You are here

DNSSEC Key Signing Key Rollover

DNSSEC Key Signing Key Rollover

Created: Tuesday, October 2, 2018 - 16:27
Categories:
Cybersecurity

On October 11, 2018, the Internet Corporation for Assigned Names and Numbers (ICANN) will be changing the Root Zone Key Signing Key (KSK) used in the Domain Name System (DNS) Security Extensions (DNSSEC) protocol. DNSSEC is a set of protocol extensions used to digitally sign DNS information, an important part of preventing domain name hijacking. Updating DNSSEC KSK is a crucial security step in ensuring DNSSEC-validating DNS resolvers continue to function after the rollover. While DNSSEC validation is mandatory for federal agencies, it is not required of the private sector. Organizations that do not use DNSSEC validation will be unaffected by the rollover. NCCIC encourages administrators to update their DNSSEC KSK before October 11, 2018. See the National Institute of Standards and Technology/National Telecommunications and Information Administration Roll Ready site and the ICANN Root Zone KSK Rollover resources page for more information. NCCIC/US-CERT.