<!DOCTYPE html>
<html>
<head>
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
</head>
<body style="word-wrap:break-word" vlink="#96607D" link="#467886"
lang="EN-US">
<p>Importante FYI para quienes operen servidores DNS. Estén atentos
de que sus servidores soporten RFC 5011 correctamente, que no
tienen problemas de permisos mal configurados, etc, porque en los
próximos dos años se va a ir rotando la llave KSK de la zona raíz.</p>
<p>Si no han hecho nada con DNSSEC aun, bueno, que mejor momento
para empezar !</p>
<p>Saludos,</p>
<p>/Carlos<br>
</p>
<div class="moz-forward-container"><br>
<br>
-------- Forwarded Message --------
<table class="moz-email-headers-table" cellspacing="0"
cellpadding="0" border="0">
<tbody>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Subject:
</th>
<td>Update to DNSSEC trust anchors</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Date: </th>
<td>Wed, 24 Jul 2024 22:08:41 +0000</td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">From: </th>
<td>James Mitchell via root-dnssec-announce <a
class="moz-txt-link-rfc2396E"
href="mailto:root-dnssec-announce@icann.org"
moz-do-not-send="true"><root-dnssec-announce@icann.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">Reply-To:
</th>
<td>James Mitchell <a class="moz-txt-link-rfc2396E"
href="mailto:james.mitchell@iana.org"
moz-do-not-send="true"><james.mitchell@iana.org></a></td>
</tr>
<tr>
<th valign="BASELINE" nowrap="nowrap" align="RIGHT">To: </th>
<td>root-dnssec-announce <a class="moz-txt-link-rfc2396E"
href="mailto:root-dnssec-announce@icann.org"
moz-do-not-send="true"><root-dnssec-announce@icann.org></a></td>
</tr>
</tbody>
</table>
<br>
<br>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<meta name="Generator"
content="Microsoft Word 15 (filtered medium)">
<style>@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}@font-face
{font-family:Aptos;
panose-1:2 11 0 4 2 2 2 2 2 4;}p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Aptos",sans-serif;}a:link, span.MsoHyperlink
{mso-style-priority:99;
color:#467886;
text-decoration:underline;}span.EmailStyle17
{mso-style-type:personal-compose;
font-family:"Aptos",sans-serif;
color:windowtext;}.MsoChpDefault
{mso-style-type:export-only;
font-size:11.0pt;
mso-ligatures:none;}div.WordSection1
{page:WordSection1;}</style>
<div class="WordSection1">
<p class="MsoNormal">IANA has published an update to the trust
anchors for DNSSEC at <a
href="https://www.iana.org/dnssec/files"
moz-do-not-send="true" class="moz-txt-link-freetext">https://www.iana.org/dnssec/files</a>.
This update adds a new key that is planned to be used to sign
the DNS root zone starting in 2026.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Software vendors and system package
maintainers are encouraged to begin their processes for
distributing this new trust anchor. The new trust anchor is
currently available in a format suitable for constructing a DS
record. The file is expected to be expanded in October 2024 to
add data for also constructing the associated DNSKEY record.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">We plan to pre-publish the new KSK in the
DNS starting on 11 January 2025, with a standby period of
nearly two years before a rollover in October 2026. This
provides ample opportunity to propagate the new trust anchor,
and also provides the capability to roll to it sooner should
an emergency rollover be required.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Discussion relating to this rollover is
encouraged at our <a
href="https://lists.icann.org/postorius/lists/ksk-rollover.icann.org/"
moz-do-not-send="true"> ksk-rollover mailing list</a>.<o:p></o:p></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal">Kind regards,<o:p></o:p></p>
<p class="MsoNormal">James Mitchell<o:p></o:p></p>
<p class="MsoNormal">Director IANA Technical Services<o:p></o:p></p>
</div>
</div>
</body>
</html>