Larry Blunk, Merit Network, Inc.
Last revised: 21 June 2009
Merit Network is participating in a pilot deployment of DNSSEC. It is an island of trust deployment with no secure delegations from the parent zones at this time. The Merit authority nameservers are 198.108.1.43 (dns1.merit.net), 198.109.64.250 (dns2.merit.net), and 207.72.112.10 (dns3.merit.net).
This page lists trust anchor (aka Secure Entry Point keys) for the nanog.org zone. This trust anchor can be used by security-aware DNS resolvers to authenticate records in the corresponding zones.
Key Signing Keys (KSK) are 1024 bit RSASHA1 and Zone Signing Keys (ZSK) are 2048 bit RSASHA1. At the current time, Zone Signing Keys are rolled over every three months, using a pre-publish policy. Key Signing Keys are rolled over approximately once per year, using a double signature rollover policy.
[Format: "domain_name" flags protocol algorithm "publickey-in-base64"]Download this as a text file, suitable for inclusion in a BIND9 format configuration file.
"nanog.org." 257 3 5 "AwEAAaeK6ON+879lLC8bdp0qTeyvbWz/2Rp1
mamWy35l1a1aZAaBss6bI7HdGrHZtWpB11xy
ch6y2I6ImQXfr99Dp+4Jnyd/9KjEravfnmXX
dBRZhv3x3Hf5wv1Xzx5nn7hFx8h8omwve2WL
JZZ4KcuxHnpoZ0o6JttdSb0RHvft8ZluTgdN
GUrdxP5BmIDITEc9CfB4BgVCK8e+HpIFlChR
jaBbsA8fSh4Cz1R/QwkDjxLc4vAETjb1koa5
ZDxTaPjYEEEAp+wvb5aJtgVxjdwfejwaZ3MQ
CmZMXZsq9t9MuWbNWemz7WKSRM7ra6FeHuQI
ikrXNNMERxHA0lBdgI8vmg0=";