Home / Blogs

Industry Makes Rapid Progress on DNSSEC

Ram Mohan

DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week.

More than 50 registries have now signed their TLD zones using DNSSEC. Notably, VeriSign last week announced that it has enabled DNSSEC in the .net TLD, and that .com signing is scheduled for early 2011, two moves which will significantly increase adoption at the TLD registry level. These efforts complement others such as Afilias' own ongoing Project Safeguard, which is committed to implementing DNSSEC across TLDs for which we currently provide registry services. During the ICANN workshop, Steve Crocker, co-chair of the DNSSEC Deployment Initiative presented data showing the growth of fully operation DNSSEC TLDs over the last 12 months.

But it takes more than just TLD registries to deploy DNSSEC for the full benefits of a more secure DNS to be felt by all Internet users. Domain registrars, software and hardware developers, ISPs and end users all need to do their part to support the technology. The main challenges for DNSSEC adoption in the coming year lie beyond the registry level..

DNSSEC is a complex technology so, when communicating its value, it is important to keep the message simple. Users of anti-virus software do not need to know how malware works in order to understand the need for good security; the same should be true for the DNS. A common view among ICANN delegates was that Web browser developers will need to visibly support DNSSEC in their interfaces — through, for example, an TLS/SSL-style "green bar" — before there is widespread understanding of the value it brings.

The registrar community is largely still exploring its go-to-market options for DNSSEC, but some have already started to back up verbal support commitments with tangible new services. GoDaddy, for example, said in Cartagena that it will offer managed signing as part of a Premium DNS package that will include unrelated value-added services. Panelists agreed that most domain name customers are unaware of the security benefits that DNSSEC offers, but that corporate customers are more aware of the problems inherent in not using DNSSEC than others.

While DNSSEC outreach is necessarily a cross-community effort, some TLD registries have already started DNSSEC awareness-raising efforts. The Public Interest Registry, which signed .org with Afilias' support earlier this year, has launched a "Practice Safe DNS” campaign aimed at everybody from hardware manufacturers and web developers to domain registrants themselves.

In the coming months, DNSSEC will go from being supported by a relatively small numbers of TLDs to one which is available to the large majority of registrants worldwide. The challenge now, agreed panelists at the ICANN DNSSEC workshop last week, is to ensure that the consumer benefits of a more secure DNS are effectively communicated to technology enablers and early adopters.

By Ram Mohan, Executive Vice President & CTO, Afilias. Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Related topics: DNS, DNS Security, Domain Names, Registry Services, ICANN, Malware, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:


To post comments, please login or create an account.

Related Blogs

Related News


Industry Updates – Sponsored Posts

Another Tech Leader Joins .tech

Radix's .ONLINE Fastest to Sell 100,000 Domains

.PRO Domains Now Available to All

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Verisign Mitigates More Attack Activity in Q3 2015 Than Any Other Quarter During Last Two Years

Protect Your Privacy - Opt Out of Public DNS Data Collection

The ".law" Domain Gains Momentum Throughout the Legal Profession

Verisign & Forrester Webinar: Defending Against Cyber Threats in Complex Hybrid-Cloud Environments

Measuring DNS Performance for the User Experience

LogicBoxes Announces Pioneer Registrar Program

Portfolio Update: October Launches and Renewal Rates

"The Market Has No Morality" Sophia Bekele Speaks on Business Ethics and Accountability

We're Moving Forward. You Coming?

Introducing Verisign Public DNS: A Free Recursive DNS Service That Respects Your Privacy

Faster DDoS Mitigation - Introducing Verisign OpenHybrid Customer Activated Mitigation

City of Miami 3rd in U.S. to Launch Dedicated TLD

Internet Grows to 296 Million Domain Names in Q2 2015

Dyn Comments on ICG Proposal for IANA Transition

.Online Becomes the Fastest TLD to Sell 50,000 Domains

Verisign's Q2'15 DDoS Trends: DDoS for Bitcoin Increasingly Targets Financial Industry

Sponsored Topics