Verisign will soon begin the transition to DNSSEC algorithm 13 (ECDSA) for the
COM zone. Over the
next few days, algorithm 13 signatures will start to appear in the zone,
followed by the algorithm
13 DNSKEY records. We expect the DS record for the COM zone to change from
algorithm 8 to
Verisign will soon begin the transition to DNSSEC algorithm 13 (ECDSA) for the
NET zone. Over the next few days, algorithm 13 signatures will start to appear
in the zone, followed by the algorithm 13 DNSKEY records. We expect the DS
record for the NET zone to change from algorithm 8 to
Verisign and ICANN were originally planning to enable ZONEMD for
the root zone tomorrow, September 13th. During a deployment to the
operational testing environment, we discovered a minor issue. As
a result, we, in cooperation with ICANN, have decided to postpone
the production deployment of
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Verisign is pleased to announce that an algorithm 13 (ECDSA) DS record
has been published for the EDU zone, and the algorithm 8 record has
been removed. Over the next few days, the algorithm 8 DNSKEY records
will be removed from the EDU zone,
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
Verisign will soon begin the transition to DNSSEC algorithm 13 (ECDSA)
for the EDU zone. Over the next few days, algorithm 13 signatures will
start to appear in the zone, followed by the algorithm 13 DNSKEY records.
We expect the DS record for the
I am pleased to announce that Message Digests for DNS Zones, also known as
ZONEMD, will be added to the root zone later this year. This feature,
specified in RFC 8976, adds cryptographic data protections to the zone as a
whole, allowing the recipient to verify the authenticity of the zone’s
Hernan, I will contact you off-list.
DW
> On May 25, 2021, at 1:17 PM, Hernan Moguilevsky wrote:
>
> Caution: This email originated from outside the organization. Do not click
> links or open attachments unless you recognize the sender and know the
> content is safe.
>
> Hi,
>
> Can
> On Mar 7, 2020, at 7:31 AM, Anurag Bhatia wrote:
>
> Hello,
>
>
> Was wondering if there's anyone from Verisign managing the J root? Can you
> please contact me offlist.
> I am facing issue with consistent ICMP filtering on "rootns-lcy3" since last
> couple of weeks.
>
>
> Thanks
>
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
Verisign is in the process of increasing the size and strength of
the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that
it operates. As part of this process, the ZSK for the .COM zone will
be increased in size from 1024 to 1280
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
Verisign is in the process of increasing the size and strength of
the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that
it operates. As part of this process, the ZSK for the .ARPA zone
will be increased in size from 1024 to 2048
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA256
All,
Verisign is in the process of increasing the size and strength of
the DNSSEC Zone Signing Keys (ZSKs) for the top-level domains that
it operates. As part of this process, the ZSK for the .NET zone
will be increased in size from 1024 to 1280
> On Oct 1, 2016, at 11:29 AM, Mike <mike-na...@tiedyenetworks.com> wrote:
>
> On 10/01/2016 06:36 AM, Wessels, Duane wrote:
>> I'm pleased to announce that this change is now complete. As of 13:34 UTC
>> on October 1, 2016 the root zone has been signed and publis
.
> On Sep 29, 2016, at 11:15 AM, Wessels, Duane <dwess...@verisign.com> wrote:
>
> A quick update on this change: A 2048-bit ZSK has been pre-published in the
> root zone as of September 20. We are not aware of any issues related to the
> appearance of the larger key.
note once that has happened. If you observe
any problems related to this change, please contact Verisign's customer service
at i...@verisign-grs.com.
Duane W.
> On Jul 28, 2016, at 3:37 PM, Wessels, Duane <dwess...@verisign.com> wrote:
>
> As you may know, Verisign, in its role a
FYI, this work is now complete.
DW
> On Aug 30, 2016, at 2:32 PM, Wessels, Duane <dwess...@verisign.com> wrote:
>
> DNSSEC signatures in the Root and ARPA zones are currently given a validity
> period of 10 days. The validity period is being increased to 13 days, per
>
DNSSEC signatures in the Root and ARPA zones are currently given a validity
period of 10 days. The validity period is being increased to 13 days, per
the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003).
Note that we are not aware of any cases where the 10-day signature
As you may know, Verisign, in its role as the Root Zone Maintainer
is also the operator of the root zone Zone Signing Key (ZSK). Later
this year, we will increase the size of the ZSK from 1024-bits to
2048-bits.
The root zone ZSK is normally rolled every calendar quarter, as per
our “DNSSEC
[with apologies to those who see this on multiple lists]
Call for Presentations
As announced at the close of NANOG67, the DNS-OARC 25th Workshop will take
place in Dallas, Texas during October 15th and 16th 2016, the Saturday and
Sunday before NANOG68. To attract the best DNS minds, DNS-OARC is
Greetings,
For our upcoming meeting in Chicago I'm looking for folks willing to give brief
presentations during a proposed DNS Track. Possible topics include:
- Operational experiences
- New & interesting software features
- Protocol advancements
- Research results
- Performance & compliance
The 24th DNS-OARC Workshop will take place in Buenos Aires, Argentina between
March 31st and April 1st 2016, Thursday and Friday before IETF95. This will be
the first time DNS-OARC is held in the Southern Hemisphere. To attract the best
DNS minds and local audience, DNS-OARC is requesting
DNSSEC signatures in the Root and ARPA zones were initially given a validity
period of 7 days. The validity period is being increased to 10 days.
Both the Root and ARPA zones publish their NS RRsets with a TTL of 6 days.
A signature validity period of 7 days means that a root server instance
Dear DNS Community,
I will be moderating a DNS Track at the NANOG 63 meeting in San Antonio,
TX. If you have interesting and timely DNS-related material to share with
operators and researchers please reply to me with a brief abstract or
description. I'm expecting we'll have about 90 minutes and
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Please note that as of today, the .gov zone's transition from
algorithm 7 to 8 is now complete.
Duane W.
-BEGIN PGP SIGNATURE-
Version: GnuPG v2.0.19 (Darwin)
Comment: GPGTools - http://gpgtools.org
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
This notice is a reminder that an algorithm roll for the .gov zone
will take place in the upcoming weeks. The .gov zone is currently
signed with algorithm 7 (RSASHA1-NSEC3-SHA1) and will be changed
to use algorithm 8 (RSA/SHA-256). The schedule for
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
On the morning of August 14, a relatively small number of networks
may have experienced an operational disruption related to the signing
of the .gov zone. In preparation for a previously announced algorithm
rollover, a software defect resulted in
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
An algorithm roll for the .gov zone will occur at the end of August, 2013.
This notice is provided
as a courtesy to the DNSSEC community. No action should be required on your
part.
The .gov zone is currently signed with algorithm 7
Within Verisign Labs we have a project underway to quantify the number of
DNSSEC-validating resolvers in use on the Internet. In particular, we
want to identify recursive name servers which have configured the root
zone trust anchor. We find this data a useful metric for DNSSEC adoption
and
Greetings,
The DNS Track takes place at NANOG 54 on Tuesday from 4:30 to 6:00. This is a
very informal (BOF-like) gathering for folks interested in DNS topics. If you
have material to present or suggested topics for discussion, I'd welcome your
contribution.
Duane W.
The brief problem in accessing www.nanog.org was due to numerous parallel
downloads of a large video file by a single source IP address. We have
no reason to believe it was malicious in intent, but the offender has been
blocked anyway.
Anyone from AS37986 around?
Duane W.
On Sep 30, 2011, at 7:28 PM, Martin Hannigan wrote:
Nice transparency.
Thanks.
Would it be possible to see a balance sheet as a standard going forward? This
is good. I'm more interested in a dashboard like report such as a balance
sheet than this board minutia. Not a complaint,
On May 3, 2011, at 7:54 AM, William Herrin wrote:
On Tue, May 3, 2011 at 10:23 AM, David Conrad d...@virtualized.org wrote:
This probably isn't the right venue for this discussion.
Hi David,
I'm going to go with Mark's answer: nameservers that don't set TC
[truncated bit] when they
31 matches
Mail list logo