Home / Blogs

Industry Makes Rapid Progress on DNSSEC

Ram Mohan

DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week.

More than 50 registries have now signed their TLD zones using DNSSEC. Notably, VeriSign last week announced that it has enabled DNSSEC in the .net TLD, and that .com signing is scheduled for early 2011, two moves which will significantly increase adoption at the TLD registry level. These efforts complement others such as Afilias' own ongoing Project Safeguard, which is committed to implementing DNSSEC across TLDs for which we currently provide registry services. During the ICANN workshop, Steve Crocker, co-chair of the DNSSEC Deployment Initiative presented data showing the growth of fully operation DNSSEC TLDs over the last 12 months.

But it takes more than just TLD registries to deploy DNSSEC for the full benefits of a more secure DNS to be felt by all Internet users. Domain registrars, software and hardware developers, ISPs and end users all need to do their part to support the technology. The main challenges for DNSSEC adoption in the coming year lie beyond the registry level..

DNSSEC is a complex technology so, when communicating its value, it is important to keep the message simple. Users of anti-virus software do not need to know how malware works in order to understand the need for good security; the same should be true for the DNS. A common view among ICANN delegates was that Web browser developers will need to visibly support DNSSEC in their interfaces — through, for example, an TLS/SSL-style "green bar" — before there is widespread understanding of the value it brings.

The registrar community is largely still exploring its go-to-market options for DNSSEC, but some have already started to back up verbal support commitments with tangible new services. GoDaddy, for example, said in Cartagena that it will offer managed signing as part of a Premium DNS package that will include unrelated value-added services. Panelists agreed that most domain name customers are unaware of the security benefits that DNSSEC offers, but that corporate customers are more aware of the problems inherent in not using DNSSEC than others.

While DNSSEC outreach is necessarily a cross-community effort, some TLD registries have already started DNSSEC awareness-raising efforts. The Public Interest Registry, which signed .org with Afilias' support earlier this year, has launched a "Practice Safe DNS” campaign aimed at everybody from hardware manufacturers and web developers to domain registrants themselves.

In the coming months, DNSSEC will go from being supported by a relatively small numbers of TLDs to one which is available to the large majority of registrants worldwide. The challenge now, agreed panelists at the ICANN DNSSEC workshop last week, is to ensure that the consumer benefits of a more secure DNS are effectively communicated to technology enablers and early adopters.

By Ram Mohan, Executive Vice President & CTO, Afilias

Related topics: DNS, DNS Security, Domain Names, Registry Services, ICANN, Malware, Security, Top-Level Domains

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

.nyc Goes Public to Brand the Big Apple

pink.host: Breast Cancer Awareness by Bluehost

3 Questions to Ask Your DNS Host About DDoS

Introducing Our Special Edition Managed DNS Service for Top-Level Domain Operators

Afilias Director Wins ICANN's 2014 Leadership Award

Radix Announces the Addition of .tech to Its Portfolio

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

Infographic: Where in the World Do Chinese People Live?

Public Interest Registry Seeks Leaders to Serve on its NGO Community Advisory Council

Neustar to Build Multiple Tbps DDoS Mitigation Platform

Auctions Update: MMX Wins .law and .vip

LogicBoxes Partners with I-Content to Implement Vertical Integration for .RICH and .ONL

The Latest Internet Plague: Random Subdomain Attacks

Digging Deep Into DNS Data Discloses Damaging Domains

General Availability Kicks Off for .Website, .Press and .Host

New .ORGANIC Top-Level Domain Welcomes Leading Brands As .ORGANIC Pioneers

Dot Chinese Online and Dot Chinese Website Featured in EURid's World Report on IDNs 2014

New .ORGANIC Top-Level Domain Opens to Serve the Organic Community

DotConnectAfrica Contributes at the 9th IGF in Istanbul, Turkey

Independent Endorsement of Dot Chinese Online & Dot Chinese Website by by FiarWinds Partners

Sponsored Topics