[177324] in North American Network Operators' Group
Root and ARPA DNSSEC operational message - signature validity period
daemon@ATHENA.MIT.EDU (Wessels, Duane)
Mon Jan 12 12:43:24 2015
X-Original-To: nanog@nanog.org
From: "Wessels, Duane" <dwessels@verisign.com>
To: "nanog@nanog.org" <nanog@nanog.org>
Date: Mon, 12 Jan 2015 17:43:12 +0000
Errors-To: nanog-bounces@nanog.org
--Apple-Mail=_301FEAD9-FEA9-4903-9388-034DDFF82FFE
Content-Transfer-Encoding: 7bit
Content-Type: text/plain;
charset=us-ascii
DNSSEC signatures in the Root and ARPA zones were initially given a validity
period of 7 days. The validity period is being increased to 10 days.
Both the Root and ARPA zones publish their NS RRsets with a TTL of 6 days.
A signature validity period of 7 days means that a root server instance
that is not updated within 24 hours may return NS RRset responses whose
TTL exceeds the signature validity. This could cause problems for validating
recursive name servers that forward queries through non-validators. A
longer signature validity provides a longer buffer in the distribution of
these zones.
Note that we are not aware of any cases where the 7 day signature validity
period has caused problems for DNSSEC validators. This is a precautionary
measure.
As of today, the zones now have the increased validity period. Please
feel free to contact us with concerns or questions.
--Apple-Mail=_301FEAD9-FEA9-4903-9388-034DDFF82FFE
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="signature.asc"
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: Message signed with OpenPGP using GPGMail
-----BEGIN PGP SIGNATURE-----
Comment: GPGTools - http://gpgtools.org
iQEcBAEBAgAGBQJUtAfTAAoJEGyZpGmowJiNS1cH/3V/qI1T7069tqIXkT2qvctJ
ggzPRbKe4tRw5m7xc+/F79WROOQ1XMxBGuLUxlcyV9sNsiqgU/6kFL+TZh924/Ti
NAxR7aDPHbddbvZDi8jru38oKtJu2rARnroPrP+gDkPdUfvwjWvxB1zg7WLOl97h
octhx4OOB+VLsLAFq3vHH2jlQfH8LtopAAth9c7W1rOHOWEbpi8IKozTrJ4HYi8F
s9UqxqLrs4D8gMlmgsgFQ6j3/9GnOj/Rj2T5PcnyEXoSDevx/y8zxMSyV2SpBpV/
4hqfnYTqWH9psl4QfcgPHe02050L4bBPM2sXBl/eLC/R75Rnm6hkzAncEK04W4A=
=mJEP
-----END PGP SIGNATURE-----
--Apple-Mail=_301FEAD9-FEA9-4903-9388-034DDFF82FFE--
