Ofcom, the UK’s communications regulator, on October 4, 2011, published the results of a survey of DNSSEC deployment within the United Kingdom. Ofcom specifically asked InterConnect Communications, the authors of the report, to address four main points:
1. Provide a comparison of the UK’s progress and extent deployment of DNSSEC
against other EU member states and G20 nations.
2. Examine Nominet’s progress against that of other national registries in the deployment of DNSSEC.
3. Establish if any barriers to DNSSEC deployment exist (e.g. technical or economic) DNSSEC is a complex protocol to deploy and support.
4. Identify barriers or issues preventing adoption and deployment by UK hosting providers, Internet Service Providers and businesses.
The 52-page report, available as a PDF download, first provides a great tutorial on the basics of DNSSEC, explores the barriers to DNSSEC deployment and then looks at DNSSEC deployment at four levels: globally, within the G20 nations, within European countries and within the UK. It concludes with a useful appendix noting where various DNSSEC standards are within the IETF process and a second appendix on terminology.
Among the reports conclusions are that the primary barrier for DNSSEC adoption within the UK is the lack of a compelling business case to deploy the technology:
- The crucial barrier to DNSSEC deployment in the UK is an economic and commercial one: lack of concrete demand in commercial settings. The UK is now in a position to see if a small set of early adopters will lead to the critical mass necessary for ISPs, hosting companies and registrars to begin offering DNSSEC related services and products.
- The biggest barrier to DNSSEC deployment is the inability to quantify the benefit gained by its deployment. In interviews, ISPs and other hosting companies all say that there is no customer demand for DNSSEC. While they understand the benefit for authenticating DNS queries, they have no economic justification for its development or deployment. With the signing of the second-level domain for .UK one of the biggest barriers to deployment has been removed.
All in all the report makes for excellent reading for those of us looking to understand the current status of DNSSEC deployment – and to help promote further deployment.