Discover Network Security News
DNSSEC on all root servers - updated
There have been no reports of any problems in the immediate aftermath of VeriSign's J root server starting to serve DNSSEC signatures. Experts at the 60th RIPE meeting in Prague were almost unanimous in predicting a glitch-free switchover, following the successful switchovers of the other 12 root servers in recent months. The only apocalyptic note was sounded by a countdown to the demise of the unsigned root zone.
Yesterday's changeover does mean the .root zone is now dead. VeriSign, which operated the master server for the root zone, has for several years used a single entry under .root, that served the purpose of checking that the bulky root zone had been transferred. According to Jaap Akkerhuis, a DNS expert at nl.netLabs, the creation of the .root entry was prompted by a complete outage of the .com zone following a data transfer error. Rigid DNSSEC procedures render this trick for root servers operated by VeriSign and the Internet Corporation for Assigned Names and Numbers (ICANN) obsolete.
The link for this article located at H Security is no longer available.