Through the hard work of many in the Internet community, the majority of top-level domains in the root now deploys DNSSEC.
DNS Security Extensions provide the biggest security upgrade to Internet infrastructure in more than 20 years. By deploying cryptographic records alongside existing DNS records, DNSSEC-enabled systems can verify that the information received from the DNS has not been modified in transit and is what was intended by the Registrant who sent it.
The 50% milestone complements a long list of successful efforts by the community and ICANN that have brought us to this point. Starting with the development of the protocols to secure the DNS in the mid-90s, trendsetting deployment by security-conscious TLDs (e.g., .se), government requirements, public vulnerability discoveries (e.g., Kaminsky), deployment at the root by an international team; to ISP and DNS operator (e.g., Google) support – the trend is clear.
We have also witnessed and benefited from widespread deployment and support of DNSSEC by some Registrars in some countries (e.g., .nl, .se). And with DNSSEC support required of the over 1000 new gTLDs, we shall continue to enjoy widespread implementation of DNSSEC at the infrastructure level.
But we still have a way to go. Without widespread deployment by Registrants on their domain names, end users and content providers cannot benefit from all of the security, and new and innovative opportunities that DNSSEC will bring. However, with the help of Registrars, DNS operators, vendors, ISPs, as well as the awareness and training efforts that ICANN and other organizations provide, we hope that securing Registrant DNS content, whatever it is, will become widespread and that Internet users may one day enjoy the simple trusted experience that using the ‘Net once was.
Rick Lamb
SR. PROGRAM MANAGER, DNSSEC