The Board of Directors for the Internet Corporation of Assigned Names and Numbers (ICANN) has approved plans for the first-ever changing of the cryptographic key that helps protect the Domain Name System (DNS) – the Internet’s address book.
Recently the ICANN Board passed a resolution, directing the organization to proceed with its plans to change or “roll” the key for the DNS root on the 11th of October 2018. This will mark the first time the key has been changed since it was first put in use in 2010.
Some Internet users might be affected if the network operators or Internet Service Providers (ISPs) have not prepared for the roll. Those operators who have enabled the checking of Domain Name System Security Extensions or DNSSEC information (a set of security protocols used to ensure DNS information isn’t accidentally or maliciously corrupted) are those who need to be certain they are ready for the roll.
The changing of the DNS root key was originally scheduled to happen a year ago, but plans were put on hold after the ICANN organization found and began analyzing some new, last-minute data. That data dealt with the potential readiness of network operators for the key roll.
An analysis ultimately led the organization to believe it could safely proceed with the changing of the key. As a result, the organization, after consultation with the community, developed a new plan that recommends putting the new key into use exactly one year after originally scheduled. In the intervening time, the organization has continued extensive outreach and investigations on how to best mitigate risks associated with the key change.
The primary source for information about the rollover is: http://www.icann.org/kskroll