Donate
‹ Back
Domain Name System Security Extensions (DNSSEC) 23 March 2012

Whitepaper: Challenges and Opportunities in Deploying DNSSEC


At the SATIN 2012 conference on March 23, 2012, the Internet Society’s Dan York spoke about a paper that he and other members of the Internet Society staff developed outlining some of the challenges with DNSSEC deployment and identifying opportunities to simplify the user experience to accelerate DNSSEC deployment. The document is now available for download at:

Challenges and Opportunities in Deploying DNSSEC (SATIN 2012)

The document lays out the challenges and opportunities for:

  • Domain name consumers – any person or application that is using a domain name.
  • Domain name holders – people or organizations who have registered a domain and, in the context of DNSSEC, want to sign the domain.
  • Domain name infrastructure operators – people or organizations that provide the actual service behind the Domain Name System and have a role to play in the DNSSEC signing and validation processes.

Within each section, there are multiple subsections with specific examples.  The document concludes with some thoughts about additional opportunities to accelerate DNSSEC deployment and a lengthy list of resources for further exploration of the topic.

Our goal is that this document can stimulate further discussion about these points and lead to solutions that move DNSSEC deployment further.  We also will be using it within the Deploy360 Programme to identify areas where we need to add more DNSSEC resources to the site.

We welcome any and all feedback and comments, either directly here as comments to this page or sent to us via email or our web form.

‹ Back

Related resources

Deploying DNSSEC: Validation on recursive caching name servers
Domain Name System Security Extensions (DNSSEC)23 October 2012

Deploying DNSSEC: Validation on recursive caching name servers

Why should you deploy DNSSEC-validating DNS resolvers on your network?  What kind of planning should you do to prepare? What...

Case Study: Comcast's DNSSEC Implementation
Domain Name System Security Extensions (DNSSEC)12 June 2014

Case Study: Comcast's DNSSEC Implementation

Comcast, one of the largest Internet Service Providers (ISPs) in North America, started their Domain Name System Security Extensions(DNSSEC) deployment...

Deployment Guide: DNSSEC for Internet Service Providers (ISPs)
Deploy36011 November 2013

Deployment Guide: DNSSEC for Internet Service Providers (ISPs)

An Internet Service Provider needs to offer high value while containing costs. One way to increase your services' value is...

Join the conversation with Internet Society members around the world