Home / News

Survey Finds "Complexity" as Most Common Challenge in Deploying DNSSEC

  • May 28, 2009 11:57 AM PST
  • Comments: 0
  • Views: 2,287
Print Comment
By CircleID Reporter
Survey Finds

According to a recent survey conducted by the European Network and Information Security Agency (ENISA), 78% of service providers in Europe have plans to deploy DNSSEC within the next 3 years.

On the other hand, the study also found 22% have no plans to deploy DNSSEC in the next 3 years. The main reasons, according to those surveyed, are:

  • Lack of customer demand for the service
  • Cost of deployment and the on-going costs for running the service
  • Immaturity of the technology
  • Lack of requirement set to operators by National regulators

Additionally, service providers who are planning to deploy DNSSEC have expressed the following challenges as key barriers:

  • Problems with the complexity of Key Management and Key Rollovers.
  • Lack of supporting tools for Key Management as well as operational management of DNSSEC servers.
  • Problems with increased system complexity of DNSSEC servers. In this respect, it has also been noted that in some cases equipment vendors deliver unstable products for DNSSEC support.
  • Essential lack of key management policies as well as in a wider scope lack of information security policies with focus on DNSSEC and security management guidelines.
  • Lack of end user awareness on the benefits provided by DNSSEC and the security it provides.
  • There are no widely used applications that are supporting DNSSEC.
  • The root of the DNS is not signed. This breaks the hierarchy of DNS and Trust Entry points (Trust anchors) have to be configured to the recursive resolvers.
  • The distribution and update of the trust anchors is not standardised and there are no common policies and procedures yet in place.
  • There is lack of standardisation in the transfer of the key material from the child domains to their parents.
  • There is lack of tools notifying the user when the domain they are using is securely validated.
  • The inherent feature of DNSSEC for authenticated denial of existence allows an abuser to enumerate the contents of a zone. The adoption of a variation of the protocol, named NSEC3, by the product vendors is required.

The full report can be downloaded here (PDF). Background information available here.

Related topics: DNSSEC, Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:
Print Comment

Comments

To post comments, please login or create an account.

Related Blogs

Phish or Fair?

  • Feb 07, 2012
  • Comments: 4

The FBI and Scotland Yard vs. Anonymous: Security Lessons

  • Feb 06, 2012
  • Comments: 0

World Notices That Verisign Said Three Months Ago That They Had a Security Breach Two Years Ago

  • Feb 02, 2012
  • Comments: 2

Understanding and Detecting Mobile Malware Threats

  • Jan 16, 2012
  • Comments: 0

Refusing REFUSED

  • Jan 11, 2012
  • Comments: 3
View More

Related News

DNSChanger Trojan Still Running on Half of Fortune 500s, US Govt

  • Feb 02, 2012
  • Comments: 0

Public-Private Cooperation Policy for Cyber Security Suggested by Commissioner Kroes

  • Jan 31, 2012
  • Comments: 0

DDoS Attacks Increased by 2000% in Past 3 Years, Asia Generating Over Half of Recent Attacks

  • Jan 31, 2012
  • Comments: 0

NASA Website Blocked Due to DNSSEC Error

  • Jan 25, 2012
  • Comments: 0

Comcast Announces Completion of DNSSEC Deployment

  • Jan 10, 2012
  • Comments: 0
View More

Topics

Access ProvidersLaw
BroadbandMalware
CensorshipMobile
Cloud ComputingMultilinguism
CyberattackNet Neutrality
CybercrimeP2P
CybersquattingPolicy & Regulation
Data CenterPrivacy
DNSRegional Registries
DNSSECRegistry Services
Domain NamesSecurity
EmailSpam
EnumTelecom
ICANNTop-Level Domains
Internet GovernanceVoIP
Internet ProtocolWeb
IP AddressingWhite Space
IPTVWhois
IPv6Wireless
View More

Industry Updates – Sponsored Posts

MarkMonitor to Exhibit at Internet Tech Policy Exhibition and Reception to be Held on Capitol Hill

Verisign to Award New Infrastructure Research Grants

Being a .PRO When Choosing a Registry Services Partner

UK Cabinet Office Looks to BlueCat Networks' Expertise and Best Practices for Securing PSN

BlueCat Networks Helps Organizations Transition to IPv6 with HP

BlueCat Networks to Host Webinar on DNS, DHCP and IPAM Featuring Independent Research Firm

Nixu SNS 2.5 Series Gives Fresh Views on DNS

Afilias Says "No" to SOPA

Neustar Names Joe Pasqua to Head Neustar Labs

Q3 2011 Fraud Intelligence Report

The Spookiest DDoS Attacks in History

Giving VIP Treatment to IPAM with Nixu NameSurfer Suite 7.0.2

Protecting Your Business from DDoS Attacks: Advice from Neustar

A Different Kettle of Phish

BlueCat Networks' IPv6-Ready Solutions Pass Critical International Security Standards

Introduction to Nixu Software: End-to-End Software-Based DNS, DHCP, IPAM Solutions for Your Network

MarkMonitor Fraud Intelligence Report Released for Q2 2011

Introducing Holistic View to DDI: Nixu NameSurfer Suite 7 Series Ships

President Obama Names Neustar President and CEO Lisa Hook to NSTAC

Verisign's Matt Larson Wins 2011 InfoWorld Technology Leadership Award

View More

Hot Topics

Verisign

Security

Sponsored by
Verisign
Neustar UltraDNS

DNS

Sponsored by
Neustar UltraDNS
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
Afilias

DNSSEC

Sponsored by
Afilias
dotMobi

Mobile

Sponsored by
dotMobi
View More