[lacnog] Fwd: Root Zone DNSSEC Deployment Technical Status Update
Francisco Arias
francisco en arias.com.mx
Vie Feb 26 16:13:03 BRT 2010
Por si no lo han visto.
Saludos,
Francisco.
---------- Forwarded message ----------
From: Joe Abley <jabley en hopcount.ca>
Date: 26 February 2010 09:02
Subject: [dns-operations] Root Zone DNSSEC Deployment Technical Status Update
To: dns-operations en dns-oarc.net
Cc: rootsign en icann.org
This is the third of a series of technical status updates intended to
inform a technical audience on progress in signing the root zone of
the DNS. Apologies if you receive multiple copies of this message.
RESOURCES
Details of the project, including documentation published to date,
can be found at http://www.root-dnssec.org/.
We'd like to hear from you. If you have feedback for us, please
send it to rootsign en icann.org.
DOCUMENTATION
The following draft document was recently published:
- Root Zone DNSSEC KSK Ceremonies Guide
DEPLOYMENT STATUS
KSR exchanges continue between development platforms at VeriSign
and ICANN. Test exchanges between production servers, exercising
regular operational staff and subject to production monitoring and
availability measurements is scheduled to begin on 2010-03-01.
Build-out of KSK Key Ceremony facilities at ICANN continues, and
both facilities (east- and west-coast USA) are expected to be ready
on schedule.
The incremental deployment of DNSSEC in the Root Zone is being
carried out first by serving a Deliberately-Unvalidatable Root Zone
(DURZ), and subsequently by a conventionally-signed root zone.
Discussion of the approach can be found in the document "DNSSEC
Deployment for the Root Zone", as well as in the technical presentations
delivered at RIPE, NANOG, IETF and ICANN meetings.
L-Root made the transition to the DURZ on 2010-01-27, and A-Root
did the same on 2010-02-10. No harmful effects of either transition
have been identified. Some early analysis of packet captures from
many root servers surrounding each event was recently presented at
NANOG 48 in Austin, Texas, USA and can be found with other presentation
materials at <http://www.root-dnssec.org/presentations/>.
Those who are tracking the impact of the DURZ transition on root
servers should note that the maintenance window for the M-Root DURZ
transition has changed to 2010-03-03 0600--0800 UTC, two hours later
than was originally advised. This change has been reflected in the
deployment plan, which can be found with other project documentation
at <http://www.root-dnssec.org/documentation/>.
PLANNED DEPLOYMENT SCHEDULE
Already completed:
2010-01-27: L starts to serve DURZ
2010-02-10: A starts to serve DURZ
To come:
2010-03-03: M, I start to serve DURZ
2010-03-24: D, K, E start to serve DURZ
2010-04-14: B, H, C, G, F start to serve DURZ
2010-05-05: J starts to serve DURZ
2010-07-01: Distribution of validatable, production, signed root
zone; publication of root zone trust anchor
(Please note that this schedule is tentative and subject to change
based on testing results or other unforseen factors.)
A more detailed DURZ transition timetable with maintenance windows
can be found in the document "DNSSEC Deployment for the Root Zone",
the most recent draft of which can be found on the project web page
at <http://www.root-dnssec.org/>.
_______________________________________________
dns-operations mailing list
dns-operations en lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
Más información sobre la lista de distribución LACNOG