[LACNIC/Seguridad] Fwd: Root zone DNSSEC deployment web site and technical status update
Francisco Arias
francisco en arias.com.mx
Mie Dic 16 03:16:29 BRST 2009
Por si no han visto el correo.
Quizá lo más importante, el sitio http://www.root-dnssec.org/ y el que la
zona raíz firmada comenzará a ser visible en la semana del 11 de enero
próximo en uno de los servidores raíz. Abajo pueden ver la agenda completa
de cómo irá siendo distribuido la zona a cada uno de los servidores raíz.
Para quienes operen DNSs recursivos y firewalls (ISP's), si no lo han hecho
ya, es el momento de revisar la infraestructura para asegurar que las
respuestas de DNS mayores a 512 Bytes pueden transitar por sus redes y/o ser
procesadas por sus servidores recursivos. Hay que soportar ENDS0 y TCP en
los servidores recursivos también.
Me parece que ya tenemos un tema para reunión de Curaçao ...
Saludos,
Francisco.
---------- Forwarded message ----------
From: Matt Larson <mlarson en verisign.com>
Date: 2009/12/15
Subject: [dns-operations] Root zone DNSSEC deployment web site and technical
status update
To: dns-operations en mail.dns-oarc.net
The root zone DNSSEC deployment team is pleased to announce a new web
site with information about the project, http://www.root-dnssec.org.
The site serves as a repository for documentation and information
about deploying DNSSEC in the root zone, including technical status
updates. The first status update is available on the site and is
included below, as well. Additional documentation will be posted as
it becomes available. Important announcements and future status
updates will appear in the site's RSS feed,
http://www.root-dnssec.org/rss.
The design team welcomes your feedback: you can reach the entire team
at rootsign en icann.org.
On behalf of the root zone DNSSEC deployment team,
Matt Larson
--
Status Update, December, 2009
This is the first of a series of technical status updates intended to
inform a technical audience on the progress of deploying DNSSEC in the
root zone of the DNS.
RESOURCES
Details of the project, including documentation published to date, can
be found at http://www.root-dnssec.org/.
We'd like to hear from you. If you have feedback for us, please send
it to rootsign en icann.org.
DOCUMENTATION
This project involves the creation of a large volume of documentation,
individual components of which will be released as they have completed
internal review. The following documents are expected to be released
as drafts before the end of December 2009:
* Root Zone DNSSEC Deployment Plan
* Root Zone Trust Anchor Publication
DEPLOYMENT STATUS
Several root server operators have started testing a lightweight
packet capture tool designed to provide a full record of priming
queries received over the period covering DNSSEC deployment in the
root zone. We hope this data collection will be in full production on
all root servers before the end of December, providing baseline data
which will allow the reaction of the system as a whole to deployment
events to be observed.
On 2009-12-01, the first pre-production KSR exchange between ICANN and
VeriSign and the signing of the root zone within VeriSign's production
infrastructure commenced. The signing, validation, measurement and
monitoring infrastructure will now be subject to full internal
testing.
PLANNED DEPLOYMENT SCHEDULE
2009-12-01: KSR exchange, root zone signing begins, internal to
VeriSign and ICANN; generation of DURZ
Week of 2010-01-11: L starts to serve DURZ
Week of 2010-02-08: A starts to serve DURZ
Week of 2010-03-01: M, I start to serve DURZ
Week of 2010-03-22: D, K, E start to serve DURZ
Week of 2010-04-12: B, H, C, G, F start to serve DURZ
Week of 2010-05-03: J starts to serve DURZ
2010-07-01: Distribution of validatable, production, signed root zone;
publication of root zone trust anchor.
(Please note that this schedule is tentative and subject to change
based on testing results or other unforeseen factors.)
_______________________________________________
dns-operations mailing list
dns-operations en lists.dns-oarc.net
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
------------ próxima parte ------------
Se ha borrado un adjunto en formato HTML...
URL: <https://mail.lacnic.net/pipermail/seguridad/attachments/20091215/90bb7c0c/attachment.html>
Más información sobre la lista de distribución Seguridad