Economical and Political Implications of DNSSEC Deployment

Abstract: This report provides a summary of the current deployment of Domain Name System (DNS) Security Extensions (DNSSEC) as well as a discussion of future deployments and deployment rates. It analyses the problems that have occurred and considers those that may arise. This thesis focuses mainly on economical and political perspectives, rather than the technical perspective used in most reports regarding this subject. There were four areas that needed to be examined: the technical basis for DNSSEC, the deployment process, the current level of DNSSEC deployment, and the opinions regarding this subject. The information about the deployment process was obtained mainly through articles, but also through reports from organizations such as the Internet Corporation for Assigned Names and Numbers (ICANN) and the Electronic Privacy Information Centre. To acquire up to date data on DNSSEC deployment, SecSpider was used to research the level of deployment as of 2010-05-06. The search was restricted to the generic Top Level Domains (gTLDs) and country code TLDs (ccTLDs) of the top 20 countries in terms of Internet usage as well as the OECD countries. This restriction was made to narrow down the scope to the TLDs where DNSSEC would have the greatest impact. The “Top 20” comprises 77.27 % of the world’s Internet users, hence it is where DNSSEC deployment would affect the most people. The OECD is in this thesis considered a sufficient ly large selection to represent themost technologically advanced and economically powerful countries in the world regardless of size. Major powers such as China, India, and Russia while not included in the OECD are represented in the “Top 20” due to their size. Our results show that some major TLDs have implemented DNSSEC and that the rate of deployment has increased in the last few years. However, the level of DNSSEC deployment in the TLDs is still rather low; 15.00 % in the gTLDs and ccTLDs of the Top 20 countries in Internet usage, and 20.00 % in the OECD’s ccTLDs. Deployment in the root is ongoing during spring 2010, this could have a great impact on the rate of deployment as deployment in a gTLD or ccTLD is highly dependent on deployment high up in the hierarchy due to the nature of DNSSEC. It is unlikely that corporations would implement DNSSEC without a potential return on investment (ROI) and management control measures from governments might be required to increase deployment pace at the lower levels of the DNS hierarchy.