ICANN’s internet DNS security upgrade apparently goes off without a glitch

So far, so good. That’s the report from Internet Corporation for Assigned Names and Numbers (ICANN) as it rolled out the first-ever changing of the cryptographic key that helps protect the internet’s address book – the Domain Name System (DNS) on Oct. 11.

The change is central to ICANN’s project to upgrade the top pair of cryptographic keys used in the Domain Name System Security Extensions (DNSSEC) protocol — commonly known as the root zone key signing key (KSK) — which secures the internet’s foundational servers. This so-called root KSK rollover from the 2010 KSK to the 2017 KSK was supposed to take place almost a year ago but was delayed until Oct. 11 of this year because of concerns it might disrupt internet connectivity to significant numbers of web users.

But so far, that hasn’t happened.

ICANN wrote: “The root KSK rollover has occurred: the new root zone signed by new KSK (known as KSK-2017) has been published to the root servers. The root KSK rollover occurred at 1600 UTC [noon EST] today, 11 October, with the publication of the root zone with serial number 2018101100. Please see the main rollover page for further information on the rollover.”

Later it followed up with, “In the first six hours after the rollover, there were a few reports of problems that were mostly fixed quickly.”

Status of the rollover can be followed here.