As part of the global effort to improve the security of DNS, amongst other registries Nominet is implementing DNSSEC in the zones under their management.
DNSSEC prevents the interception of and tampering with DNS queries between nameservers, making the Internet safer.
As announced at the .uk registrar conference in November, the first phase of this programme is to add DNSSEC information to the top-level .uk domain. Nominet will implement this on Monday 1 March 2010, and the timetable is as follows:
1. One week before, on Monday 22 February 2010, we will lower the TTL (time-to-live) of entries in the uk zone from two days to three hours. We will keep it at that level for three weeks (until Monday March 15). This will help ensure a smooth transition.
2. On the go-live date (Monday 1 March 2010), Nominet will introduce DNSSEC information into five of the eleven UK nameservers (ns1.nic.uk, nsa.nic.uk, nsb.nic.uk, nsc.nic.uk, nsd.nic.uk). During the following week, Nominet will monitor the traffic on all their nameservers to look for any significant change in access patterns to ensure optimal performance. For the first week, from Monday 1 March to Monday 8 March, they will deliberately obscure the DNSSEC keys. Although DNSSEC information is present, it will not be possible to validate it.
3. On Monday 8 March 2010 the obscured keys will be replaced by real keys and DNSSEC rolled out to all .uk nameservers. With the signing of the root so close (scheduled for mid-2010), Nominet have taken the decision not to include the keys in the major DNSSEC key stores (the IANA interim trust anchor repository and the ISC DLV repository).
4. One week after the rollout to all UK nameservers (15 March 2010), Nominet will reset the TTLs of records in the .uk zone from three hours to two days.
For more information check out www.nominet.org.uk
- Follow us on :
