>.