US-CERT - DNSSEC Key Signing Key Rollover

Original release date: September 27, 2018

On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions (DNSSEC) protocol.

DNSSEC is a set of protocol extensions used to digitally sign DNS information, an important part of preventing domain name hijacking. Updating DNSSEC KSK is a crucial security step in ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Organizations that do not use DNSSEC validation will be unaffected by the rollover.

NCCIC encourages administrators to update their DNSSEC KSK before October 11, 2018. See the NIST/NTIA Roll Ready site and the ICANN Root Zone KSK Rollover resources page for more information.


This product is provided subject to this Notification and this Privacy & Use policy.




from US-CERT: The United States Computer Emergency Readiness Team https://www.us-cert.gov/ncas/current-activity/2018/09/27/DNSSEC-Key-Signing-Key-Rollover

Comments

Popular posts from this blog

Krebs - NY Charges First American Financial for Massive Data Leak

KnowBe4 - Scam Of The Week: "When Users Add Their Names to a Wall of Shame"