Home / Blogs

The DNSSEC Groundswell

It’s been 15 long years since the standard for DNSSEC was developed and sadly adoption has been painfully low until recently, thanks to Dan Kaminsky, the infamous Internet Researcher who indentified that gaping hole in the DNS. The discovery of the fundamental flaw in DNS sparked industry wide attention! Every day, we move a little closer to widespread DNSSEC adoption, so I thought I’d take a moment and highlight some of the most notable milestones.


The Registry operator for .COM and .NET announced this week that they will adopt the DNSSEC standard by 2011. VeriSign’s commitment is well received as .COM and .NET represents such a large number of domain names on the Internet.


The ITAR is here! This is the next best news in the world of DNSSEC aside from the root being signed.

Domain Name Registry Implementation

.SE and .BR launched DNSSEC last year and Nominet, the .UK Registry spearheaded educational and advocacy efforts for wide spread DNSSEC awareness and adoption.

The U.S. Federal Government Mandate

The federal government mandated that .GOV implement DNSSEC by January of 2009 and all Agency .GOV domains DNSSEC signed by December 2009.


Online Payment Giant, PayPal publically supports DNSSEC in a letter to The National Telecommunications and Information Administration (NTIA).

Power in Numbers

“The whole is more than the sum of its parts.” Aristotle, Metaphysica

I am fortunate enough to be leading the DNSSEC Industry Coalition. I have been extremely pleased with the eagerness, collaboration and output that this group has put forth in the DNSSEC initiative. It has been tremendous to see these organizations pull together to work towards and safer and more secure Internet.


In October of last year, Comcast made available a DNSSEC resolver for the Internet community to test against. They are also documenting best practices and case studies as they perform testing, evaluate how to deploy DNSSEC resolvers widely and how to sign their own zones. Comcast is being so gracious as to share their experiences with the Internet community. This is yet another example of industry wide collaboration in moving towards robust Internet security.


Historically, DNSSEC lacked Registrar support and attention and this was a difficult challenge to overcome for those working towards DNSSEC adoption. I am now pleased to report that Registrars are coming around. Some are tackling DNSSEC with full force, others are itching to “play around and test DNSSEC” and the remaining registrars are at least watching and listening what is going on in the world of DNSSEC because they know industry wide deployment is inevitable. The DNSSEC Industry Coalition realizes that Registrars are very critical to the deployment of DNSSEC. We invite Registrars to join our Review Team to evaluate the work of the coalition and to provide the coalition with valuable information from a registrar’s unique perspective.

gTLD Launches

.ORG is the first generic Top-Level Domain to implement DNSSEC to bolster Internet security and stability—working diligently towards signing .ORG in early 2009.

By Lauren Price, Sr. Product Marketing Manager, .ORG, The Public Interest Registry

Lauren Price also contributes to the .Org weblog located here.

Visit Page

Filed Under


Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet




Sponsored byDNIB.com

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

Threat Intelligence

Sponsored byWhoisXML API

New TLDs

Sponsored byRadix

Brand Protection

Sponsored byCSC


Sponsored byVerisign