Thursday, 28 September 2017 13:22

DNS key change delayed

By

A scheduled cryptographic key change for DNSSEC has been delayed, partly because of a software issue.

ICANN had scheduled its first-ever DNSSEC zone signing key (ZSK) change for 11 October, but that event has been postponed.

The original ZSK was generated in 2010, but that 1024-bit key is now the weak link in the signing chain. The top-level key signing key (KSK) is already 2048-bit, and the ZSK is being brought up to the same standard.

The longer key increases the size of responses from domain name servers, so careful testing was required to make sure DNS software could cope. DNS is central to the operation of the Internet, as it is the component that links human-readable domains such as itwire.com to the IP address of the relevant server.

But ICANN has determined that "a significant number of resolvers used by Internet service providers and network operators are not yet ready for the key rollover".

In particular, one widely used resolver is not accepting automatic key updates, but other issues include improperly configured software.

"The security, stability and resiliency of the domain name system is our core mission. We would rather proceed cautiously and reasonably, than continue with the roll on the announced date of 11 October," said ICANN chief executive Göran Marby.

"It would be irresponsible to proceed with the roll after we have identified these new issues that could adversely affect a significant number of end users."

ICANN believes that number could be as high as 750 million, a quarter of the Internet community. Not all users are affected, because not all DNSes use DNSSEC.

The key roll has been tentatively rescheduled for 1Q18, but the new date will be announced "as appropriate".

Marby added: "It's our hope that network operators will use this additional time period to be certain that their systems are ready for the key roll."

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Stephen Withers

joomla visitors

Stephen Withers is one of Australia¹s most experienced IT journalists, having begun his career in the days of 8-bit 'microcomputers'. He covers the gamut from gadgets to enterprise systems. In previous lives he has been an academic, a systems programmer, an IT support manager, and an online services manager. Stephen holds an honours degree in Management Sciences and a PhD in Industrial and Business Studies.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments