DNSSEC continues to gain momentum as network operators and domain owners watch and learn from early adopters. The learning process is made easier by efforts such as the ongoing work conducted by researchers at Sandia labs to methodically identify and categorize the kinds of problems that are occurring.
The early experience has validated the need for integration of all the functions needed for DNSSEC. It’s not realistic to expect DNS administrators to pull together all the piece parts that are needed. Automation is also essential, if technically astute organizations are tripped up by mandatory maintenance and intricate processes (like rolling over Key Signing Keys) then others will be too.
Evidence of the value of better tools can be found out in the marketplace. Comcast recently promoted their deployment of DNSSEC across their network of more than 18 million subscribers and signing of more than 5000 domains. They’ve demonstrated DNSSEC can be deployed at massive scale by taking advantage of better DNS software. Adoption of every new technology accelerates when a major player takes the lead, a large scale deployment validates what is possible and positions DNSSEC at the base of the power curve.
DNSSEC has also been on the agenda at the United States Federal Communications Commission (FCC). In a recent speech Julius Genachowski, Chairman of the FCC, not only urged service providers to take voluntary action to deter the spread of botnets, he also urged them to adopt DNSSEC.
ISPs that adopt DNSSEC, Genachowski said, “can provide a real and tangible benefit to the consumers and businesses that rely on them.” He pushed ISPs to implement it “as soon as possible.”
Directly from his speech: “If they adopt DNSSEC, ISPs can provide a real and tangible benefit to the consumers and businesses that rely on them. DNSSEC is ready to be implemented. Indeed, at least one major U.S. ISP has already completed implementation of DNSSEC. “
As security becomes a part of brand equity, service providers and domain owners everywhere will recognize the value of improving their stature. Leadership on the part of large ISPs demonstrate that with the right tools even complex technologies like DNSSEC can be deployed and deliver real benefits to end users. Better still, security also does not have to exist in isolation but can be part of a larger strategy that incorporates other business enhancing initiatives such as subscriber loyalty and business intelligence.