In the summer of 2008, the Internet was rocked by the revelation that the Domain Name System (DNS), one of the core infrastructures of the Internet, was vulnerable to attack.
The ultimate solution to the DNS vulnerability is a technology that has been available since at least 2004, called DNSSEC (DNS Security Extensions) (define).
How many domains are actually DNSSEC-secured today? That’s a difficult question to answer, but one that InternetNews.com set out to discover. With tens of millions of domains potentially at risk, only a small percentage to date are actually DNSSEC-secured.
At the top level of the Internet, among what are commonly referred to as the gTLD (generic top level domains) of .com, .net and .org, only the .org gTLD has been signed for DNSSEC security.
VeriSign controls .com and .net while the Public Interest Registry (PIR) controls .org. VeriSign did not respond to InternetNews.com‘s query about the current status of DNSSEC deployment at press time.
On the other hand, the .org domain space was officially signed for DNSSEC in June of this year. However, having the .org gTLD is just the first step. Since June, individual domains have migrated to the platform for a beta test. While there are millions of .org domains, to date only a small number have been signed.
“PIR has signed approximately 25 .org domains with DNSSEC as part of its beta test phase,” Lauren Price, senior product marketing manager at PIR told InternetNews.com. “We are manually inserting the DS records into the zone. In addition, we have the contact data for all of the domain owners in our beta test phase. PIR will work closely with each domain holder through every phase of the testing to mitigate risks and capture lessons learned.”
Price added that with the phased beta period, the plan is not to sign a large number of domains. The focus is instead on having a reasonably sized set of test domains to provide a quality testing experience.
Network infrastructure vendor Afilias provides the back-end for .org and also has a number of other TLD initiatives underway for DNSSEC.
“We have a DNSSEC test bed running now for the .IN registry (India),” Howard Eland, senior director of resolution services at Afilias, told InternetNews.com. “We also provide secondary DNS for Sweden (.SE), which is a signed zone, as well as secondary DNS for ISC’s DLV effort.”
Eland declined to provide specific numbers for the .IN and the .SE registries, in terms of how many domains are currently secured today. DLV, the DNSSEC Look-aside Validation technology is another story.
Having the TLD signed is one key element, but it is not the only way to actually have a DNSSEC-enabled and secured domain. DLV provides a mechanism by which domain holders can secure their domain without the need for the root of their domain to actually be signed.
The DLV effort is led by the ISC (Internet Systems Consortium), the same vendor that leads the effort behind the widely-deployed BIND DNS server.
According to Suzanne Woolf, strategic partnerships manager at ISC, there are over 850 zones active on DLV. That number, however, might not represent the full extent of DNSSEC-secured users that ISC enables.
Woolf noted that the question of how many customers and users ISC currently supports for DNSSEC is a rather tough question to answer.
“All of ISC’s DNS services are DNSSEC-capable,” Woolf told InternetNews.com. “For instance, we have signed isc.org. Customers of the Hosted@ program running their zone within isc.org or within our address space, get DNSSEC whether they know it or not.”
The Hosted@ISC effort provides hosting for some of the top open source efforts, including Mozilla, FreeBSD and kernel.org, the official Linux kernel repository.
Additionally, BIND itself has been DNSSEC-complaint as a DNS server since at least 2004 with the BIND 9.3 release. The upcoming BIND 9.7 release will further help to expedite DNSSEC adoption, according to Woolf.
“BIND 9.7 is called the ‘DNSSEC Usability release’ internally as that is the primary focus of development,” Woolf said.
Woolf added that below that DNSSEC can be fairly complicated technology and that tools are need to help make DNSSEC administration easier.
“DNS software and hosting companies will eventually embed signing utilities in their applications or platforms so as to make DNSSEC easy,” Woolf said. “BIND 9.7, targeted for release in October or November, is an example of a step in that direction.”
While the actual numbers of DNSSEC-secured domains today are still relatively low in comparison to the total volume of domains available, backers of DNSSEC see its adoption as inevitable.
“Anyone that wants to provide assurance for people visiting their Web site, or sending and receiving e-mail, or doing any other form of Internet-based interaction, should move toward using DNSSEC,” .org’s Price said. “We expect that in the future, DNSSEC will become an integral part of the domain name registration process.”
Article courtesy of InternetNews.com.
Huawei’s AI Update: Things Are Moving Faster Than We Think
FEATURE | By Rob Enderle,
December 04, 2020
Keeping Machine Learning Algorithms Honest in the ‘Ethics-First’ Era
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 18, 2020
Key Trends in Chatbots and RPA
FEATURE | By Guest Author,
November 10, 2020
FEATURE | By Samuel Greengard,
November 05, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
November 02, 2020
How Intel’s Work With Autonomous Cars Could Redefine General Purpose AI
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 29, 2020
Dell Technologies World: Weaving Together Human And Machine Interaction For AI And Robotics
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
October 23, 2020
The Super Moderator, or How IBM Project Debater Could Save Social Media
FEATURE | By Rob Enderle,
October 16, 2020
FEATURE | By Cynthia Harvey,
October 07, 2020
ARTIFICIAL INTELLIGENCE | By Guest Author,
October 05, 2020
CIOs Discuss the Promise of AI and Data Science
FEATURE | By Guest Author,
September 25, 2020
Microsoft Is Building An AI Product That Could Predict The Future
FEATURE | By Rob Enderle,
September 25, 2020
Top 10 Machine Learning Companies 2020
FEATURE | By Cynthia Harvey,
September 22, 2020
NVIDIA and ARM: Massively Changing The AI Landscape
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
September 18, 2020
Continuous Intelligence: Expert Discussion [Video and Podcast]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 14, 2020
Artificial Intelligence: Governance and Ethics [Video]
ARTIFICIAL INTELLIGENCE | By James Maguire,
September 13, 2020
IBM Watson At The US Open: Showcasing The Power Of A Mature Enterprise-Class AI
FEATURE | By Rob Enderle,
September 11, 2020
Artificial Intelligence: Perception vs. Reality
FEATURE | By James Maguire,
September 09, 2020
Anticipating The Coming Wave Of AI Enhanced PCs
FEATURE | By Rob Enderle,
September 05, 2020
The Critical Nature Of IBM’s NLP (Natural Language Processing) Effort
ARTIFICIAL INTELLIGENCE | By Rob Enderle,
August 14, 2020
Datamation is the leading industry resource for B2B data professionals and technology buyers. Datamation's focus is on providing insight into the latest trends and innovation in AI, data security, big data, and more, along with in-depth product recommendations and comparisons. More than 1.7M users gain insight and guidance from Datamation every year.
Advertise with TechnologyAdvice on Datamation and our other data and technology-focused platforms.
Advertise with Us
Property of TechnologyAdvice.
© 2025 TechnologyAdvice. All Rights Reserved
Advertiser Disclosure: Some of the products that appear on this
site are from companies from which TechnologyAdvice receives
compensation. This compensation may impact how and where products
appear on this site including, for example, the order in which
they appear. TechnologyAdvice does not include all companies
or all types of products available in the marketplace.