ICANN has published a detailed guide on what to expect when updating KSK in the root zone
ICANN is preparing for the first-ever change in cryptographic keys that serve as a protection for the Internet Domain Name System (DNS), and as a result, it published a guide describing what to expect in the process.
Link to the news text from ICANN .
Change of keys, a process known as the "Key Update for Key Signing (KSK)", is scheduled for October 1? 2018.
This new ICANN manual is intended for an audience with any level of technical knowledge. The information provided in it about what to expect is intended to help everyone prepare for the renewal of the key.
The manual is published as part of ICANN's ongoing work to raise awareness of the renewal of the key, it also provides a detailed description of the entire process.
Full text of the manual available here .
The greatest benefit of guidance for operators validating resolvers who want to get clear instructions on what to expect after the update key, as well as journalists without technical expertise, bloggers and others who plan to write an update key, before, during and after the event itself.
In addition, the document may be useful to researchers who will monitor the DNS for resolver failure after the key upgrade procedure is completed.
While ICANN has suggested that the effects of KSK change in the root zone for users will be minimal, it is expected that a small percentage of Internet users will experience difficulty in resolving the domain names that are not technical language means that they have problems with the destination online point achievement .
To date, a small number of recursive resolvers validating domain name system security extensions (DNSSEC) has an incorrect configuration, which may affect some users depending on these resolvers.
This document describes which users can have complexities and types of these complexities at different stages.
On whom the update will not be reflected:
On users who depend on the resolver with the latest KSK
On users who depend on resolver, which does not include DNSSEC validation
On whom the update will be reflected and how:
If a new KSK is not specified in the resolver trust anchor configuration, within 48 hours after the key update is completed, users will begin to receive messages about the impossibility of resolving the name (usually in the form of server failure or SERVFAIL errors).
NOTE: It is not possible to predict when the resolver operators that are affected by the update will notice that they have stopped validating.
The results of the analysis allow us to conclude that more than 99% of users whose resolvers perform validation will not suffer from the update of KSK.
Users who use at least one resolver, ready to upgrade, will not notice any changes in the use of DNS and the Internet, in principle, after the upgrade (the same can be said about the users, whose resolver is not included DNSSEC-validation. At the moment, it is assumed that approximately two-thirds of users use resolutions that do not include DNSSEC validation).
Finally, although the key update is now scheduled for October 1? 201? this date is still subject to ratification by the ICANN Board.
Information about everything that is associated with updating the key available here .
It may be interesting
This Post is providing valuable and unique information, I know that you take a time and effort to make a awesome article
beach wedding venues
Custom PVC Patches
There are specific dissertation web-sites by way of the web to produce safe apparently documented inside your website. <a href="https://houstonembroideryservice.com/custom-pvc-patches/">Custom PVC Patches</a>