An algorithm roll for the .gov zone will occur at the end of August, 2013. This notice is provided
as a courtesy to the DNSSEC community. No action should be required on your part.
The .gov zone is currently signed with algorithm 7 (RSASHA1-NSEC3-SHA1) and will be changed to use
algorithm 8 (RSA/SHA-256), bringing it in line with other top-level domains such as as .com, .net, and
the root zone. The zone will be signed with both algorithms for a period of approximately 10 days.
Further scheduling details will be provided one week before the algorithm roll begins.
On the morning of August 14, a relatively small number of networks
may have experienced an operational disruption related to the signing
of the .gov zone. In preparation for a previously announced algorithm
rollover, a software defect resulted in publishing the .gov zone
signed only with DNSSEC algorithm 8 keys rather than with both
algorithm 7 and 8. As a result .gov name resolution may have failed
for validating recursive name servers. Upon discovery of the issue,
Verisign took prompt action to restore the valid zone.
Verisign plans to proceed with the previously announced .gov algorithm
rollover at the end of the month with the zone being signed with
both algorithms for a period of approximately 10 days.