DNSSEC Deployment in ARPA Children

Joe Abley joe.abley at icann.org
Wed Apr 28 08:29:37 CDT 2010


Colleagues,

ICANN plans to begin a test deployment of DNSSEC in various zones starting on 2010-04-29:

  IN-ADDR-SERVERS.ARPA
  IP6.ARPA
  IP6-SERVERS.ARPA
  IRIS.ARPA
  URI.ARPA
  URN.ARPA

These zones will be signed using RSASHA256 and NSEC with 2048-bit KSKs and 1024-bit ZSKs.

Given DNSSEC deployment experience to date, ICANN does not expect the signing of these zones to cause any operational problems. However, should you have any concerns please feel free to contact us at ticket at dns.icann.org or phone +1 310 301 5810 (e-mail/ticket preferred).

At the end of the test period, given no observed or reported harmful effects, ICANN will arrange for trust anchors for these zones to be included in ARPA as DS RRSets and will invite the five RIRs to submit DS RRSet add/delete requests in IP6.ARPA when they are ready. We anticipate the testing period to last at least two weeks.

Regards,


Joe Abley
Director DNS Operations, ICANN



More information about the NANOG mailing list