The system administrator (sysadmin) needs to update the software if he / she does not want to lose the network

Internet providers and system administrators (sysadmin) need to make sure they run updated software or they will have to risk losing their customers in October, DNS management organization ICANN warned.

Following the process starting in May 2016, the encryption key to secure the system domains will be updated for the first time.

After testing in May 2016, in February last, a new key record (Key Signing Key - KSK) was created for people to add to their software. The new key is then issued on DNS last month and will be used to log into the root zone for the first time on October 11, 2017 at 1600 UTC. At that time, those who do not use this key will be cut off from the Internet.

This change is the result of updating the Zone SInging Key (ZSK) to the longer 2048-bit RSA key, to provide higher security. Now it will be the same length as KSK and both will be recreated to create public and secret encryption keys to secure the Internet system.

KSK is used to log into ZSK, then used by RZM (Root Zone Maintainer) for the root zone in DNSSEC of DNS.

Only Internet infrastructure companies and network administrators need to consider this change, and Internet users do not need it.

The change is not difficult, as long as you use the update software and have enabled DNSSEC, the key will automatically update. Tests in May 2016 have been tested to make sure there will be no unwanted effects and thanks to the gradual release from that phase, Internet engineers can be confident that everything will go smoothly. . However, when it comes to global decentralized networks, it is still not certain what.

The system administrator (sysadmin) needs to update the software if he / she does not want to lose the network Picture 1
So this warning is essential for sysadmin

What if someone used old software or wanted to change KSK manually and failed? In that case, the DNS Resverver will stop working so anyone at the end of the connection will not be able to access the website they want. They can of course find their own way but it will take a lot of effort.

Internet infrastructure companies are also aware of the problem and plan the transition for months. But for system administrators, operating Resolver, developing DNS software or those who install Anchor Trust on Root as part of software or hardware and are worried about this conversion, ICANN has a test page KSK https://automated-ksk-test.research.icann.org/ and an information page for you to read. https://www.icann.org/resources/pages/ksk-rollover