Los Angeles, California – For the first time ever, the Internet Corporation for Assigned Names and Numbers (ICANN) is about to change the cryptographic keys that help secure the Internet’s Domain Name System (DNS).
“It is critical that Internet Service Providers and network operators around the world make certain they are ready for this change as failure to do so can result in their users being unable to look up domain names and thus be unable to reach any site on the Internet” said David Conrad, ICANN’s Chief Technology Officer. Conrad added, “Network operators should ensure they have up-to-date software, have enabled DNSSEC, and verified that their systems can update their keys automatically or they have processes in place to manually update to the new key by 1600 UTC on 11 October 2017.”
The ICANN DNS Key Change
The changing, or “rolling” of the DNS key, is an important step in keeping the global DNS safe and secure. It is very much in line with commonly accepted operational practices that ensure that important security infrastructure can support changing password if the need were to ever arise.
“We’ve launched a testing platform so network operators can make certain that they are ready for the key roll well ahead of October 11,” said Conrad. That testing platform can be accessed at https://go.icann.org/KSKtest. Internet users should contact their ISP or network operators to make certain they are ready for the key change.
ICANN has been working with technical partners such as the Regional Internet Registries, Network Operations Groups, and domain name registries and registrars as well as others in the Internet ecosystem, such as the Internet Society and Internet trade associations, to make certain that those around the world who may be impacted by the key roll are aware of the pending change.
ICANN Chief Executive Officer Göran Marby has sent correspondence to more than 170 government officials including regulators and participants in ICANN’s Government Advisory Committee, asking that they make certain the network operators in their respective countries are aware and ready for the DNS key change.