As reported today in The H Online, “all 13 root servers are now serving a signed version of the root zone.”  And, despite numerous rumors circulating on the web, the article notes:

There have been no reports of any problems in the immediate aftermath of VeriSign’s J root server starting to serve DNSSEC signatures. Experts at the 60th RIPE meeting in Prague were almost unanimous in predicting a glitch-free switchover, following the successful switchovers of the other 12 root servers in recent months. The only apocalyptic note was sounded by a countdown to the demise of the unsigned root zone.

The article discusses next steps, including disclosure of a public key and a June key signing ceremony that will bring together volunteer crypto officers and recovery key share holders from around the world.

EDUCAUSE notes that registration is almost full for its April 29 webinaron DNSSEC in the .edu Domain, featuring Becky Granger, EDUCAUSE director of information technology and member services, and host Steve Worona.  You’ll find additional background resources and links on DNSSEC on the webinar registration page.

Two speakers from the DNSSEC Deployment Coordination Initiative–Shinkuro CEO Steve Crocker and U.S. National Institute of Standards and Technology computer scientist Scott Rose–will speak at Internet2’s Spring 2010 meeting next week in Arlington, VA, as part of a panel on DNSSEC.   Joining them will be Shumon Huque of the University of Pennsylvania; Anthony Iliopoulos of Louisiana State University; and Rodney Peterson of EDUCAUSE.  The meeting will take place April 26-28 at the Crystal Gateway Marriott in Arlington; go here for registration and more details.

Afilias Executive Vice President and Chief Technology Officer Ram Mohan urged registrars, registries, ISPs, enterprises and developers to get a DNSSEC strategy in a blog post today, noting that “DNSSEC is not pie-in-the-sky talk any more. It’s a reality as current and pressing as the need to migrate to IPv6…if you haven’t started planning for DNSSEC yet, you should start to wonder whether you’re behind the curve.”  For application developers, he looks ahead, noting, “DNSSEC creates an entirely new piece of Internet infrastructure upon which software developers can apply their ingenuity. Over the next few years we should expect to see applications leveraging domain name security in ways we cannot imagine now.”  The post includes a video and an overview of recent progress toward DNSSEC deployment.

The Internet Protocol Journal has just published an article about Rolling Over DNSSEC Keys, authored by George Michaelson and Geoff Huston of APNIC; Patrick Wallström of .SE; and Roy Arends of Nominet.  The editor notes that the article examines “what happens in two widely used DNS resolver implementations when DNS clients lag behind in synchronizing their local copy of trust keys with the master keys used by the zone administrators to sign their DNS data.”  Here’s what the authors conclude: 

….in this situation of slippage of synchronized key state between client and server, the effect is both local failure and the generation of excess load on external servers—and if this situation is allowed to become a common state, it has the potential to broaden the failure state to a more general DNS service failure through load saturation of critical DNS servers.

This aspect of a qualitative change of the DNS is unavoidable, and it places a strong imperative on DNS operations and the community of the 5 million current and uncountable future DNS resolvers to understand that “set and forget” is not the intended mode of operation of DNSSEC-equipped clients.

Network World reports this week that “Top U.S. domain name registrars lag on DNS security,” noting that:

….none of the top 10 domain name registrars in the United States has committed to a deadline for deploying DNSSEC….only four responded to queries about the status of their DNSSEC deployments. None of these registrars would commit to a deadline for when they will support this new security mechanism.

The article includes comments from Network Solutions, Dotster, GoDaddy and eNom.

Go here to find presentations from all the speakers at “What’s Next in DNSSEC?,” the daylong session held at the FOSE conference and expo.  Included are federal, nonprofit, commercial, education, global TLD, country code TLD and hardware and software vendor perspectives.  We’ll be highlighting various presentations from the program in the weeks ahead.

Government Computer News has this report on the DNSSEC Deployment Coordination Initiative’s final session from the March 24 program on “What’s Next in DNSSEC,” sharing views from Nominum, BlueCat Networks and Secure 64 panelists at the session.  We’ll be posting slides from all the presentations on the website shortly and will highlight many of the presentations on the blog.