Here is the place where you are likely to cause a problem with "KSK Roll Over"!Be careful not only on September 19 but also on October 11th

DNS (Domain Name System) is one of the important basic technologies for the Internet.On the Internet, the communication partner is ultimately specified by the IP address, but the IP address may be changed due to the network side.Therefore, the domain name is more convenient for specifying the other party or teaching your address to the other party.DNS is an indispensable existence to make this "domain name" anytime and anywhere.Without DNS, it can be said that the current Internet cannot exist.

Also, from the point of view of the user, the fact that a full service resolver cannot be used is the same as not being able to use the Internet itself.The name resolution makes it impossible to get the IP address of the telecommunications partner.Because it is a mechanism that supports the Internet base, the importance of DNS should be known more.I think so, but how about?

DNSSEC is to allow the person who received the DNS response to verify "the origin of the DNS record (the data registered at the source)" and "complete nature (lack of data or tampering)".It is a mechanism.In other words, it is an extension that improves DNS security by verifying whether the received DNS response is "really correct".

The DNSSEC is currently underway, and the extension of DNSSEC verification is not high, except for some ISPs in Europe and the United States, such as Google Public DNS and American major COMCAST.However, protocols for placing important information on DNS to ensure security, such as electronic signatures, S/MIME, and PGP, are already standardized, and DNSSEC protection is assumed.

DNSSEC is an important technology for the Internet, and the first route zone KSK rollover after the operation of DNSSEC started in 2010 is one of the important milestones.

Next time, we plan to technically explain the outline of the route zone KSK rollover.

[*1] ... a resolver that performs DNSSEC verification.Resolver is a software program that performs name resolution, and is a typical one is a full -service resolver (cash DNS server).

[*2] …… When DNSSEC verification, information that is the starting point of trust in trust.Set for each ballidator.

[*3] ... Full service resolver (JPRS glossary)

[*4] …… RFC 5011: Automatic update of Trust Anchor in DNS Security Expansion (DNSSEC) (Japanese translation by JPRS)

[*5] …… The middle box is a device (BOX) that operates other than normal routing, located between the communication (Middle).