Root and ARPA DNSSEC operational message -- signature validity period

DNSSEC signatures in the Root and ARPA zones are currently given a validity
period of 10 days. The validity period is being increased to 13 days, per
the recommendations of RSSAC's Report on Root Zone TTLs [1] (aka RSSAC003).

Note that we are not aware of any cases where the 10-day signature validity
period has caused problems for DNSSEC validators. This is a precautionary
measure designed to accommodate a worst-case scenario.

This change will be implemented on September 6, 2016. Please feel free
to contact us at with concerns or questions, and to forward
this notice to others who may not have already received it.



FYI, this work is now complete.