Deploy360 28 November 2011

OFCOM DNSSEC Deployment Study Report Provides Great Tutorial, Statistics, More

By Dan YorkDirector, Internet Technology
Ofcom DNSSEC deployment study 2011

Ofcom, the UK’s communications regulator, on October 4, 2011, published the results of a survey of DNSSEC deployment within the United Kingdom. Ofcom specifically asked InterConnect Communications, the authors of the report, to address four main points:

1. Provide a comparison of the UK’s progress and extent deployment of DNSSEC
against other EU member states and G20 nations.

2. Examine Nominet’s progress against that of other national registries in the deployment of DNSSEC.

3. Establish if any barriers to DNSSEC deployment exist (e.g. technical or economic) DNSSEC is a complex protocol to deploy and support.

4. Identify barriers or issues preventing adoption and deployment by UK hosting providers, Internet Service Providers and businesses.

The 52-page report, available as a PDF download, first provides a great tutorial on the basics of DNSSEC, explores the barriers to DNSSEC deployment and then looks at DNSSEC deployment at four levels: globally, within the G20 nations, within European countries and within the UK. It concludes with a useful appendix noting where various DNSSEC standards are within the IETF process and a second appendix on terminology.

Among the reports conclusions are that the primary barrier for DNSSEC adoption within the UK is the lack of a compelling business case to deploy the technology:

  • The crucial barrier to DNSSEC deployment in the UK is an economic and commercial one: lack of concrete demand in commercial settings. The UK is now in a position to see if a small set of early adopters will lead to the critical mass necessary for ISPs, hosting companies and registrars to begin offering DNSSEC related services and products.
  • The biggest barrier to DNSSEC deployment is the inability to quantify the benefit gained by its deployment. In interviews, ISPs and other hosting companies all say that there is no customer demand for DNSSEC. While they understand the benefit for authenticating DNS queries, they have no economic justification for its development or deployment. With the signing of the second-level domain for .UK one of the biggest barriers to deployment has been removed.

All in all the report makes for excellent reading for those of us looking to understand the current status of DNSSEC deployment – and to help promote further deployment.

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Related articles

Improving Technical Security 15 March 2019

DNS Privacy Frequently Asked Questions (FAQ)

We previously posted about how the DNS does not inherently employ any mechanisms to provide confidentiality for DNS transactions,...

Improving Technical Security 14 March 2019

Introduction to DNS Privacy

Almost every time we use an Internet application, it starts with a DNS (Domain Name System) transaction to map...

Improving Technical Security 13 March 2019

IPv6 Security for IPv4 Engineers

It is often argued that IPv4 practices should be forgotten when deploying IPv6, as after all IPv6 is a...