[ksk-rollover] Current status of KSK-RollOver?

Rene 'Renne' Bartsch, B.Sc. Informatics ml at bartschnet.de
Tue Aug 28 08:27:44 UTC 2018

Am 23.08.18 um 15:44 schrieb Matt Larson:
> We kicked off this survey last Tuesday (21 August), when we sent ~4000 email messages to the contacts listed in the RIR databases for 2552 ASNs. These networks represent traffic from DNSSEC-aware recursive resolvers that serve 99.5% of the end-user device IPs in APNIC's Google Ad-based data set. (Thanks to Geoff Huston at APNIC for his help here!). Our threshold for backing out of the KSK rollover is a negative impact affecting 0.5% of Internet users, hence our messages to networks responsible for serving 99.5%. This seemed as good of a place as any to make the cutoff decision for whom to survey. The emails we sent serve both as a notification of the rollover and a request to take a survey to assess readiness for the rollover. The survey will run for two weeks, completing just in time to provide the results to the Board to aid in their decision-making process about proceeding with the rollover.

I suggest a cooperation with big anycast DNS resolver operators like Cloudflare DNS, Google Public DNS, Quad9, etc. to publish their resolver IPs in the news as a fallback for end-users in case their ISP messes up DNSSEC. Additionally I suggest to ask router vendors to publish model-specific step-by-step guides how to change the resolver IPs. As internet will fail in such cases the guides should be printable (e.g. PDF-A). ;-)


More information about the ksk-rollover mailing list