Home / News

Report Reveals Planned DNSSEC Adoption of 2010 by Key Industries Still in Limbo

A recent progress report on DNSSEC adoption reveals the extent to which organizations in a number of industries are falling short of their own objectives for making Domain Name Server (DNS) infrastructure more secure. The progress report, conducted by Secure64 Software Corporation, is a follow-up to a 2010 study by Forrester Research titled, “DNSSEC Ready for Prime Time,” which reported on organizations’ plans to implement DNSSEC in order to shore up vulnerabilities in DNS.

“One of the most interesting aspects of the Forrester study was a survey of organizations that asked about their progress on DNSSEC adoption. Of the organizations that were familiar with DNSSEC, 95 percent told Forrester that they had already deployed DNSSEC or had plans to deploy it within 18 months. Secure64’s followup research shows that those plans have not yet come to fruition,” said Steve Goodbarn, CEO of Secure64.

Some of the key findings:

Media and Entertainment,

  • 98 percent of 50 the world’s leading media and entertainment organizations show no evidence of either trial deployments or full deployments of DNSSEC.
  • Only one organization (Comcast) has fully deployed DNSSEC.

Telecommunications and Internet Service Providers,

  • The telecommunication and internet service provider sector has also been slower to adopt DNSSEC than they indicated in the Forrester study.
  • Secure64’s analysis determined that none of the 60+ largest telecom/ISP companies in the world show evidence of either a trial or full deployment of DNSSEC.

Financial Services,

  • As reported in statistics published by Secure64 in August, progress has been equally slow in the financial services sector. None of the world’s leading banking/finance companies had fully deployed DNSSEC as of August.
  • Only one banking organization showed evidence of a trial deployment of DNSSEC.

By CircleID Reporter

CircleID’s internal staff reporting on news tips and developing stories. Do you have information the professional Internet community should be aware of? Contact us.

Visit Page

Filed Under


Why? Marcel Doe  –  Nov 20, 2012 12:26 PM

Can someone tell me why organizations are so slow to adopt DNSSEC? It seems like a quick win to me.

Marcel,There is a long conversation that could Dan York  –  Nov 20, 2012 8:47 PM


There is a long conversation that could be had on that topic - and perhaps I should write a post here on Circle ID about precisely that.  Some of the issues I captured in a whitepaper back in March, Challenges and Opportunities in Deploying DNSSEC, although there has been movement since I first wrote that in many positive ways.

Essentially, we are caught in the proverbial “chicken-and-egg” bootstrapping process of a new protocol. Domain name holders see little business value in signing their domains because of the scarcity of applications that validate signed domains (ex. DNS resolvers).  Application developers see little business value in adding DNSSEC validation because of the scarcity of signed domains. 

This is changing.  Slowly - but still it is changing.  We are starting to see greater support of DNSSEC within registrars.  We’re starting to see ISPs roll out validating DNS servers.  We’re starting to see application developers look at how they can add in DNSSEC support.  A number of people across the industry are looking at ways we can help people understand the very real value they can get from DNSSEC… and I believe we’ll see more movement in the months ahead.  But it will take some time until it reaches that tipping point when it is just part of what you do with a domain.

But that is a topic for a much longer discussion… I really need to write a post here.  :-)

Hi Dan,I can see the chicken-and-egg problem Marcel Doe  –  Nov 20, 2012 11:42 PM

Hi Dan, I can see the chicken-and-egg problem here. But as far as I understand DNSSEC, the costs for the average corporate website owner are rather limited. They are already dealing with hosting, purchasing and installing certificates and updating DNS entries, so dealing with DNSSEC does not add that much costs. But I guess corporations like to wait. We see the same things happening with IPv6. Everyone waits until all the others have already done it. Or when the need arises... which is too late, for both DNSSEC (already hacked) and IPv6 (unreachable site).

Comment Title:

  Notify me of follow-up comments

We encourage you to post comments and engage in discussions that advance this post through relevant opinion, anecdotes, links and data. If you see a comment that you believe is irrelevant or inappropriate, you can report it using the link at the end of each comment. Views expressed in the comments do not represent those of CircleID. For more information on our comment policy, see Codes of Conduct.

CircleID Newsletter The Weekly Wrap

More and more professionals are choosing to publish critical posts on CircleID from all corners of the Internet industry. If you find it hard to keep up daily, consider subscribing to our weekly digest. We will provide you a convenient summary report once a week sent directly to your inbox. It's a quick and easy read.

I make a point of reading CircleID. There is no getting around the utility of knowing what thoughtful people are thinking and saying about our industry.

Co-designer of the TCP/IP Protocols & the Architecture of the Internet



Brand Protection

Sponsored byCSC


Sponsored byDNIB.com

Threat Intelligence

Sponsored byWhoisXML API

IPv4 Markets

Sponsored byIPv4.Global

Domain Names

Sponsored byVerisign

New TLDs

Sponsored byRadix


Sponsored byVerisign