Today, GoDaddy has around 400 customers of its Premium DNS service that are actually signing their domains using DNSSEC. "It's been a pretty gradual adoption; it hasn't come on like gangbusters," Merdinger says.
However, GoDaddy is anticipating this figure to rise when the .com zone is signed.
"There is definitely some pent-up demand for DNSSEC in .com," Merdinger says. "We have almost as many people preconfigured for DNSSEC for .com as we have actively configured for .net at the moment."
One technical hurdle that GoDaddy faced in deploying DNSSEC is that top-level domains have implemented DNSSEC differently, with various signing algorithms and key lengths.
"You really have to deploy DNSSEC on a per-TLD basis, making sure you fully understand the nuances of each implementation," Merdinger explains. "While DNSSEC is a standard, there is enough wiggle room in the standard that you have to make sure you accommodate for each TLD."
"If you're deploying DNSSEC inside of your own DNS infrastructure, you have to understand the impact as far as record sizes and volumes of data are concerned. There's a scalability issue, and each of the individual TLDs is done slightly differently," Merdinger said. "Since the implementation of DNSSEC is so critical to Internet security...it might be time for IT managers to start looking to outsource DNSSEC management."
Having done all the legwork to prepare for DNSSEC, GoDaddy is hoping to reap the rewards of being the first major domain name registrar to offer this add-on security service.
"We are anticipating that we will get a flood of requests for DNSSEC," Merdinger says. "GoDaddy is well positioned to help the adoption of DNSSEC. We support the sale of domains, the sale of SSL, we offer hosting and a full complement of the services that it takes to bring a Web presence online securely."
GoDaddy isn't the only DNS vendor to see slow adoption of DNSSEC until now.
Akamai, a content delivery network, offers a beta version of DNSSEC on its authoritative DNS service. "We have seen very, very poor adoption to date," says Andy Champagne, vice president of engineering at Akamai. "We've had it for a year and a half. We thought this technology would catch on with the government mandates for DNSSEC on .gov, but that deadline came and went....In the last year, I've only had two customers ask about it.''
Sign up for Computerworld eNewsletters.