Status Update, 2010-05-05

This is the sixth of a series of technical status updates intended to inform a technical audience on progress in signing the root zone of the DNS.

The final transition to a signed root zone took place today on J-Root, between 1700–1900 UTC.

All root servers are now serving a signed root zone.

All root servers will now generate larger responses to DNS queries that request DNSSEC information.

If you experience technical problems or need to contact technical project staff, please send e-mail to rootsign@icann.org or call the ICANN DNS NOC at +1 310 301 5817, e-mail preferred if possible.

See below for more details.

RESOURCES

Details of the project, including documentation published to date, can be found at http://www.root-dnssec.org/.

We’d like to hear from you. If you have feedback for us, please send it to rootsign@icann.org.

DEPLOYMENT STATUS

The incremental deployment of DNSSEC in the Root Zone is being carried out first by serving a Deliberately Unvalidatable Root Zone (DURZ), and subsequently by a conventionally signed root zone. Discussion of the approach can be found in the document “DNSSEC Deployment for the Root Zone”, as well as in the technical presentations delivered at RIPE, NANOG, IETF and ICANN meetings.

All of the thirteen root servers have now made the transition to the to the DURZ.  No harmful effects have been identified.

The final root server to make the transition, J-Root, started serving the DURZ in a maintenance window between 1700–1900 UTC on 2010-05-05.

Initial observations relating to this transition will be presented and discussed at the DNS Working Group meeting at the RIPE meeting in Prague on 2010-05-06.

PLANNED DEPLOYMENT SCHEDULE

Already completed:

  • 2010-01-27: L starts to serve DURZ
  • 2010-02-10: A starts to serve DURZ
  • 2010-03-03: M, I start to serve DURZ
  • 2010-03-24: D, K, E start to serve DURZ
  • 2010-04-14: B, H, C, G, F start to serve DURZ
  • 2010-05-05: J start to serve DURZ

To come:

  • 2010-07-01: Distribution of validatable, production, signed root zone; publication of root zone trust anchor

(Please note that this schedule is tentative and subject to change based on testing results or other unforeseen factors.)

11 Responses to “Status Update, 2010-05-05”

  1. Servidores de DNS passarão por manutenção [atualizado] - Google Discovery Says:

    […] o site Root DNSSEC, a atualização dos servidores ocorreu sem maiores […]

  2. DNSSEC迫在眉睫 | Solo Estoy Says:

    […] 从今天刚刚发布的这篇文章来看–《Status Update, 2010-05-05》,实施DNSSec的兄弟们已经做好了一个实现准备好的假根Zone — Deliberately Unvalidatable Root Zone (DURZ),然后接下来的时间内观察并研究DNSSec的流量,并决定是否进一步将其推向生产环境。 […]

  3. DNSSEC put in Internet root for better security | Web Traffic Siphon Says:

    […] Root DNSSEC » Blog Archive » Status Update, 2010-05-05 […]

  4. Tots els servidors arrel, amb DNSSEC | L’home dibuixat Says:

    […] Comentari (0) — Lectures: 08 maig 2010Des de dimecres, tots els servidors arrel del DNS ja donen suport a DNSSEC.Entrades relacionades:Un nou pas en l'adopció de DNSSEC (8 octubre 2009)DNSSEC als .com i .net […]

  5. 小隔間裡的人生 Says:

    DNS root server 全面升級 DNSSEC…

    某同事常常說我很扭曲,但是這社會讓我不得不扭曲啊~ 網路是很危險的,可能會有人進行 DNS cache poisoning 攻擊,也有可能像是先前提到過中國可能透過 DNS root server mirror site 傳回假的 DNS 資訊來進行 MITM attack;對付像這種假的 DNS response 的最佳解法就是導入 DNSSEC,而就在昨天 (2010/05/05),所有的 DNS root server 都已經換裝成功,再過一個多月,預計 2010/07/01 就會正式上路,s…

  6. DNSSEC: the internet’s International Criminal Court? | Domain hosting Says:

    […] Root DNSSEC » Blog Archive » Status Update, 2010-05-05 […]

  7. DNSSEC on all root servers – updated | IT Security, Hacking, Vulnerability alerts, IT Leadership and more Says:

    […] Root DNSSEC » Blog Archive » Status Update, 2010-05-05 […]

  8. DNSSEC on all root servers – updated | IT Security, Hacking, Vulnerability alerts, IT Leadership and more Says:

    […] Root DNSSEC » Blog Archive » Status Update, 2010-05-05 […]

  9. Emails from Facebook contained IP addresses | IT Security, Hacking, Vulnerability alerts, IT Leadership and more Says:

    […] Root DNSSEC » Blog Archive » Status Update, 2010-05-05 […]

  10. DNSSEC Enabled Root Hints and the impact on us - Romania Networking Team Blog - Home - TechNet Blogs Says:

    […] http://www.root-dnssec.org/2010/05/05/status-update/  DNSSEC was originally enabled on 2010.01.27 and has been systematically enabled on additional root […]

  11. KB202824 – Windows client and server operating system compatibility with DNSSEC enabled root servers Says:

    […] on Microsoft DNS Servers Per http://www.root-dnssec.org/2010/05/05/status-update/ (http://www.root-dnssec.org/2010/05/05/status-update/) DNSSEC was originally enabled on 2010.01.27 […]