Root zone DNSSEC KSK rollover event - 2018/10/11, 16:00 UTC
Ray Bellis
ray at isc.org
Fri Sep 28 09:37:41 UTC 2018
This is a reminder for users of BIND that the most critical phase of the
rollover of the root zone's DNSSEC KSK is scheduled to happen at 16:00
UTC on Thursday 11th October.
At this time the old key will be removed from the root zone leaving only
the new key (id 20326) in the zone. If your DNS servers don't know and
trust the new key at that point then DNSSEC validation errors will occur.
ISC has written two KB articles with information on how to check that
your BIND recursive DNS server is ready for the key roll.
The first is a short Operational Notification document which is ideal
for experienced BIND administrators with good familiarity with DNSSEC:
<https://kb.isc.org/docs/aa-01529>
The second is a much more detailed document with more DNSSEC background
material and an overview of the entire key roll process:
<https://kb.isc.org/docs/aa-01525>
Ray Bellis
ISC Research Fellow
More information about the bind-users
mailing list