1.    Network Operators that have already enabled DNSSEC validation on their network must update their system with the new KSK in order to avoid disruption of users’ access to the Internet service from 11th October 2017

2.    Network Operators who have not yet enabled DNSSEC validation will not be affected by the ICANN KSK change and does not require any system update on their network as the ICANN KSK change will not affect their users’ access to the Internet service.

3.    The Network Operators who have not enabled DNSSEC validation and are intending to enable DNSSEC validation after ICANN KSK change on 11th October 2017 must obtain the new key from ICANN for DNSSEC validation implementation.

The ICANN’s testing platform to confirm Network Operators infrastructure’s support of the new KSK can be found at https://go.icann.org/KSKtest and any question can be directed to

Signed:

Engr. Haru Al-Hassan

Director, New Media and Information Security, NCC