Internet Technologies 11 April 2012

FCC Publishes DNSSEC Recommendations for ISPs

By Dan YorkChief of Staff, Office of the CEO

FCC CSRIC logoAre you are network operator or Internet service provider (ISP) seeking to understand what you need to do to implement DNSSEC within your network? Are you looking for guidance to help you understand how to proceed?

If so, the U.S. Federal Communications Commission (FCC) just published a set of “DNSSEC Implementation Practices for ISPs” through one of the working groups of its Communications Security, Reliability and Interoperability Council (CSRIC).  The 29-page PDF is available at:

http://transition.fcc.gov/bureaus/pshs/advisory/csric3/CSRIC-III-WG5-Final-Report.pdf

The document provides:

  • A brief overview of DNS and DNSSEC
  • A view of the current state of DNSSEC deployment
  • How Internet Service Providers (ISPs) can use DNSSEC
  • An analysis of the key drivers and challenges for implementing DNSSEC
  • Specific best practice recommendations to ISPs for deploying DNSSEC

The key recommendations of the working group include:

  1. ISPs implement their DNS recursive nameservers so that they are at a minimum DNSSEC-aware, as soon as possible.
  2. Key industry segments, such as banking, credit cards, e-commerce, healthcare and other businesses, sign their respective domain names. The FCC ask industry-leading companies in key sectors commit to doing so, in order to create competitive pressure for others to follow. These industries may be prioritized based on the prevalence of threats to each one, which would mean focusing on financially related sites first, followed by other sites that hold private user data.
  3. Software developers such as web-browser developers study how and when to incorporate DNSSEC validation functions into their software. For example, a browser developer might create a visual indicator for whether or not DNSSEC is in use, or perhaps only a visual warning if DNSSEC validation fails.

We’re very pleased to see these recommendations as they are very much in line with what we’ve been promoting here on the site about DNSSEC – and are very much in line with our recent analysis of DNSSEC challenges and opportunities.

If you are an ISP or network operator, these recommendations from the FCC are definitely ones to consider and act on.  Kudos to the CSRIC Working Group and the FCC for publishing this document.

Thanks to the DNSSEC Deployment Initiative for pointing out that these recommendations were published.

Domain Name System Security Extensions (DNSSEC), Improving Technical Security, Internet Technologies,

Disclaimer: Viewpoints expressed in this post are those of the author and may or may not reflect official Internet Society positions.

Recent Posts

Related Posts

10 March 2021

Internet Society Joins Leading Internet Advocates to Call on ISPs to Commit to Basic User Privacy Protections

Mozilla, the Electronic Frontier Foundation, and the Internet Society call on AT&T, T-Mobile, and Verizon to commit to limiting...

Open Standards Everywhere 4 August 2020

IPv6 Buzz Podcast Dives into Open Standards Everywhere

What are the challenges with applications supporting IPv6? What do people, particularly those working in enterprises, need to know...

Open Standards Everywhere 6 June 2020

On This 8th World IPv6 Launchiversary, Help Us Get More Websites Available Over IPv6

Eight years ago, on June 6, 2012, thousands of companies and organizations came together as part of World IPv6...