Home / News

Report Reveals Planned DNSSEC Adoption of 2010 by Key Industries Still in Limbo

A recent progress report on DNSSEC adoption reveals the extent to which organizations in a number of industries are falling short of their own objectives for making Domain Name Server (DNS) infrastructure more secure. The progress report, conducted by Secure64 Software Corporation, is a follow-up to a 2010 study by Forrester Research titled, "DNSSEC Ready for Prime Time," which reported on organizations' plans to implement DNSSEC in order to shore up vulnerabilities in DNS.

"One of the most interesting aspects of the Forrester study was a survey of organizations that asked about their progress on DNSSEC adoption. Of the organizations that were familiar with DNSSEC, 95 percent told Forrester that they had already deployed DNSSEC or had plans to deploy it within 18 months. Secure64's followup research shows that those plans have not yet come to fruition," said Steve Goodbarn, CEO of Secure64.

Some of the key findings:

Media and Entertainment,

  • 98 percent of 50 the world's leading media and entertainment organizations show no evidence of either trial deployments or full deployments of DNSSEC.
  • Only one organization (Comcast) has fully deployed DNSSEC.

Telecommunications and Internet Service Providers,

  • The telecommunication and internet service provider sector has also been slower to adopt DNSSEC than they indicated in the Forrester study.
  • Secure64's analysis determined that none of the 60+ largest telecom/ISP companies in the world show evidence of either a trial or full deployment of DNSSEC.

Financial Services,

  • As reported in statistics published by Secure64 in August, progress has been equally slow in the financial services sector. None of the world's leading banking/finance companies had fully deployed DNSSEC as of August.
  • Only one banking organization showed evidence of a trial deployment of DNSSEC.

Related topics: DNS Security

WEEKLY WRAP — Get CircleID's Weekly Summary Report by Email:

Comments

Why? Marcel Doe  –  Nov 20, 2012 5:26 AM PDT

Can someone tell me why organizations are so slow to adopt DNSSEC? It seems like a quick win to me.

Marcel,There is a long conversation that could Dan York  –  Nov 20, 2012 1:47 PM PDT

Marcel,

There is a long conversation that could be had on that topic - and perhaps I should write a post here on Circle ID about precisely that.  Some of the issues I captured in a whitepaper back in March, Challenges and Opportunities in Deploying DNSSEC, although there has been movement since I first wrote that in many positive ways.

Essentially, we are caught in the proverbial "chicken-and-egg" bootstrapping process of a new protocol. Domain name holders see little business value in signing their domains because of the scarcity of applications that validate signed domains (ex. DNS resolvers).  Application developers see little business value in adding DNSSEC validation because of the scarcity of signed domains. 

This is changing.  Slowly - but still it is changing.  We are starting to see greater support of DNSSEC within registrars.  We're starting to see ISPs roll out validating DNS servers.  We're starting to see application developers look at how they can add in DNSSEC support.  A number of people across the industry are looking at ways we can help people understand the very real value they can get from DNSSEC… and I believe we'll see more movement in the months ahead.  But it will take some time until it reaches that tipping point when it is just part of what you do with a domain.

But that is a topic for a much longer discussion… I really need to write a post here.  :-)

Hi Dan,I can see the chicken-and-egg problem Marcel Doe  –  Nov 20, 2012 4:42 PM PDT

Hi Dan,

I can see the chicken-and-egg problem here. But as far as I understand DNSSEC, the costs for the average corporate website owner are rather limited. They are already dealing with hosting, purchasing and installing certificates and updating DNS entries, so dealing with DNSSEC does not add that much costs.

But I guess corporations like to wait. We see the same things happening with IPv6. Everyone waits until all the others have already done it. Or when the need arises… which is too late, for both DNSSEC (already hacked) and IPv6 (unreachable site).

To post comments, please login or create an account.

Related Blogs

Related News

Topics

Industry Updates – Sponsored Posts

24 Million Home Routers Expose ISPs to Massive DNS-Based DDoS Attacks

Motivated to Solve Problems at Verisign

Diversity, Openness and vBSDcon 2013

Neustar's Proposal for New gTLD Collision Risk Mitigation

Dyn Adds Chris Griffiths As New VP of Labs

DotConnectAfrica Registry Services Participates in ICANN DNSSEC Training at AFRALTI Nairobi

Neustar Launches Enterprise Professional Services Offerings

ARI Registry Services Expands Top-Level DNS Services With Bold Plans

What's in a Name Server?

DNS ROI: 5 Reasons Slow Website Speed Kills and Why Uptime Is a Necessity

Nominum Releases New Version of Carrier-Grade DHCP Software for Telecom Providers

SPECIAL: Updates from the ICANN Meetings in Prague

SPECIAL: Updates from the ICANN Meetings in Costa Rica

Being a .PRO When Choosing a Registry Services Partner

UK Cabinet Office Looks to BlueCat Networks' Expertise and Best Practices for Securing PSN

BlueCat Networks Helps Organizations Transition to IPv6 with HP

BlueCat Networks to Host Webinar on DNS, DHCP and IPAM Featuring Independent Research Firm

Afilias Says "No" to SOPA

Giving VIP Treatment to IPAM with Nixu NameSurfer Suite 7.0.2

BlueCat Networks' IPv6-Ready Solutions Pass Critical International Security Standards

Sponsored Topics