Home / Blogs

Industry Makes Rapid Progress on DNSSEC

Ram Mohan

DNSSEC is being rolled out quickly in top-level domain registries around the world, but there's still some way to go to encourage other Internet stakeholders to adopt the new security technology. That was one of the key takeaways from a day-long, comprehensive session on Domain Name System Security Extensions implementation worldwide, held during ICANN's public meeting in Cartagena, Colombia, last week.

More than 50 registries have now signed their TLD zones using DNSSEC. Notably, VeriSign last week announced that it has enabled DNSSEC in the .net TLD, and that .com signing is scheduled for early 2011, two moves which will significantly increase adoption at the TLD registry level. These efforts complement others such as Afilias' own ongoing Project Safeguard, which is committed to implementing DNSSEC across TLDs for which we currently provide registry services. During the ICANN workshop, Steve Crocker, co-chair of the DNSSEC Deployment Initiative presented data showing the growth of fully operation DNSSEC TLDs over the last 12 months.

But it takes more than just TLD registries to deploy DNSSEC for the full benefits of a more secure DNS to be felt by all Internet users. Domain registrars, software and hardware developers, ISPs and end users all need to do their part to support the technology. The main challenges for DNSSEC adoption in the coming year lie beyond the registry level..

DNSSEC is a complex technology so, when communicating its value, it is important to keep the message simple. Users of anti-virus software do not need to know how malware works in order to understand the need for good security; the same should be true for the DNS. A common view among ICANN delegates was that Web browser developers will need to visibly support DNSSEC in their interfaces — through, for example, an TLS/SSL-style "green bar" — before there is widespread understanding of the value it brings.

The registrar community is largely still exploring its go-to-market options for DNSSEC, but some have already started to back up verbal support commitments with tangible new services. GoDaddy, for example, said in Cartagena that it will offer managed signing as part of a Premium DNS package that will include unrelated value-added services. Panelists agreed that most domain name customers are unaware of the security benefits that DNSSEC offers, but that corporate customers are more aware of the problems inherent in not using DNSSEC than others.

While DNSSEC outreach is necessarily a cross-community effort, some TLD registries have already started DNSSEC awareness-raising efforts. The Public Interest Registry, which signed .org with Afilias' support earlier this year, has launched a "Practice Safe DNS” campaign aimed at everybody from hardware manufacturers and web developers to domain registrants themselves.

In the coming months, DNSSEC will go from being supported by a relatively small numbers of TLDs to one which is available to the large majority of registrants worldwide. The challenge now, agreed panelists at the ICANN DNSSEC workshop last week, is to ensure that the consumer benefits of a more secure DNS are effectively communicated to technology enablers and early adopters.

By Ram Mohan, Executive Vice President & CTO, Afilias. Mr. Mohan brings over 20 years of technology leadership experience to Afilias and the industry.

Related topics: DNS, DNS Security, Domain Names, Registry Services, ICANN, Malware, Security, Top-Level Domains

 
   
WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Industry Updates – Sponsored Posts

Facilitating a Trusted Web Space for Financial Service Professionals

Ready or Not, 5 Big Tech Trends Headed Your Way

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

.STORE Grosses Over $1 Million Before the Close of Day 1

News.Markets: A Rising Star in the World of Financial Trading and New TLDs

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Announces .コム Domain Names Are Now Available for Anyone to Register

NBA & NFL Teams Drive .store Sunrise Score to 647

Financial Industry Quick to Embrace New Top Level Domains

New TLD .STORE Crosses 500+ Sunrise Applications

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year

Meet Boston Ivy, Home to Some of the Most Specialized TLDs in the Financial Services Sector

Move Beyond Defensive Domain Name Registrations, Towards Strategic Thinking

Is Your TLD Threat Mitigation Strategy up to Scratch?

Verisign Launches New gTLDs for the Korean Market, .닷컴 and .닷넷

Verisign Opens Landrush Program Period for .コム Domain Names

Domain Management Handbook from MarkMonitor

i2Coalition to Host First Ever Smarter Internet Forum

Afilias Announces Relaunch of .GREEN TLD

Sponsored Topics

Port25

Email

Sponsored by
Port25
Verisign

Security

Sponsored by
Verisign
Afilias - Mobile & Web Services

Mobile

Sponsored by
Afilias - Mobile & Web Services
Afilias

DNS Security

Sponsored by
Afilias