#USA #Los Angeles #Security #DNS #ICANN

ICANN Announces Upcoming Security Update for DNS

On May 20, 2026, the Internet Corporation for Assigned Names and Numbers (ICANN) made a pivotal announcement indicating a major transition regarding the trust anchor of the Domain Name System (DNS). Scheduled for October 11, 2026, this update is essential for ensuring the long-term security and stability of the DNS.

The change involves what is termed a “Rollover” of the Key Signing Key (KSK), which is the cryptographic key crucial for securing DNS responses. The KSK acts as a trust anchor within the Domain Name System Security Extensions (DNSSEC), which ensures that DNS data remains authentic and unaltered during transmission. DNSSEC is instrumental for Internet users, as it validates the data when they access websites and various online services.

The rollover process will replace the existing KSK with a new one, a requisite step to maintain strong cryptographic security across the global DNS infrastructure. Kim Davies, the head of services at the Internet Assigned Numbers Authority (IANA) and president of Public Technical Identifiers (PTI), emphasized the importance of this transition: “The Rollover of the trust anchor is a carefully coordinated process that helps protect the integrity of the DNS.” He pointed out that while most Internet users may remain unaware of the change, DNS operators must ensure their systems are correctly configured to trust the new key prior to the rollover.

ICANN is tasked with managing the DNS root zone as part of its IANA functions and will work closely with global Internet partners during this transition. To minimize the risk of disruptions, ICANN will publish the new KSK well ahead of the date, granting operators sufficient time to update their systems and verify the functioning of their automatic trust anchor update mechanisms.

The rollout will follow a phased schedule, initiated in 2024 and concluding in 2027. During this timeframe, both the old and new KSK will remain valid, allowing recursive resolvers—operated by Internet Service Providers, enterprises, and other entities—to assume the new trust anchor before its activation in October 2026. The existing key is expected to be retired in January 2027.

For those managing validating recursive resolvers, especially those with manually configured trust anchors or outdated software, it is crucial to review their systems to ensure readiness for the rollover. Failure to update may result in DNS resolution errors post-rollover date.

For further information regarding the KSK rollover, including operational guidelines and technical resources, ICANN encourages stakeholders to visit their dedicated KSK rollover information page.

About ICANN

ICANN plays a vital role in supporting a secure, stable, and unified global Internet. To connect with others via the Internet, users must input a unique identifier—a name or number—into their devices. ICANN facilitates the coordination and support of these unique identifiers worldwide. Established in 1998 as a non-profit organization intended to serve the public interest, ICANN collaborates with stakeholders globally to ensure an accessible and reliable Internet experience. For more information, please visit the official ICANN website.