Roll, Roll, Roll your Root: A Comprehensive Analysis of the First Ever DNSSEC Root KSK Rollover

Speaker: Moritz Müller


I give an in-depth insight into the Root KSK Rollover of the DNSSEC key of last year. Together with researchers, operators and developers from five organizations we analyzed the first ever rollover of the main cryptographic keys of DNSSEC, which had the potential of rendering millions of Internet users offline.

I will show, why the rollover was postponed by one year, the impact of the rollover itself and the surprising behavior it triggered in resolver software. Our results also question the current distribution methods of the DNSSEC trust anchor, and other trust anchors like CAs.


Moritz is a Research Engineer with SIDN Labs, the research department of SIDN, the .nl ccTLD and a Ph.D candidate at the University of Twente. His research is focusing on the security and stability of the Domain Name System (DNS). In his work at SIDN he develops tools to detect malicious domain names and measures the deployment and behavior of DNS infrastructure.

Twitter: @moritzcm_

najaar 2019

Vereniging NLUUG
           postbus 8189
6710 AD Ede