Skip to main content

网络运营商和 ISP 须知:确定您已为根区 KSK 轮转做好准备!

网络运营商和互联网服务提供商 (ISP) 仍然有时间来测试其递归解析器,以确定其已为旨在保护域名系统 (DNS) 而即将进行的加密密钥变更做好准备。

运营商可使用 ICANN 部署的试验床来确认其已启用 DNSSEC 验证的解析器将恰当实施即将进行的根区域名系统安全扩展 (DNSSEC) 密钥签名密钥 (KSK) 轮转。

ICANN 已于 2017 年 3 月启动测试平台,专用于供网络运营商和其他利益相关方验证其系统是否能够处理根区 KSK 轮转相应的信任锚自动更新流程。

要参与测试,网络运营商和 ISP 需加入电子邮件清单,以便了解应采取什么步骤和何时执行测试。可在任何时刻加入电子邮件清单,但是整个测试需要约 45 天,最重要的结果将在测试开始后约 30 天提供。

由于 KSK 轮转计划于 2017 年 10 月 11 日实施,我们鼓励已启用 DNSSEC 验证的递归解析器运营商确保使用配置为信任锚的新根区 KSK 更新其系统。如果其系统不支持或未正确实施信任锚自动更新协议,则必须手动配置信任锚。如果递归解析器的信任锚未更新,则使用该递归解析器的所有客户端将出现 DNS 解析失败的情况,从而导致所有查询都返回“未找到主机”或类似的错误消息。

您可通过点击此处访问我们的网页,以了解更多关于根区 KSK 轮转的信息。您也可以通过点击此处访问试验床页面,或通过 automated-ksk-test@research.icann.org 提问。

Comments

    Domain Name System
    Internationalized Domain Name ,IDN,"IDNs are domain names that include characters used in the local representation of languages that are not written with the twenty-six letters of the basic Latin alphabet ""a-z"". An IDN can contain Latin letters with diacritical marks, as required by many European languages, or may consist of characters from non-Latin scripts such as Arabic or Chinese. Many languages also use other types of digits than the European ""0-9"". The basic Latin alphabet together with the European-Arabic digits are, for the purpose of domain names, termed ""ASCII characters"" (ASCII = American Standard Code for Information Interchange). These are also included in the broader range of ""Unicode characters"" that provides the basis for IDNs. The ""hostname rule"" requires that all domain names of the type under consideration here are stored in the DNS using only the ASCII characters listed above, with the one further addition of the hyphen ""-"". The Unicode form of an IDN therefore requires special encoding before it is entered into the DNS. The following terminology is used when distinguishing between these forms: A domain name consists of a series of ""labels"" (separated by ""dots""). The ASCII form of an IDN label is termed an ""A-label"". All operations defined in the DNS protocol use A-labels exclusively. The Unicode form, which a user expects to be displayed, is termed a ""U-label"". The difference may be illustrated with the Hindi word for ""test"" — परीका — appearing here as a U-label would (in the Devanagari script). A special form of ""ASCII compatible encoding"" (abbreviated ACE) is applied to this to produce the corresponding A-label: xn--11b5bs1di. A domain name that only includes ASCII letters, digits, and hyphens is termed an ""LDH label"". Although the definitions of A-labels and LDH-labels overlap, a name consisting exclusively of LDH labels, such as""icann.org"" is not an IDN."