DNSSEC Implementation Plan

Taking steps to ensure we will be ready to support DNSSEC ahead of schedule

As our reliance on the Internet and the Domain Name System (DNS) grows with the use of more and more online services and applications, the security of these systems must be ensured. DNS Security Extensions (DNSSEC), as defined by RFCs 4033, 4034, and 4035, provide a means to ensure that the global DNS system is secured against various types of attacks. This level of security is meant to thwart scammers, phishers, and spoofers – it ensures that the DNS brings you to the right website, email server, or system each time, every time.

As a leader of Domain Name and DNS solutions, Dyn Inc is taking steps to ensure that our systems will be ready to support DNSSEC ahead of others’ proposed implementation schedules. For those interested, the tasks below outline the steps that Dynamic Network Services Inc. will undertake in the effort to support DNSSEC throughout its systems.

Complete

  • Progress: 100%

    Actively participate in the DNSSEC Coalition, under the Registrar Working Group, an industry organization focused on enabling DNSSEC globally.

  • Progress: 100%

    Provide our customers with a DNSSEC Resolver Testbed, which can be used to test DNS Resolver behavior.

  • Progress: 100%

    Perfom OT+E testing with various domain name registries such as .org and .se to verify support of EPP extensions which support the ability to contribute Delegated Signer (DS) records to the domain’s registry, which will permit end-to-end DNSSEC validation. Furthermore, this testing will involve the validation of transfering DNSSEC-signed domain names between registrars.

  • Progress: 100%

    Expand our existing domain name registration systems to permit an upload of DS records to parent domain name registries.

  • Progress: 100%

    Enable our Dynect Platform customers to sign their zones and provide key generation / rotation / management. contribute trust anchors to appropriate repositories, including domain and DLV (DNSSEC Lookaside Validation – enables islands of DNSSEC in absence of a signed root zone) registries, such as the ISC DLV Registry (Removed because root signing in July 2010 will make this obsolete).

In Progress

  • Progress: 50%

    Work with our DynTLD customers to assist them in signing their TLD zones. Doing so will expand DNSSEC’s adoption and rollout at the registry level.

  • Progress: 30%

    Sign zones and service DNSSEC signed queries from our corporate DNS infrastructure.

  • Progress: 10%

    Enable our DynDNS.com customers to sign their zones and provide key generation / rotation / management.

  • Progress: 10%

    Enable automated key rollover and DS record upload / coordination / notification systems to allow for completely seamless DNSSEC management between various DNS management, DNSSEC management, and domain registration systems.