On Aug 17, 2015, at 10:16 AM, Dan York y...@isoc.org wrote:
Looking at the weekly DNSSEC deployment maps [1] after coming back from
vacation, I noticed that I still have Kenya in the Announced state even
though they did add their DS record back into the root zone. (I had changed
it to
As you may know, Verisign, in its role as the Root Zone Maintainer
is also the operator of the root zone Zone Signing Key (ZSK). Later
this year, we will increase the size of the ZSK from 1024-bits to
2048-bits.
The root zone ZSK is normally rolled every calendar quarter, as per
our “DNSSEC
FYI, this work is now complete.
DW
> On Aug 30, 2016, at 2:32 PM, Wessels, Duane <dwess...@verisign.com> wrote:
>
> DNSSEC signatures in the Root and ARPA zones are currently given a validity
> period of 10 days. The validity period is being increased to 13 days, per
>
DNSSEC signatures in the Root and ARPA zones are currently given a validity
period of 10 days. The validity period is being increased to 13 days, per
the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003).
Note that we are not aware of any cases where the 10-day signature
note once that has happened. If you observe
any problems related to this change, please contact Verisign's customer service
at i...@verisign-grs.com.
Duane W.
> On Jul 28, 2016, at 3:37 PM, Wessels, Duane <dwess...@verisign.com> wrote:
>
> As you may know, Verisign, in its role a
.
> On Sep 29, 2016, at 11:15 AM, Wessels, Duane <dwess...@verisign.com> wrote:
>
> A quick update on this change: A 2048-bit ZSK has been pre-published in the
> root zone as of September 20. We are not aware of any issues related to the
> appearance of the larger key.
Hi Hugo,
I think your point is widely taken to be true. That is, stub resolvers won’t
be fully protected as long as they have one non-validating recursive configured.
Of course it depends on how different stubs are implemented and I doubt anyone
can say for sure that they know how all the