The Nigerian Communications Commission (NCC) has alerted network service providers on upcoming changes to an important security configuration parameter related to the root zone, which is scheduled to take place on 11th October, 2017.
The root zone key signing key (KSK) will be changed in a process called a key rollover, which is the first change since the DNSSEC was enabled in 2010. This change must be widely and carefully coordinated by network operators with the Internet Corporation of Assigned Names and Numbers (ICANN).
ICANN, an international organization, non-profit corporation, has responsibility for Internet protocol (IP) address space allocation, protocol Identifier assignment, generic (gTLD) and country code (ccTLD) Top-level Domain name system management, and root server system management functions.
ICANN has officially informed the NCC of the upcoming change. The telecom regulator has urged operators to meet the deadline for global compliance in an official statement released this week and signed by the commission’s Director, New Media and Information Security, Engr. Haru Al-Hassan.
Parts of the release states:
- Network Operators that have already enabled DNSSEC validation on their network must update their system with the new KSK in order to avoid disruption of users’ access to the Internet service from 11th October 2017
- Network Operators who have not yet enabled DNSSEC validation will not be affected by the ICANN KSK change and does not require any system update on their network as the ICANN KSK change will not affect their users’ access to the Internet service.
- The Network Operators who have not enabled DNSSEC validation and are intending to enable DNSSEC validation after ICANN KSK change on 11th October 2017 must obtain the new key from ICANN for DNSSEC validation implementation.
The ICANN’s testing platform to confirm Network Operators infrastructure’s support of the new KSK can be found at https://go.icann.org/KSKtest and any question can be directed to [email protected]