Automated trust anchor update testbed is now live

Matt Larson matt.larson at icann.org
Mon Mar 20 17:48:14 UTC 2017


Dear colleagues,

As part of the project to roll the root zone KSK later this year on 11 October 2017, ICANN has released a testbed designed for operators of validating resolvers to test if their systems can support the automated trust anchor update protocol specified in RFC 5011, "Automated Updates of DNS Security (DNSSEC) Trust Anchors". You are invited to participate in the testbed if have any systems you'd like to test.

The test operates in real time and should not affect a resolver's normal operation. The testbed works by starting a KSK roll in a new zone each week. These test zones are not used for any other purpose. For example, the current zone name is 2017-03-19.automated-ksk-test.research.icann.org. Because this zone is used only for the testbed and contains no names any user would ever resolve, it is safe to configure these tests on a production validating resolver. The result of the test will be either higher assurance that the server is working correctly, or tangible information about how the server may be misconfigured.

A new zone begins a KSK roll each week, so you can join at any point. The entire test takes about 45 days, but the most important results are available about 30 days after the test begins.

For more information about the testbed, please see https://automated-ksk-test.research.icann.org.

Please remember that any systems performing DNSSEC validation will need to have the new KSK configured as a trust anchor by 11 October 2017. More information about the new KSK itself is available at https://www.iana.org/dnssec/files.

For more general information about the root KSK roll project, please see https://www.icann.org/kskroll.

Matt

--
Matt Larson
VP of Research, Office of the CTO, ICANN



More information about the root-dnssec-announce mailing list