[126082] in North American Network Operators' Group
Re: DNSSEC Deployment in ARPA Children
daemon@ATHENA.MIT.EDU (Dave Knight)
Thu Apr 29 19:10:12 2010
From: Dave Knight <dave@knig.ht>
In-Reply-To: <00798CDC-AC6C-4E59-AB7D-D698250126BA@icann.org>
Date: Thu, 29 Apr 2010 19:09:27 -0400
To: NANOG list <nanog@nanog.org>
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
On 2010-04-28, at 9:29 AM, Joe Abley wrote:
> Colleagues,
>=20
> ICANN plans to begin a test deployment of DNSSEC in various zones =
starting on 2010-04-29:
>=20
> IN-ADDR-SERVERS.ARPA
> IP6.ARPA
> IP6-SERVERS.ARPA
> IRIS.ARPA
> URI.ARPA
> URN.ARPA
>=20
> These zones will be signed using RSASHA256 and NSEC with 2048-bit KSKs =
and 1024-bit ZSKs.
The maintenance is complete, all of the zones are now DNSSEC signed.
We expect to include trust anchors for these zones following a testing =
period of around two weeks, given no observed or reported harmful =
effects.
If you observe any issues, or have any concerns please let us know at =
<ticket@dns.icann.org>.
Kind regards,
Dave Knight
Senior DNS Engineer, ICANN=
