Recommendations for DNSSEC deployment

This guide is designed as an aid and tool for municipalities that have the intention to implement DNSSEC, but it also applies to other types of organisations in both the public and private sectors.

In principle, all internet-based services are dependent on a working domain name system (DNS). The consequences of mistakes can be extensive. This is even more so with the introduction of DNSSEC, which places high demands on technical competence for the operation of a traditional DNS. One obstacle for implementation has been the lack of guidance for individual domain holders regarding which demands should be made in particular for small and medium-sized businesses.

The ambition is that this guide will provide such support, both in the introduction and in the ongoing work with DNSSEC.

The guide is built on that which the regional council in Kalmar prepared when they introduced DNSSEC in the region’s municipalities, but it is reworked in parts to suit a wider audience. The manuscript to the guide has been written by Fredrik Ljunggren and Jakob Schlyter, Kirei AB, in connection with IIS’s Chief Information Security Officer, Anne-Marie Eklund Löwinder.

About DNSSEC

DNSSEC makes the internet safer through complicating the manipulation of the information traffic on the domain name system, so that a user can be sure that he or she is actually visiting their internet bank and not a false copy that has been set up to steal passwords and account information.

This technology creates a chain of trust that insures a user’s click on a website ends up where it should, on the right website, instead of being intercepted along the way. With DNSSEC, a consumer on the internet can feel a greater trust that they will get what they want. It has the potential to combat online fraud far more efficiently than today.

Published: March 21, 2014