Extra Feeds & Services »

Home / News

Survey Finds "Complexity" as Most Common Challenge in Deploying DNSSEC

  • May 28, 2009 12:57 PM PDT
  • Comments: 0
  • Views: 1,691
Print Comment
By CircleID Reporter
Survey Finds

According to a recent survey conducted by the European Network and Information Security Agency (ENISA), 78% of service providers in Europe have plans to deploy DNSSEC within the next 3 years.

On the other hand, the study also found 22% have no plans to deploy DNSSEC in the next 3 years. The main reasons, according to those surveyed, are:

  • Lack of customer demand for the service
  • Cost of deployment and the on-going costs for running the service
  • Immaturity of the technology
  • Lack of requirement set to operators by National regulators

Additionally, service providers who are planning to deploy DNSSEC have expressed the following challenges as key barriers:

  • Problems with the complexity of Key Management and Key Rollovers.
  • Lack of supporting tools for Key Management as well as operational management of DNSSEC servers.
  • Problems with increased system complexity of DNSSEC servers. In this respect, it has also been noted that in some cases equipment vendors deliver unstable products for DNSSEC support.
  • Essential lack of key management policies as well as in a wider scope lack of information security policies with focus on DNSSEC and security management guidelines.
  • Lack of end user awareness on the benefits provided by DNSSEC and the security it provides.
  • There are no widely used applications that are supporting DNSSEC.
  • The root of the DNS is not signed. This breaks the hierarchy of DNS and Trust Entry points (Trust anchors) have to be configured to the recursive resolvers.
  • The distribution and update of the trust anchors is not standardised and there are no common policies and procedures yet in place.
  • There is lack of standardisation in the transfer of the key material from the child domains to their parents.
  • There is lack of tools notifying the user when the domain they are using is securely validated.
  • The inherent feature of DNSSEC for authenticated denial of existence allows an abuser to enumerate the contents of a zone. The adoption of a variation of the protocol, named NSEC3, by the product vendors is required.

The full report can be downloaded here (PDF). Background information available here.

Related topics: DNSSEC, Security

Get a weekly summary of postings to CircleID:

 Master Feed (more feeds)      Twitter      Mobile
Bookmark / Email This Post
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

Perspectives on a DNS-CERT

  • Mar 16, 2010
  • Comments: 0

Another One (Partially) Bites the Dust

  • Mar 12, 2010
  • Comments: 0

Authorities Take Down the Mariposa Botnet

  • Mar 05, 2010
  • Comments: 0

Closing in on the Google Hackers

  • Feb 25, 2010
  • Comments: 2

OpenDNS Adopts Proposed DNS Security Solution: DNSCurve

  • Feb 23, 2010
  • Comments: 6
View More

Related News

Memory Cards of 3,000 Vodafone Mobiles Infected With Malware

  • Mar 19, 2010
  • Comments: 0

German High Court Says No to Retaining Telecom, Email Data for Tracking Criminal Networks

  • Mar 02, 2010
  • Comments: 0

Comcast Announces Aggressive Plan to Deploy DNSSEC, Launches First Public Trial

  • Feb 23, 2010
  • Comments: 0

How IT and Internet Saved Lives in Haiti

  • Feb 17, 2010
  • Comments: 0

Google Dumps Illicit Pharmacy Advertisements

  • Feb 10, 2010
  • Comments: 0
View More

Other Topics

Access Providers Broadband Censorship Cloud Computing Cyberattack Cybercrime Cybersquatting Data Center DNS DNSSEC Domain Names Domain Registries Email Enum ICANN Internet Governance Internet Protocol IP Addressing IPTV IPv6 Law Malware Mobile Multilinguism Net Neutrality P2P Policy & Regulation Privacy Regional Registries Security Spam Telecom Top-Level Domains VoIP Web White Space Whois Wireless
View More



Industry Updates – Sponsored Posts

MarkMonitor Year in Review Report: How Escalating Online Brand Abuse is Used to Monetize Web Traffic

.ORG to Fully Deploy DNSSEC in June

  • By PIR
  • Views: 532

The GLOBE Program Chooses Dyn Inc.'s Dynect Platform to Deploy DNSSEC per Federal OMB Mandate

SPECIAL: Updates from the ICANN Meetings in Nairobi

MarkMonitor Sets New Standard in Brand Protection with Site Staydown Service

ICANN and Cybersecurity: Hot Topics at The First Ever .ORG Forum

  • By PIR
  • Views: 1,807

Neustar Implements DNS Security Extensions in the .US Registry

Neustar Launches Initiative to Enhance DNS With Faster, More Secure Updates

Registry Stakeholder Group Comments on Latest ICANN Policies

  • By PIR
  • Views: 2,040

Open Phishing Season

Nominum Announces "DNSSEC Made Easy" Solutions

.ORG Highlighted for Success in Fighting Phishing

  • By PIR
  • Views: 2,315

Afilias' Matt Pounsett Elected Director-at-Large for DNS-OARC

SPECIAL: Updates from the ICANN Meetings in Seoul

.ORG Wins WebAward for Website Redesign and Selected as a Finalist for the NonProfit PR Awards

  • By PIR
  • Views: 2,160

SEO Poisoning: A Persistent Malware Threat Targeting High-Profile Brands

Nominum CEO: Commercial vs. Open Source - Let Customers Choose

Pharmaceutical Brandjacking for Popular Drug Brands on the Rise

Nominum Broadens Intelligent DNS Impact With SKYE Cloud Services

Afilias Managed DNS Services Adds SiteCertain to Keep Watch on Your Web Site

View More