DNSSEC Key Signing Key Rollover Postponed

["US-CERT" <US-CERT () ncas us-cert gov>]

U.S. Department of Homeland Security US-CERT

National Cyber Awareness System:



DNSSEC Key Signing Key Rollover Postponed [ 
https://www.us-cert.gov/ncas/current-activity/2017/09/29/DNSSEC-Key-Signing-Key-Rollover-Postponed ] 09/29/2017 12:29 
PM EDT 
Original release date: September 29, 2017

The Internet Corporation for Assigned Names and Numbers (ICANN) has announced that the change to the Root Zone Key 
Signing Key (KSK) scheduled for October 11, 2017, has been postponed. A new date for the Key Roll has not yet been 
determined.

DNSSEC is a set of DNS protocol extensions used to digitally sign DNS information, which is an important part of 
preventing domain name hijacking. Updating the DNSSEC KSK is a crucial security step, similar to updating a PKI Root 
Certificate. Maintaining an up-to-date Root KSK as a trust anchor is essential to ensuring DNSSEC-validating DNS 
resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not 
required of the private sector. Systems of organizations that do not use DNSSEC validation will be unaffected by the 
rollover.

Users and administrators are encouraged to review ICAAN announcement KSK Rollover Postponed [ 
https://www.icann.org/news/announcement-2017-09-27-en ] and the US-CERT Current Activity on DNSSEC Key Signing Key 
Rollover [ https://www.us-cert.gov/ncas/current-activity/2017/08/21/DNSSEC-Key-Signing-Key-Rollover-0 ] for more 
information.

US-CERT will provide additional information as it becomes available.

________________________________________________________________________

This product is provided subject to this Notification [ http://www.us-cert.gov/privacy/notification ] and this Privacy 
& Use [ http://www.us-cert.gov/privacy/ ] policy.

________________________________________________________________________

A copy of this publication is available at www.us-cert.gov [ https://www.us-cert.gov ]. If you need help or have 
questions, please send an email to info () us-cert gov. Do not reply to this message since this email was sent from a 
notification-only address that is not monitored. To ensure you receive future US-CERT products, please add US-CERT () 
ncas us-cert gov to your address book. 

OTHER RESOURCES: Contact Us [ http://www.us-cert.gov/contact-us/ ] | Security Publications [ 
http://www.us-cert.gov/security-publications ] | Alerts and Tips [ http://www.us-cert.gov/ncas ] | Related Resources [ 
http://www.us-cert.gov/related-resources ]  

STAY CONNECTED: Sign up for email updates [ http://public.govdelivery.com/accounts/USDHSUSCERT/subscriber/new ]