Colleagues, the lame delegation draft -- http://www.ripe.net/ripe/
draft-documents/dns-lameness.html -- that was produced by the WG has
completed an uneventful Last Call. So this means we have consensus
and the draft now goes forward as a RIPE document. [Silence implies
consent.:-)] The WG co-chairs thank everyone who contributed to this
document. Special thanks are due to Brett Carr who did most of the
heavy lifting to produce the document.
The NCC is now starting on implementation. Brett's team are
documenting the software requirements and hope to have a limited demo
available for RIPE54.
Colleagues, the lame delegation draft -- http://www.ripe.net/ripe/
draft-documents/dns-lameness.html -- that was produced by the WG has
completed an uneventful Last Call. So this means we have consensus
and the draft now goes forward as a RIPE document. The WG co-chairs
thank everyone who contributed to this document. Special thanks are
due to Brett Carr who did most of the heavy lifting to produce the
document.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
New key signing key (KSK) for .SE
As from 2007-01-04 .SE publish and take into use a new KSK for
signing the .SE zone file. The old key will be valid until
2008-01-01. If you have configured the old key (Key id = 17686) into
your resolver we strongly recommend you to replace it with the new
key (Key id = 6166) no later than 2007-12-31.
Following public keys are valid for .SE:
se. IN DNSKEY 257 3 5 (
AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1Z
aARmPhEZZe3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUpt
wgjGwhUS1558Hb4JKUbbOTcM8pwXlj0EiX3oDFVmjHO4
44gLkBOUKUf/mC7HvfwYH/Be22GnClrinKJp1Og4ywzO
9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt8lgny
TUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KM
EGd/buvF4qJCyduieHukuY3H4XMAcR+xia2nIUPvm/oy
WR8BW/hWdzOvnSCThlHf3xiYleDbt/o1OTQ09A0=
) ; key id = 17686
se. IN DNSKEY 257 3 5 (
AwEAAb6xRZHEf+PyF5dxEvz0BHEHbziu6iZaiNW/yjSa
ZcmrmZiRMF8FPppD+XuKSau0rgu4eBwYdpkEoMVR4FhI
8frkuPHIue2LP1ETo+2hCrdr60K1538yLvzbOhMxXt6k
njPN+OlalMmCknadaofKga5FLKOPQs2C3nw6AH4WUNGr
chmDMVBwRwfZdQXYZTXesqULmGMK7mwjQGOxerRDQWrF
v8NhNnVV31PihaYBdQ1TJjvfGS/FYZJwv/BddiELiLeU
nNWu3AOsRAshgOcDBOAPUvKJNEq6RHELFmvXOOe2d8H2
yzv02EMQik6GwUm16DrSdmX+SWfelQs+9ELFN6k=
) ; key id = 6166
The keys are also available at http://dnssec.iis.se/key.html
DNS users that haven't earlier but are going to configure their DNS
to ask for DNSSEC answers should only use the new key.
DNS users that haven't explicitly configured their DNS to ask for
DNSSEC answers this will not involve any changes at all.
We do also advice you to subscribe to the
dnssec-announce(a)lists.nic.se mailing list to get notified about key
rollovers and any other important changes.
Questions may be addressed to dnssec-info(a)iis.se.
Anne-Marie Eklund Löwinder
Quality & Security Manager
.SE (The Internet Infrastructure Foundation)
P O Box 7399
103 91 Stockholm
Sweden
Tel: +46 8 452 35 00, direct: +46 8 452 35 17, mobile: +46 734 315
310
E-mail: anne-marie.eklund-lowinder(a)iis.se
Web: www.iis.se
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRZ4rBqXc8AFCsc+UEQKMfgCeIFq1xZiK0XJLa5QEyiPZ1qtW1coAnAvy
q0tq5ATA3Ldlfa0DoChKUEGJ
=LgnA
-----END PGP SIGNATURE-----
I think that this may interest some folks on this list.
--
Brett Carr RIPE Network Coordination Centre
Manager -- DNS Services Group Singel 258 Amsterdam NL
GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
---------- Forwarded message ----------
Date: Thu, 4 Jan 2007 12:26:25 +0100
From: "[iso-8859-1] Anne-Marie Eklund-Löwinder"
<Anne-Marie.Eklund-Lowinder(a)iis.se>
To: DNSSEC deployment <dnssec-deployment(a)shinkuro.com>
Subject: [dnssec-deployment] New KSK for .SE
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
New key signing key (KSK) for .SE
As from today, 2007-01-04 .SE publish and take into use a new KSK for
signing the .SE zone file. The old key will be valid until
2008-01-01. If you have configured the old key (Key id = 17686) into
your resolver we strongly recommend you to replace it with the new
key (Key id = 6166) no later than 2007-12-31.
Following public keys are valid for .SE:
se. IN DNSKEY 257 3 5 (
AwEAAaxPMcR2x0HbQV4WeZB6oEDX+r0QM65KbhTjrW1Z
aARmPhEZZe3Y9ifgEuq7vZ/zGZUdEGNWy+JZzus0lUpt
wgjGwhUS1558Hb4JKUbbOTcM8pwXlj0EiX3oDFVmjHO4
44gLkBOUKUf/mC7HvfwYH/Be22GnClrinKJp1Og4ywzO
9WglMk7jbfW33gUKvirTHr25GL7STQUzBb5Usxt8lgny
TUHs1t3JwCY5hKZ6CqFxmAVZP20igTixin/1LcrgX/KM
EGd/buvF4qJCyduieHukuY3H4XMAcR+xia2nIUPvm/oy
WR8BW/hWdzOvnSCThlHf3xiYleDbt/o1OTQ09A0=
) ; key id = 17686
se. IN DNSKEY 257 3 5 (
AwEAAb6xRZHEf+PyF5dxEvz0BHEHbziu6iZaiNW/yjSa
ZcmrmZiRMF8FPppD+XuKSau0rgu4eBwYdpkEoMVR4FhI
8frkuPHIue2LP1ETo+2hCrdr60K1538yLvzbOhMxXt6k
njPN+OlalMmCknadaofKga5FLKOPQs2C3nw6AH4WUNGr
chmDMVBwRwfZdQXYZTXesqULmGMK7mwjQGOxerRDQWrF
v8NhNnVV31PihaYBdQ1TJjvfGS/FYZJwv/BddiELiLeU
nNWu3AOsRAshgOcDBOAPUvKJNEq6RHELFmvXOOe2d8H2
yzv02EMQik6GwUm16DrSdmX+SWfelQs+9ELFN6k=
) ; key id = 6166
The keys are also available at http://dnssec.iis.se/key.html
DNS users that haven't earlier but are going to configure their DNS
to ask for DNSSEC answers should only use the new key.
DNS users that haven't explicitly configured their DNS to ask for
DNSSEC answers this will not involve any changes at all.
We do also advice you to subscribe to the
dnssec-announce(a)lists.nic.se mailing list to get notified about key
rollovers and any other important changes
Questions may be addressed to dnssec-info(a)iis.se
Anne-Marie Eklund Löwinder
Quality & Security Manager
.SE (The Internet Infrastructure Foundation)
P O Box 7399
103 91 Stockholm
Sweden
Tel: +46 8 452 35 00, direct: +46 8 452 35 17, mobile: +46 734 315
310
E-mail: anne-marie.eklund-lowinder(a)iis.se
Web: www.iis.se
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.1
iQA/AwUBRZzkYaXc8AFCsc+UEQLWwwCaAibkesPscNtzsjeWWLmrFKLcaa8AoJli
+i6VDyKfg8wqbW9lkCwynJY5
=YaRn
-----END PGP SIGNATURE-----
#############################################################
This message is sent to you because you are subscribed to
the mailing list <dnssec-deployment(a)shinkuro.com>.
To unsubscribe, E-mail to: <dnssec-deployment-off(a)shinkuro.com>
A public archive is available here: <http://mail.shinkuro.com:8100/Lists/dnssec-deployment/>
and older material is at
<http://mail.shinkuro.com:8100/Lists/dnssec-deployment-archive/>
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
[Apologies for Duplicates]
Dear Colleagues,
The RIPE NCC changes the Key Signing Keys (KSKs) for its signed zones twice
each year. On Wednesday, 20 December 2006, we will perform the next (stage
2) key rollover.
The current keys are published at:
https://www.ripe.net/projects/disi//keys/ripe-ncc-dnssec-keys-new.txt
The DNSSEC Key Maintenance Procedure is available at:
https://www.ripe.net/rs/reverse/dnssec/key-maintenance-procedure.html
If you followed our earlier instructions and configured your resolver with
the new keys, you should see no impact.
If you have any questions about this, please send an e-mail to
<dns-help(a)ripe.net>.
Regards,
- --
Brett Carr RIPE Network Coordination Centre
Manager -- DNS Services Group Singel 258 Amsterdam NL
GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
-----BEGIN PGP SIGNATURE-----
Comment: For info see https://www.ripe.net/rs/pgp/
iD8DBQFFhrD7mbreNIsOKy8RAgZIAJ96xNVkN+ZDc2UK8ar6zuCEm55kOgCcCNCW
D6NJZnJMXQYCkL8EFQTLfM4=
=/INT
-----END PGP SIGNATURE-----
Further to a request from the folks running the as112.net project, which
has its web site hosted by OARC, I have created a new mailing list
<as112-ops(a)lists.oarci.net>
This list is for:
"Co-ordinating operators of anycasted AS112 DNS servers for RFC1918
in-addr queries."
The policy for this list is in general open and public, but to avoid
bots getting in, any subscription requests will be vetted against the
list of known AS112 operators with drupal accounts on the
public.as112.net website, any not matching will be asked to verify their
interest.
To join, please go to:
http://lists.oarci.net/mailman/listinfo/as112-ops
This list is also accessible as <as112-ops(a)lists.as112.net> or
<ops(a)as112.net>
List administrators include myself, William F Maton Sotomayer and Joe Abley.
Or see:
http://public.as112.net
for more info on the AS112 project.
Keith
[Apologies for duplicates]
Dear Colleagues,
On 7 December 2006, authoritative Reverse DNS Services on ns-pri.ripe.net
will be unavailable for a short period between 09:00 and 10:00 UTC.
During this time we need to carry out important server maintenance work.
We apologise in advance for any inconvenience.
If you have any questions or concerns about this, please send an e-mail
to dns-help(a)ripe.net.
Regards,
--
Brett Carr Ripe Network Coordination Centre
Manager -- DNS Services Group Singel 258 Amsterdam NL
GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
[Apologies for duplicates]
Dear Colleagues,
On 30 November 2006, authoritative Reverse DNS Services on ns-pri.ripe.net
will be unavailable between 09:00 and 10:00 UTC. During this time we
need to carry out important server maintenance work.
We apologise in advance for any inconvenience.
If you have any questions or concerns about this, please send an e-mail
to dns-help(a)ripe.net.
Regards,
--
Brett Carr Ripe Network Coordination Centre
Manager -- DNS Services Group Singel 258 Amsterdam NL
GPG Key fingerprint = F20D B2A7 C91D E370 44CF F244 B6A1 EF48 E743 F7D8
