How Many Domains Are Secured by DNSSEC? - Page 2

Page 2 of 2

DLV

Having the TLD signed is one key element, but it is not the only way to actually have a DNSSEC-enabled and secured domain. DLV provides a mechanism by which domain holders can secure their domain without the need for the root of their domain to actually be signed.

The DLV effort is led by the ISC (Internet Systems Consortium), the same vendor that leads the effort behind the widely-deployed BIND DNS server.

According to Suzanne Woolf, strategic partnerships manager at ISC, there are over 850 zones active on DLV. That number, however, might not represent the full extent of DNSSEC-secured users that ISC enables.

Woolf noted that the question of how many customers and users ISC currently supports for DNSSEC is a rather tough question to answer.

"All of ISC's DNS services are DNSSEC-capable," Woolf told InternetNews.com. "For instance, we have signed isc.org. Customers of the Hosted@ program running their zone within isc.org or within our address space, get DNSSEC whether they know it or not."

The Hosted@ISC effort provides hosting for some of the top open source efforts, including Mozilla, FreeBSD and kernel.org, the official Linux kernel repository.

Additionally, BIND itself has been DNSSEC-complaint as a DNS server since at least 2004 with the BIND 9.3 release. The upcoming BIND 9.7 release will further help to expedite DNSSEC adoption, according to Woolf.

"BIND 9.7 is called the 'DNSSEC Usability release' internally as that is the primary focus of development," Woolf said.

Woolf added that below that DNSSEC can be fairly complicated technology and that tools are need to help make DNSSEC administration easier.

"DNS software and hosting companies will eventually embed signing utilities in their applications or platforms so as to make DNSSEC easy," Woolf said. "BIND 9.7, targeted for release in October or November, is an example of a step in that direction."

While the actual numbers of DNSSEC-secured domains today are still relatively low in comparison to the total volume of domains available, backers of DNSSEC see its adoption as inevitable.

"Anyone that wants to provide assurance for people visiting their Web site, or sending and receiving e-mail, or doing any other form of Internet-based interaction, should move toward using DNSSEC," .org's Price said. "We expect that in the future, DNSSEC will become an integral part of the domain name registration process."