IID (Internet Identity), a provider of technology and services that help organizations secure their Internet presence, recently announced results from a survey of corporate IT security experts on the impact and future of domain name system security extensions (DNSSEC). The survey, conducted in coordination with the Online Trust Alliance, found that half of the respondents either hadn’t heard of DNSSEC or expressed limited familiarity with it. Those who do understand the technology believe key obstacles including lack of training/implementation services, slow ISP resolver rollout and limited client-aware applications will lead to a two to five-year adoption period.
DNSSEC is an emerging Internet security standard. It is designed to protect Internet users from getting misdirected to unintended Internet destinations by ensuring domain name system (DNS) entries remain unchanged in transit. The Internet’s root servers at the top of the DNS hierarchy added DNSSEC support last July. More than 25 top-level domains — including .gov, .org, .edu and .net — have enabled DNSSEC since then. On March 31, DNSSEC will be enabled on the .com top-level domain, which has more than 80 million registered names according to VeriSign, the operator of .com.
This slideshow highlights some of the findings of the IID survey.
Fifty percent of respondents have never heard of DNSSEC or don’t understand it clearly.
Of those who are familiar with DNSSEC, a vast majority correctly identified the key benefit for the technology. When asked, “What is the purpose of DNSSEC?” their top answer was to “prevent cache-poisoning attacks at recursive nameservers.”
Of those surveyed, only one percent acknowledged their organization has experienced losses to date due to cache poisoning attacks.
The majority of respondents believe it will take two to five years for DNSSEC to become widely adopted in their industry, and all believe that adoption is inevitable.
Only five percent of those polled said their organization has already implemented DNSSEC for their domains, while an additional 16 percent plan to implement it.
According to those surveyed, the two biggest overall obstacles to DNSSEC adoption today are Internet Service Provider deployment of DNSSEC resolvers and DNSSEC-aware client applications like browsers and email.
When asked about the biggest roadblock to individual DNSSEC adoption, the number one answer was, “Not enough vendors offering services to implement it.”
In response to “Who would you choose to provide a DNSSEC PUBLISHING (authoritative records and key management)” and “Who would you expect to be able to provide a DNSSEC resolving (running recursive nameservers my employees use) implementation for your organization?”