Communications Security, Reliability and Interoperability Council (CSRIC), Working Group 5, DNSSEC Implementation Practices for ISPs (Final Report) (Mar. 22, 2012) (full-text).
Internet service providers (ISPs) provide the vast majority of U.S. consumers' and businesses' Internet connectivity, making them crucial to the wide deployment of security technologies such as DNSSEC.
Working Group 5 was asked to examine best practices for deploying and managing the Domain Name System Security Extensions (DNSSEC) by Internet service providers (ISPs). In addition, the Working Group was asked to recommend proper metrics and measurements that allow for evaluation of the effectiveness of DNSSEC deployment by ISPs.
The Working Group examined the pros and cons of ISPs' adoption of DNSSEC as knowledge and acceptance of this security technology increases, and attempted to create a set of recommendations for ISPs that do want to adopt DNSSEC.
In this Final Report, the Working Group recommended that:
- ISPs implement their DNS recursive name servers so that they are at a minimum DNSSEC-aware, as soon as possible.
- Key industry segments, such as banking, credit cards, healthcare and others, sign their respective domain names with DNSSEC.
- Software developers, such as those creating operating-system, web-browser, and other Internet-focused applications, study how and when to incorporate DNSSEC validation functions into their software.