Upcoming changes to Root Zone Domain Name System Security Extensions
Internet Service Providers (ISP) Network Operators and stakeholders in the ICT industry are advised that the Internet Corporation for Assigned Names (ICANN) will change an important security configuration parameter related to domain name system (DNS), commonly called the root zone, on October 11, 2017.
ICANN manages and oversees the domain name registration process and the assigning of Internet Protocol (IP) addresses to ISPs worldwide. ICANN also manages the top most cryptographic key for the root zone signing key, or KSK. On October 11, 2017, ICANN will change this key, in a process called key rollover. This is the first time the security protocol called DNS – Security Extensions (DNSSEC) key will be changed since it was enabled in 2010.
Those ISPs and Network Operators that have deployed DNSSEC could be affected by the upcoming change. DNSSEC enables ISPs and Network Operators to protect their users from a form of malicious attack known as “cache poisoning,” that could redirect their users’ traffic to an incorrect website to, for example, steal passwords or financial information.
The root zone plays a critical role in how DNS converts domain names to internet addresses worldwide. Without the seamless DNS resolution process, the internet could not operate the way it does today.
ISPs and Network Operators that have deployed DNSSEC are therefore urged to confirm whether their infrastructure supports the ability to handle the rollover without manual intervention.