[DNSOP] .NU NSEC3 to NSEC roll over

Ulrich Wisser <ulrich@wisser.se> Wed, 11 November 2020 13:43 UTC

Return-Path: <ulrich@wisser.se>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1E03B3A1204 for <dnsop@ietfa.amsl.com>; Wed, 11 Nov 2020 05:43:51 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=wisser.se
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fZx7jYAgV51K for <dnsop@ietfa.amsl.com>; Wed, 11 Nov 2020 05:43:46 -0800 (PST)
Received: from mout-p-101.mailbox.org (mout-p-101.mailbox.org [80.241.56.151]) (using TLSv1.2 with cipher ECDHE-RSA-CHACHA20-POLY1305 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 26D413A121D for <DNSOP@ietf.org>; Wed, 11 Nov 2020 05:43:44 -0800 (PST)
Received: from smtp1.mailbox.org (smtp1.mailbox.org [IPv6:2001:67c:2050:105:465:1:1:0]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-384) server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4CWQtR1l8TzQlKM for <DNSOP@ietf.org>; Wed, 11 Nov 2020 14:43:43 +0100 (CET)
X-Virus-Scanned: amavisd-new at heinlein-support.de
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=wisser.se; s=MBO0001; t=1605102223; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=tltrZNVP/3blwEwtkikqV4OfD3lvZAHao6qbuYNaIAI=; b=fqZSfeRPElFYOPp7GSA9chbEOzOPsUO/dFhyyz0XnaZggH+aRbnzwYrcwUcBLpCV7z2Bva l2HZ/SpkzytJM/tGBAsQVgaRIWY5lY6Z7J3/SX+F4Rdzy2uSgHZ7pgMptujfSM97RSHUYF GVrKM0E6Ip/dUn23UOO/xZn/4Ft/h3A6wr081JnBh0yjB3alBFl67p3ggiitiHTaTd4969 MrU6JP1nAuadfH4eOcBbNLyUO2vGj4XL9V7fz/d0tnwah/dVMY/5OxODz3UCgdBO2kWjTq XJZYdqUf4ZMS0CEjDvg02KfivXc2IZVlhSFm95tgXNfWKcH9o/xb+Q0a8qK6Dw==
Received: from smtp1.mailbox.org ([80.241.60.240]) by spamfilter06.heinlein-hosting.de (spamfilter06.heinlein-hosting.de [80.241.56.125]) (amavisd-new, port 10030) with ESMTP id xCL5On2Upr3P for <DNSOP@ietf.org>; Wed, 11 Nov 2020 14:43:38 +0100 (CET)
From: Ulrich Wisser <ulrich@wisser.se>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: quoted-printable
Mime-Version: 1.0
Message-Id: <9CB38E56-CAC3-4D8D-BE34-B401570AADAF@wisser.se>
Date: Wed, 11 Nov 2020 14:43:37 +0100
To: DNSOP@ietf.org
X-MBO-SPAM-Probability:
X-Rspamd-Score: -2.80 / 15.00 / 15.00
X-Rspamd-Queue-Id: E28791838
X-Rspamd-UID: 2f7bc3
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/FrIRP_7iuoOfvviuVl7QTWoCbLQ>
Subject: [DNSOP] .NU NSEC3 to NSEC roll over
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Nov 2020 13:43:58 -0000

Hi,
 
.NU has for many years been signed with NSEC3. When the Swedish Internet foundation took over .nu in 2013 we continued with NSEC3. In 2017 we started to publish all zone files for .nu and .se (zonedata.iis.se). Since then we have wanted to do a roll over to NSEC.
 
Today is that day! At 13.00 UTC+1 we started the roll over from NSEC3 to NSEC and since 13.45 UTC+1 all our authoritative servers answer with NSEC records.
 
We have run checks from many places in the world with the help of the Ripe Atlas network, and have not seen any problems at all.
 
More detailed information will be made available soon.
 
Kind regards from Stockholm
 
Internetstiftelsen
(The Swedish Internet Foundation)
 
-- 
Ulrich Wisser
Senior DNS Expert
The Swedish Internet Foundation
Mobile: +46 704 467 893
https://internetstiftelsen.se/en/