Presentation is loading. Please wait.

Presentation is loading. Please wait.

DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75

Published byศรีศักดิ์ บุตโต Modified over 5 years ago

Similar presentations

Presentation on theme: "DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75"— Presentation transcript:

1 DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75
21 February 2019

2 What is DNSSEC? DNSSEC = “DNS Security Extensions”
DNSSEC is a protocol that is currently being deployed to secure the Domain Name System (DNS) DNSSEC adds security to the DNS by incorporating public key cryptography into the DNS hierarchy, resulting in a single, open, global Public Key Infrastructure (PKI) for domain names Result of over a decade of community based, open standards development Implemented in the root zone in 2010

3 State of DNSSEC Deployment at MEDNSF 2019
Over 90% of top-level domains are signed with DNSSEC 1532 TLDs in the root, 1398 are signed (reduction of 11 since MEDNSF 2018) 1386 TLDs have trust anchors published About 50% of ccTLDs are signed Recent adoption in Mauritania’s IDN ccTLD on 30 Jan 2019 & .DZ on 5 Feb 2019

4 State of DNSSEC Deployment as of 20 Feb 2019

5 State of DNSSEC Deployment (source: ISOC Deploy360)

6 State of DNSSEC Deployment (source: ISOC Deploy360)

7 KSK Rollover

8 KSK Rollover Project Goal: Replace the key (KSK) used to sign the DNS root zone's DNSSEC key set since 2010 without disruption Passed many milestones, a few more to go Next up: removing the revocation record for the out-going KSK on 22 March 2019

9 Plans Made; Key Created
Where It Is 2015 2016 2017 2018 2019 Design Team Plans Made; Key Created Publicize; The "Pause" Publicize; Change Key Revoke; Clean Up A key rollover can be done more quickly, but "going fast" has never been the goal

10 Audience Actions Have you done nothing so far and have seen no problems? Continue what you are doing! Have you been relying on Automated Updates (RFC 5011)? Are you manually managing the configuration of DNSSEC trust anchors? Remove the old key (2010) from trust anchors.

11 For More Information 1 2 3 4 Visit https://icann.org/kskroll
Join the conversation online Use the hashtag #KeyRoll Sign up to the mailing list Ask a question to Subject line: “KSK Rollover” Attend an event Visit to find upcoming KSK rollover presentations in your region 2 3 4

12 Engage with ICANN – Thank You and Questions

Download ppt "DNSSEC & KSK Rollover Patrick Jones Middle East DNS Forum & APTLD 75"

Similar presentations

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.

ICANN Plan for Enhancing Internet Security, Stability and Resiliency.
© 2006-2012 NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.

© NLnet Labs, Licensed under a Creative Commons Attribution 3.0 Unported License.Creative Commons Attribution 3.0 Unported License DNSSEC ROLLING.
Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.

Deploying DNSSEC in Windows Server 2012 David Cates Platform Services Group Microsoft Corporation.
IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.

IANA Status Update ARIN XXVI meeting, Atlanta Barbara Roseman October 2010.
IANA Update APNIC 31, Hong Kong February 2011. Agenda 2 Addressing DNSSEC Root management Continuity Exercise Business Excellence.

IANA Update APNIC 31, Hong Kong February Agenda 2 Addressing DNSSEC Root management Continuity Exercise Business Excellence.
IANA Activities Update Jean-Jacques Sahel | RIPE 70 Amsterdam| 15 May 2015.

IANA Activities Update Jean-Jacques Sahel | RIPE 70 Amsterdam| 15 May 2015.
Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.

Domain Name System | DNSSEC. 2  Internet Protocol address uniquely identifies laptops or phones or other devices  The Domain Name System matches IP.
IANA Activities Update RIPE 68 Warsaw, Poland May 2014.

IANA Activities Update RIPE 68 Warsaw, Poland May 2014.
DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson

DNSEXT-63 Next steps in Trust Anchor Management for DNSSEC Ólafur Guðmundsson
Supporting a Healthy, Stable, Resilient Internet.

Supporting a Healthy, Stable, Resilient Internet.
CcNSO Finance Working Group: Survey on ICANN Contributions and Services Byron Holland March 11, 2012 1.

CcNSO Finance Working Group: Survey on ICANN Contributions and Services Byron Holland March 11,
IANA Department Activities, RIPE 66, Dublin, Ireland May 2013 Elise Gerich.

IANA Department Activities, RIPE 66, Dublin, Ireland May 2013 Elise Gerich.
IANA Activities Update Naela Sarras | ARIN 35 San Francisco | 14 April 2015.

IANA Activities Update Naela Sarras | ARIN 35 San Francisco | 14 April 2015.
APTLD Update: January 2006 Lim Choon Sai For APTLD Singapore July 2006.

APTLD Update: January 2006 Lim Choon Sai For APTLD Singapore July 2006.
© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested

© 2015 ISC November 2013 Sunset for the DLV?. © 2015 ISC Background (c) Interested
JIG (Joint ccNSO-GNSO IDN Group) Update APTLD | New Delhi Feb 23, 2012.

JIG (Joint ccNSO-GNSO IDN Group) Update APTLD | New Delhi Feb 23, 2012.
Update for AP* Retreat Save Vocea Manager Regional Relations – Australasia/Pacific Islands Kuala Lumpur, 28 Feb 2010.

Update for AP* Retreat Save Vocea Manager Regional Relations – Australasia/Pacific Islands Kuala Lumpur, 28 Feb 2010.
Internet Corporation for Assigned Names & Numbers Update on ITAR Elise Gerich Vice President, IANA.

Internet Corporation for Assigned Names & Numbers Update on ITAR Elise Gerich Vice President, IANA.
Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015

Root Zone KSK: The Road Ahead Edward Lewis | DNS-OARC & RIPE DNSWG | May 2015
IANA Activities Update, ARIN 31, Bridgetown, BB April 2013 Selina Harrington.

IANA Activities Update, ARIN 31, Bridgetown, BB April 2013 Selina Harrington.

Similar presentations

Ads by Google