/
DNSSEC Education for TLD managers

DNSSEC Education for TLD managers

Owned by Laura Kolker
Last updated: Sept 08, 2010

The At-Large Advisory Committee wishes to draw the attention of the Board on the challenges raised by the deployment of DNSSEC for Internet community.

The DNS in its current way of working has been around for many years. TLD operator of all sizes have access to a large set of information resources. DNS is routinely a part of academic and technical trainings all over the world. However, DNS Security Extensions introduces a major challenge, as expertise on the technology is not as widespread as it is for traditional DNS. There is a significant element of risk for the global working of the DNS infrastructure if implementation of DNSSEC is not done right in some TLDs.

There are still open questions on the respective roles of registries, registrars and domain name holders in the provision of DNSSEC records into zone files.

While we have no concerns that major TLDs will take whatever measures are needed to facilitate the deployment of DNSSEC in a reliable way, we are more concerned about smaller TLDs, that may not have adequate resources to understand and implement it in a way that poses no threat to the global working of the DNS. Many of them are non-contracted parties that do not participate in the work of the ICANN community and consequently may miss essential information at different levels:

  • Business: how will DNSSEC influence the cost of running a TLD ? If any, how this cost could be possibly share between the registry, the registrar and/or the customer?
  • Political: how will a TLD operator interact with their government if the country sees DNSSEC as a threat to their national security policies or push for DNSSEC?
  • Technical: how can a TLD operator deploy DNSSEC in an effective way and automate processes ?

The current technical recommendations are that DNSSEC should be added to the existing TLDs before we roll out new ones. This means we should get as many signed TLDs in the root as possible over the next one or two years. In the past, organizations like ISOC and RIRs have been running workshops to inform TLD operators about best practices. We feel there is a need to reinvigorate these activities on the short term with a special focus on DNSSEC.
Therefore, we suggest that: ICANN should work with other interested parties to launch an outreach and education effort targeted at smaller TLDs to help them successfully launch DNSSEC. Preliminary contacts with some organizations like ISOC and ….. have indicated their interest in a cooperative project.


Patrick I would suggest a web training facility to reach all interested managers around the world.

contributed by guest@socialtext.net on 2009-10-26 08:21:22 GMT