Home / Blogs

Industry Makes Rapid Progress on DNSSEC

Ram Mohan

DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week.

More than 50 registries have now signed their TLD zones using DNSSEC. Notably, VeriSign last week announced that it has enabled DNSSEC in the .net TLD, and that .com signing is scheduled for early 2011, two moves which will significantly increase adoption at the TLD registry level. These efforts complement others such as Afilias' own ongoing Project Safeguard, which is committed to implementing DNSSEC across TLDs for which we currently provide registry services. During the ICANN workshop, Steve Crocker, co-chair of the DNSSEC Deployment Initiative presented data showing the growth of fully operation DNSSEC TLDs over the last 12 months.

But it takes more than just TLD registries to deploy DNSSEC for the full benefits of a more secure DNS to be felt by all Internet users. Domain registrars, software and hardware developers, ISPs and end users all need to do their part to support the technology. The main challenges for DNSSEC adoption in the coming year lie beyond the registry level..

DNSSEC is a complex technology so, when communicating its value, it is important to keep the message simple. Users of anti-virus software do not need to know how malware works in order to understand the need for good security; the same should be true for the DNS. A common view among ICANN delegates was that Web browser developers will need to visibly support DNSSEC in their interfaces — through, for example, an TLS/SSL-style "green bar" — before there is widespread understanding of the value it brings.

The registrar community is largely still exploring its go-to-market options for DNSSEC, but some have already started to back up verbal support commitments with tangible new services. GoDaddy, for example, said in Cartagena that it will offer managed signing as part of a Premium DNS package that will include unrelated value-added services. Panelists agreed that most domain name customers are unaware of the security benefits that DNSSEC offers, but that corporate customers are more aware of the problems inherent in not using DNSSEC than others.

While DNSSEC outreach is necessarily a cross-community effort, some TLD registries have already started DNSSEC awareness-raising efforts. The Public Interest Registry, which signed .org with Afilias' support earlier this year, has launched a "Practice Safe DNS” campaign aimed at everybody from hardware manufacturers and web developers to domain registrants themselves.

In the coming months, DNSSEC will go from being supported by a relatively small numbers of TLDs to one which is available to the large majority of registrants worldwide. The challenge now, agreed panelists at the ICANN DNSSEC workshop last week, is to ensure that the consumer benefits of a more secure DNS are effectively communicated to technology enablers and early adopters.

By Ram Mohan, Executive Vice President & CTO, Afilias. Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Related topics: DNS, DNSSEC, Domain Names, Registry Services, ICANN, Malware, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

Season's Greetings - 2014 End of Year Message from DotConnectAfrica

Minds + Machines in 2014 and 2015

New .VOTE and .VOTO Domains Launched

Consumers Prefer the .ORGANIC Domain for True-Organic Goods

DNW Podcast Interview with Antony Van Couvering

TLD Registry and Right of the Dot Establish a Domain Name Industry "Dream Team"

TLD Registry Ltd Welcomes New Board Members

New .LGBT Top-Level Domain Launched

.sydney Domain Names Now Available in Pre-Release

"Chinese Domaining Masterclass" to be Presented at NamesCon Las Vegas in January 2015

Auction and Sales Channel Update

Radix Set to Launch .SITE TLD in 2015

Annual Manthan Award Event This Week

Domain Name .Africa Faces Hurdles - Q&A with Sophia Bekele

Join Paul Vixie & Robert Edmonds at the Upcoming Distinguished Speaker Series

Q3 2014 DDoS Trends: Attacks Exceeding 10 Gbps on the Rise

LogicBoxes Announces Automation Solutions for ccTLD

List of New gTLD Availability & Key Information Provided for Download

Radix Launches .Space for Individuals, Freelancers and Professionals

TLD Registry Wins Best Marketing Award at China New gTLD Roadshow

Sponsored Topics

Verisign

Security

Sponsored by
Verisign
Minds + Machines

Top-Level Domains

Sponsored by
Minds + Machines
dotMobi

Mobile

Sponsored by
dotMobi
Afilias

DNSSEC

Sponsored by
Afilias