Domain Name System Security Extensions (DNSSEC)

The U.S. Department of Commerce's National Telecommunications and Information Administration (NTIA) and National Institute of Standards are working with the Internet Corporation for Assigned Names and Numbers (ICANN) and VeriSign on an initiative to enhance the security and stability of the Internet. The parties are working on an interim approach to deployment of a security technology -- Domain Name System Security Extensions (DNSSEC) -- at the authoritative root zone of the Internet. There will be further consultations with the Internet technical community as the testing and implementation documentation are developed.

Important Documents
Testing and Implementation Requirements for the Initial Deployment of DNSSEC in the Authoritative Root Zone: This requirements document was drafted jointly by the National Telecommunications and Information Administration and the National Institute of Standards and Technology. The purpose is to provide baseline architecture, security, and basic functionality requirements for the implementation and operation of DNSSEC at the root zone. NTIA and NIST have consulted with members of the Internet technical community as well as with its root zone management partners – ICANN and VeriSign. To the extent possible, input resulting from these consultations is reflected in the requirements.

Draft Documents
DNSSEC Root Zone High Level Technical Architecture (Working draft): This working draft document, prepared by ICANN and VeriSign, describes their proposed architecture for DNSSEC deployment at the root. The document is intended to be a high-level description of the design. More in-depth details are to be contained in accompanying documentation.

ICANN DNSSEC Policy and Practice Statement (Working draft): States practices and provisions employed in root zone signing and zone distribution services.

VeriSign DNSSEC Policy and Practice Statement (Working draft): States practices and provisions employed in root zone signing and zone distribution services.

NTIA Requested Public Comments Regarding the Deployment of DNSSEC

NTIA consulted with interested stakeholders regarding the deployment of DNS Security Extensions (DNSSEC) in the DNS hierarchy, including the authoritative root zone level. The Notice of Inquiry (NOI) was published in the Federal Register on October 9, 2008. Comments were due on November 24, 2008.

• Press Release
  Posted 10-09-2008
• Federal Register: Notice of Inquiry (PDF 69 kb - DOC 112 kb)
  Posted 10-09-2008

NOI Supporting Material

• Current Process Flow for Changes to the Authoritative Root Zone File
• DNSSEC Proposed Process Flows
  • Proposal 1
  • Proposal 2
  • Proposal 3
  • Proposal 4
  • Proposal 5
  • Proposal 6
• Internet Corporation for Assigned Names and Numbers (ICANN) DNSSEC Proposal (September 2, 2008)
• VeriSign DNSSEC Proposal (September 22, 2008)

Comments Received

• Brian Dickson
• Jeffery A. Williams
• David A. Wheeler
• Kevin M. Morooney, Vice Provost for Information Technology/CIO, Penn State

October 14 - 17, 2008

• Millind Dongre
• Bill Miller
• Kevin Patel
• Jon Kibler, Chief Technical Officer, Advanced Systems Engineering Technology, Inc.

October 20 - 24, 208

• Name Omitted by Author

October 27 - 31, 2008

• Loraine Beyer, AT&T Enterprise Architecture

November 3 - 7, 2008

• J. Scott Marcus

November 10 - 14, 2008

• Lyman Chapin, Paul Hoffman, Jelte Jansen, Frederico A C Neves, Jakob Schlyter, Andrew Sullivan, Paul Wouters
• Ron Bonica
• Ondrej Sury

November 17 - 21, 2008

• Tae Joo
• Terry Manderson
• Olaf Kolkman, Chair, Internet Architecture Board (IAB)
• Bill Manning
• Paul Wilson, Director General, APNIC
• Nii Quaynor, Convener, African Network Operators Group (AfNOG)

November 24 - 28, 2008

• Steven R. Goodbarn, CEO, Secure64 Software Corp
• Jeffrey A. Williams
• Michael Barrett, Chief Information Security Officer, PayPal
• Kentaro Mori, Service Development Department, Japan Registry Services Co., Ltd. (JPRS)
• Russ Housley, Founder, Vigil Security, LLC; Chair of the Internet Engineering Task Force (IETF)
• Rob Blokzijl, Chairman, RIPE
• Dean Anderson, CEO, AV8 Internet, Inc.
• Roelof Meijer, CEO, SIDN
• Lesley Cowley, CEO, Nominet
• Anders Johanson, Director, Network Security Department, Swedish Post and Telecom Agency (PTS); and Danny Aerts, CEO, .SE
• Akamai Technologies - Andy Ellis, Senior Director, Information Security; James Kretchmar, Senior Architect, Mapping; David Lawrence, Senior Software Engineer, Mapping; Matt Levine, Director, Mapping; Jean Roy, Research Scientist, Mapping; Brian Sniffen, Senior Architect, Information Security
• Rodney Joffe, Senior Vice President and Senior Technologist, NeuStar, Inc.
• Jim Reid
• Joe Baptista, PublicRoot Consortium
• Lynn St. Amour, President and Chief Executive Officer, Internet Society (ISOC)
• Kathryn Zachem, Vice President, Regulatory & State Legislative Affairs, COMCAST CORPORATION; Jason Livingood, Executive Director, Internet Systems Engineering, National Engineering & Technical Operations, COMCAST CORPORATION
• Brian Cute, Vice President, Afilias
• Byron Holland, President and CEO, Canadian Internet Registration Authority (CIRA)
• Ondrej Filip, CEO, CZ.NIC
• Thierry Moreau, CONNOTECH Experts-conseils inc.
• Tim Ruiz, Vice President, Corp. Development & Policy, The Go Daddy Group, Inc.
• General Dale Meyerrose, Major General, USAF (Ret), Interim CEO, ARIN; Mark Kosters, CTO, ARIN
• Christopher G. Martin, Manager - Marketing & Advertising, ICT, Banking, Emerging Markets, United States Council for International Business (USCIB)
• Andy Linton
• Kurt Erik Lindqvist, CEO, Autonomica Ab
• Brenden Kuerbis, Internet Governance Project
• Vinton G. Cerf, VP and Chief Internet Evangelist, Google
• Ross Stapleton-Gray, Chief Security Officer, Packet Clearing House
• Jeff Brueggeman, Vice President Public Policy, AT&T Services, Inc.
• Robert C. Hutchinson
• Audrey L. Plonk, Senior Global Policy Specialist, Intel Corporation
• Steve DelBianco, Executive Director, NetChoice
• Eric Brunner-Williams
• Richard Currey, Chair, Domain Name Commission Limited, .nz
• Paul V. Mockapetris, Chairman & Chief Scientist, Nominum