DNSSEC key signing key rollover: Are you ready?

The October deadline for changing the root zone key signing key (KSK) for the Domain Name System Security Extensions (DNSSec) is fast approaching. Enterprises that operate their own recursive name servers and use DNSSec validation to protect their domains must make sure systems have been updated with the new signing keys or risk having users unable to access portions of the Internet.

The Internet Corporation for Assigned Names and Numbers (ICANN) will start using the new root zone key signing key generated late last year to sign domains starting Oct. 11. Internet service providers (ISP), enterprise network operators, hardware manufacturers, and application developers performing DNSSEC validation need to update their systems with the public part of the key pair by the deadline. If the systems aren’t updated with the new public key, when the old key is finally revoked in 2018, DNSSEC validations will fail and cause DNS to break.

To read this article in full or to leave a comment, please click here

Read more: DNSSEC key signing key rollover: Are you ready?

Story added 12. September 2017, content source with full text you can find at link above.