DNSSEC Key Signing Key Rollover

["US-CERT" <US-CERT () ncas us-cert gov>]

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



DNSSEC Key Signing Key Rollover [ 
https://www.us-cert.gov/ncas/current-activity/2018/09/27/DNSSEC-Key-Signing-Key-Rollover ] 09/27/2018 07:52 PM EDT 
Original release date: September 27, 2018

On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key 
Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions (DNSSEC) protocol.

DNSSEC is a set of protocol extensions used to digitally sign DNS information, an important part of preventing domain 
name hijacking. Updating DNSSEC KSK is a crucial security step in ensuring DNSSEC-validating DNS resolvers continue to 
function after the rollover. While DNSSEC validation is mandatory for federal agencies [ 
https://rollready.dnsops.gov/FISMA-dnssec.html ], it is not required of the private sector. Organizations that do not 
use DNSSEC validation will be unaffected by the rollover.

NCCIC encourages administrators to update their DNSSEC KSK before October 11, 2018. See the NIST/NTIA Roll Ready site [ 
https://rollready.dnsops.gov/ ] and the ICANN Root Zone KSK Rollover resources page [ 
https://www.icann.org/resources/pages/ksk-rollover ] for more information.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

body { font-size: 1em; font-family: Arial, Verdana, sans-serif; font-weight: normal; font-style: normal; color: 
#333333; } ________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]