News Item

How to deploy DNSSEC?

A new "Good Practices Guide for deploying DNSSEC” for information security managers and National Agencies has been published by the Agency.

Published on March 02, 2010


 The ENISA "Good Practices Guide for deploying DNSSEC” (Domain Name System Security Extensions) has been published.  DNSSEC is a security extension which provides the possibility to origin authentication of DNS data,  data integrity, and authenticated denial of existence. The guide lists the considerations that have to be made and provides recommendations for the security details and procedures to be defined. These procedures should be followed with specific timing requirements in order to deploy DNSSEC:
• by domain holders, signing their domain zones;
• in validating recursive resolvers.

These considerations have to be addressed when specifications are compiled:
• to deploy DNSSEC using internal resources;
• for buying a DNSSEC enabled commercial-of-the-shelf (COTS) DNS product;
• to outsource all or part of the DNS service and sign a service level agreement (SLA).

The guide addresses DNSSEC deployment from the point of view of information security managers responsible for defining a policy and procedures to secure the DNS services of a company or an organisation, and from the point of view of competent authorities defining requirements for deployment.


Stay tuned - subscribe to RSS feeds of ENISA news items

We use cookies on our website to support technical features that enhance your user experience.
We also use analytics. To opt-out from analytics, click for more information.

I've read it More information