Home / News I have a News Tip

Report Reveals Planned DNSSEC Adoption of 2010 by Key Industries Still in Limbo

A recent progress report on DNSSEC adoption reveals the extent to which organizations in a number of industries are falling short of their own objectives for making Domain Name Server (DNS) infrastructure more secure. The progress report, conducted by Secure64 Software Corporation, is a follow-up to a 2010 study by Forrester Research titled, "DNSSEC Ready for Prime Time," which reported on organizations' plans to implement DNSSEC in order to shore up vulnerabilities in DNS.

"One of the most interesting aspects of the Forrester study was a survey of organizations that asked about their progress on DNSSEC adoption. Of the organizations that were familiar with DNSSEC, 95 percent told Forrester that they had already deployed DNSSEC or had plans to deploy it within 18 months. Secure64's followup research shows that those plans have not yet come to fruition," said Steve Goodbarn, CEO of Secure64.

Some of the key findings:

Media and Entertainment,

  • 98 percent of 50 the world's leading media and entertainment organizations show no evidence of either trial deployments or full deployments of DNSSEC.
  • Only one organization (Comcast) has fully deployed DNSSEC.

Telecommunications and Internet Service Providers,

  • The telecommunication and internet service provider sector has also been slower to adopt DNSSEC than they indicated in the Forrester study.
  • Secure64's analysis determined that none of the 60+ largest telecom/ISP companies in the world show evidence of either a trial or full deployment of DNSSEC.

Financial Services,

  • As reported in statistics published by Secure64 in August, progress has been equally slow in the financial services sector. None of the world's leading banking/finance companies had fully deployed DNSSEC as of August.
  • Only one banking organization showed evidence of a trial deployment of DNSSEC.

Related topics: DNS Security


Don't miss a thing – get the Weekly Wrap delivered to your inbox.


Why? Marcel Doe  –  Nov 20, 2012 5:26 AM PDT

Can someone tell me why organizations are so slow to adopt DNSSEC? It seems like a quick win to me.

Marcel,There is a long conversation that could Dan York  –  Nov 20, 2012 1:47 PM PDT


There is a long conversation that could be had on that topic - and perhaps I should write a post here on Circle ID about precisely that.  Some of the issues I captured in a whitepaper back in March, Challenges and Opportunities in Deploying DNSSEC, although there has been movement since I first wrote that in many positive ways.

Essentially, we are caught in the proverbial "chicken-and-egg" bootstrapping process of a new protocol. Domain name holders see little business value in signing their domains because of the scarcity of applications that validate signed domains (ex. DNS resolvers).  Application developers see little business value in adding DNSSEC validation because of the scarcity of signed domains. 

This is changing.  Slowly - but still it is changing.  We are starting to see greater support of DNSSEC within registrars.  We're starting to see ISPs roll out validating DNS servers.  We're starting to see application developers look at how they can add in DNSSEC support.  A number of people across the industry are looking at ways we can help people understand the very real value they can get from DNSSEC… and I believe we'll see more movement in the months ahead.  But it will take some time until it reaches that tipping point when it is just part of what you do with a domain.

But that is a topic for a much longer discussion… I really need to write a post here.  :-)

Hi Dan,I can see the chicken-and-egg problem Marcel Doe  –  Nov 20, 2012 4:42 PM PDT

Hi Dan,

I can see the chicken-and-egg problem here. But as far as I understand DNSSEC, the costs for the average corporate website owner are rather limited. They are already dealing with hosting, purchasing and installing certificates and updating DNS entries, so dealing with DNSSEC does not add that much costs.

But I guess corporations like to wait. We see the same things happening with IPv6. Everyone waits until all the others have already done it. Or when the need arises… which is too late, for both DNSSEC (already hacked) and IPv6 (unreachable site).

To post comments, please login or create an account.

Related Blogs

Related News

Explore Topics

Dig Deeper

IP Addressing

Sponsored by Avenue4 LLC

Mobile Internet

Sponsored by Afilias Mobile & Web Services


Sponsored by Verisign

DNS Security

Sponsored by Afilias

Promoted Posts

Buying or Selling IPv4 Addresses?

ACCELR/8 is a transformative IPv4 market solution developed by industry veterans Marc Lindsey and Janine Goodman that enables organizations buying or selling blocks as small as /20s to keep pace with the evolving demands of the market by applying processes that have delivered value for many of the largest market participants. more»

Industry Updates – Sponsored Posts

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Is Your TLD Threat Mitigation Strategy up to Scratch?

Computerworld Names Afilias' Ram Mohan a Premier 100 Technology Leader

Introducing the Verisign DNS Firewall

3 Key Steps for SMBs to Protect Their Website and Critical Internet Services

Key Considerations for Selecting a Managed DNS Provider

What's in Your Attack Surface?

3 Questions to Ask Your DNS Host About DDoS

Afilias Partners With Internet Society to Sponsor Deploy360 ION Conference Series Through 2016

The Latest Internet Plague: Random Subdomain Attacks

Nominum Announces Future Ready DNS

DotConnectAfrica Delegates Attend the Kenya Internet Governance Forum

Introducing getdns: a Modern, Extensible, Open Source API for the DNS

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Adds Chris Griffiths As New VP of Labs

DotConnectAfrica Registry Services Participates in ICANN DNSSEC Training at AFRALTI Nairobi