o (Root Zone), 11 2017.

ICANN (DNS). ICANN DNSSEC, KSK. 11 2017, ICANN DNSSEC 2010.

(ISPs) (DNSSEC) KSK. KSK, Internet 11 2017.

:
https://www.icann.org/resources/pages/ksk-rollover


[email protected] : KSK

ICANN

An upcoming change to an important security configuration parameter related to the root zone, is scheduled to take place on 11 October 2017.

The root zone is digitally signed using a security protocol called DNS Security Extensions (DNSSEC), which adds a layer of trust on top of the DNS by providing a way to authenticate DNS data. DNSSEC enables network operators to protect their users from a form of malicious attack known as cache poisoning, that could redirect their users traffic to an incorrect website to, for example, steal passwords or financial information. DNSSEC deployment is optional and not all network operators have enabled it, but operators who have deployed it could be affected by the upcoming change.

The DNS is organized in a hierarchy and ICANN manages changes to the top-most level of the DNS. ICANN also manages the top-most cryptographic key in the DNSSEC protocol, known as the root zone key signing key, or KSK. On 11 October 2017, ICANN will change this key, in a process called a key rollover. This is the first time the key will be changed since DNSSEC was enabled in 2010.

This change must be widely and carefully coordinated with network operators that have enabled DNSSEC to ensure that the rollover does not interfere with normal operations.

It is important that Internet service providers or network operators that has enabled DNSSEC validation updates their systems with the new KSK. If an operator fails to update systems with the new KSK, end users could encounter errors when looking up any domain name and thus, be unable to access the Internet on 11 October 2017.

:

ADSLgr.com