[126019] in North American Network Operators' Group
DNSSEC Deployment in ARPA Children
daemon@ATHENA.MIT.EDU (Joe Abley)
Wed Apr 28 09:30:11 2010
From: Joe Abley <joe.abley@icann.org>
To: NANOG list <nanog@nanog.org>
Date: Wed, 28 Apr 2010 06:29:37 -0700
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Colleagues,
ICANN plans to begin a test deployment of DNSSEC in various zones starting =
on 2010-04-29:
IN-ADDR-SERVERS.ARPA
IP6.ARPA
IP6-SERVERS.ARPA
IRIS.ARPA
URI.ARPA
URN.ARPA
These zones will be signed using RSASHA256 and NSEC with 2048-bit KSKs and =
1024-bit ZSKs.
Given DNSSEC deployment experience to date, ICANN does not expect the signi=
ng of these zones to cause any operational problems. However, should you ha=
ve any concerns please feel free to contact us at ticket@dns.icann.org or p=
hone +1 310 301 5810 (e-mail/ticket preferred).
At the end of the test period, given no observed or reported harmful effect=
s, ICANN will arrange for trust anchors for these zones to be included in A=
RPA as DS RRSets and will invite the five RIRs to submit DS RRSet add/delet=
e requests in IP6.ARPA when they are ready. We anticipate the testing perio=
d to last at least two weeks.
Regards,
Joe Abley
Director DNS Operations, ICANN=
