[lacnog] Fwd: Update to DNSSEC trust anchors
Carlos Martinez-Cagnazzo
carlos en lacnic.net
Jue Jul 25 14:53:15 -03 2024
Importante FYI para quienes operen servidores DNS. Estén atentos de que
sus servidores soporten RFC 5011 correctamente, que no tienen problemas
de permisos mal configurados, etc, porque en los próximos dos años se va
a ir rotando la llave KSK de la zona raíz.
Si no han hecho nada con DNSSEC aun, bueno, que mejor momento para empezar !
Saludos,
/Carlos
-------- Forwarded Message --------
Subject: Update to DNSSEC trust anchors
Date: Wed, 24 Jul 2024 22:08:41 +0000
From: James Mitchell via root-dnssec-announce
<root-dnssec-announce en icann.org>
Reply-To: James Mitchell <james.mitchell en iana.org>
To: root-dnssec-announce <root-dnssec-announce en icann.org>
IANA has published an update to the trust anchors for DNSSEC at
https://www.iana.org/dnssec/files. This update adds a new key that is
planned to be used to sign the DNS root zone starting in 2026.
Software vendors and system package maintainers are encouraged to begin
their processes for distributing this new trust anchor. The new trust
anchor is currently available in a format suitable for constructing a DS
record. The file is expected to be expanded in October 2024 to add data
for also constructing the associated DNSKEY record.
We plan to pre-publish the new KSK in the DNS starting on 11 January
2025, with a standby period of nearly two years before a rollover in
October 2026. This provides ample opportunity to propagate the new trust
anchor, and also provides the capability to roll to it sooner should an
emergency rollover be required.
Discussion relating to this rollover is encouraged at our ksk-rollover
mailing list
<https://lists.icann.org/postorius/lists/ksk-rollover.icann.org/>.
Kind regards,
James Mitchell
Director IANA Technical Services
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/lacnog/attachments/20240725/128443b7/attachment.htm>
------------ próxima parte ------------
_______________________________________________
root-dnssec-announce mailing list -- root-dnssec-announce en icann.org
To unsubscribe send an email to root-dnssec-announce-leave en icann.org
_______________________________________________
By submitting your personal data, you consent to the processing of your personal data for purposes of subscribing to this mailing list accordance with the ICANN Privacy Policy (https://www.icann.org/privacy/policy) and the website Terms of Service (https://www.icann.org/privacy/tos). You can visit the Mailman link above to change your membership status or configuration, including unsubscribing, setting digest-style delivery or disabling delivery altogether (e.g., for a vacation), and so on.
------------ próxima parte ------------
Se ha borrado un mensaje adjunto que no está en formato texto plano...
Nombre : OpenPGP_0xC6FDD1FBDBBA2907.asc
Tipo : application/pgp-keys
Tamaño : 5813 bytes
Descripción: OpenPGP public key
Url : <https://mail.lacnic.net/pipermail/lacnog/attachments/20240725/128443b7/attachment.key>
------------ próxima parte ------------
Se ha borrado un mensaje adjunto que no está en formato texto plano...
Nombre : OpenPGP_signature.asc
Tipo : application/pgp-signature
Tamaño : 840 bytes
Descripción: OpenPGP digital signature
Url : <https://mail.lacnic.net/pipermail/lacnog/attachments/20240725/128443b7/attachment.sig>
Más información sobre la lista de distribución LACNOG