The Deploy360 Programme staff has been collecting requirements and feedback for DNSSEC-related content from the community here at the Deploy360 site, from within social networks and at our ION conferences.
Based on that feedback, this document is an analysis of the IPv6-related content that needs to be added to the Deploy360 Programme website. The content listed below will either be curated (i.e. found on the Internet, verified for accuracy and pointed to with a review from the Deploy360 site) or will be created by the Deploy360 team in conjunction with partners and volunteers.
If you know of current content that you believe would fit our roadmap below, or if you are interested in writing or creating a listed piece of content, please contact us. We also appreciate any feedback on this roadmap – will the resources we have listed here help you deploy DNSSEC?
Please note that we are always looking for the following kinds of information:
- Case studies of DNSSEC deployment DNSSEC Case Studies page.
- DNSSEC-related statistics sites for our DNSSEC Statistics page.
- New tools for our IPv6 Tools page.
The resources below are listed in the rough order of priority that we would like to add them to the Deploy360 site:
| Section | Content | Status |
|---|---|---|
| Basics | A document explaining the two sides of DNSSEC (signing and validation) and the roles of each actor in those processes | Done |
| Basics | Slide deck that explains value of DNSSEC to managers | In development |
| Case Studies | Multiple case studies are needed. Could exist in different forms such as
|
|
| Basics | Document explaining difference between registrar and DNS hosting operator functions | In development |
| Basics | Document outlining the different roles and responsibilities for registry, registrar, registrant and DNS hosting provider | In development |
| Basics | A review of and guide to relevant RFCs related to using DNSSEC. | In development |
| Basics | Expand info on page about plan for where we need DNSSEC validation. | Dan Y. assigned. Page found here |
| Basics | Animated video going into more depth about the difference of validation versus signing. | |
| Tutorials | Simple tutorial on configuring DNSSEC on BIND (both signing and validation) | |
| Tutorials | Simple tutorial on configuring DNSSEC in NSD | |
| Tutorials | Simple tutorial on configuring DNSSEC in Unbound | |
| Tutorials | Simple tutorial on configuring DNSSEC in Microsoft Windows server 2012 | MS already has a detailed document. Question is whether a simplified version can be created. |
| Tutorials/Basics | Update DNS Servers supporting DNSSEC with links to relevant resource pages (that will need to be created) for the various DNS servers | Page found here |
| Tools | Tutorials of the tools listed on the DNSSEC Tools page | |
| Tools | Video tutorials/screencasts of various tools | |
| Books | A page listing books both free and commercial related to DNSSEC. | |
| Books | Reviews of those books with commentary. |
Feedback on this roadmap is definitely welcome. Thank you.
Back in 2012, we went through an exercise identifying pieces of content we felt needed to be included in the DNSSEC section of the site in order for it to be “complete”. Many of the resources suggested below have been included in the site. Others have now been included in the roadmap list above. The full list is maintained here as a reference.
DNSSEC Basics
Requirements:
- Intro document – What DNSSEC is, why it matters, etc.
- Information about how to ensure your local DNS server will pass along DNSSEC records
- More information about the role of DS records within parent domains
- Information about DANE and the value it brings
- More information about the business reasons for using the added security of DNSSEC
- Information about how SSL and DNSSEC can work together
- Tutorials for how to use DNSSEC at various registrars (expanding the current list)
- Guidance on DNSSEC key rollover
- Information about establishing a DNSSEC Policy and Practice Statement (DPS)
- DNSSEC RFC review
Enhancements:
- Videos/screencasts of securing and signing your domain using various registrars
- Animated video (Common Craft-style) that explains DNSSEC to regular audience
- Assistance in editing/updating the DNSSEC HOWTO maintained by NLnet Labs
- Marketing-type materials for internal advocates to champion DNSSEC
Case Studies
Requirements:
- Case study (text) with a registry
- Case study with a registrar making DNSSEC available to customers
- Case studies with ISPs deploying DNSSEC-validating name servers
- Case studies with multiple developers of different types of applications
Enhancements:
- Video case studies with all of the above
- Design and publish “deployment scenarios” for DNSSEC that are suited to specific industry segments rather than rely solely on case studies
Tools
Requirements:
- Tutorial on how to add CZ.NIC DNSSEC extension to Microsoft IE
- Tutorial/info about how to configure DNSSEC using
- BIND
- PowerDNS
- Unbound
- Windows 8
- (other servers)
- Pointers to more of the existing videos/screencasts about DNSSEC tools
Enhancements:
- Videos/screencasts of adding DNSSEC extensions to Chrome, Firefox, IE
- Videos/screencasts of configuring DNSSEC using the various nameservers
Training
Requirements:
- Identification of further courseware available for open/free usage
- Further identification of additional train-the-trainer courseware
Enhancements:
- Creation of additional written courseware
- Creation of deployment-focused e-learning / video tutorials
- Ongoing webinar series offering IPv6 education
- Develop and standardize a training package for DNSSEC that trainers and consultants can use as a base for educating their customers
Network Operators (including registries and registrars)
Requirements:
- Guidelines for considerations for supporting DNSSEC
- Include information about whether or not to validate at ISP-level
- Case studies (previously covered above)
- Questions to ask vendors regarding DNSSEC support
- Pointers to databases of DNSSEC-enabled software and services
- Information about DNSSEC automation software
- Tutorial on DNSSEC deployment at the gTLD/ccTLD level
Enhancements:
- Commissioned analyst whitepapers on DNSSEC
- Videos/screencasts related to DNSSEC implementation at operator level
- Funding to assist in adding DNSSEC capability to registry/registrar software
Developers
Requirements:
- Guidelines/best practices for adding DNSSEC support to applications
- Case studies (previously covered above)
Enhancements:
- Videos/screencasts showing use of DNSSEC libraries
- Creation of additional open source test tools and/or libraries
Content Providers
Requirements:
- Case studies
- Information about business case / value in using DNSSEC
- Information about how to work with registrars in signing domains
- Information about using content delivery networks (CDNs) that support DNSSEC
- Information about DANE and other uses of DNSSEC
Enhancements:
- (Same video screencasts as under DNSSEC Basics)
Consumer Electronics Manufacturers
Requirements:
- Case studies
- Information about business case / value in using DNSSEC
- (similar information as with Developers in how to add DNSSEC support to a device)
Enhancements:
- (Same video screencasts as under DNSSEC Basics and Developers)
Enterprise Customers
Requirements:
- More material helping C-levels understand the need to deploy DNSSEC
- Business case / cost benefit analysis support for DNSSEC
- Case studies
- (Tutorials on DNSSEC configuration as referenced earlier)
Enhancements:
- Commissioned analyst whitepapers on DNSSEC
- Videos/screencasts related to enterprise usage of DNSSEC
- Slides / materials to help enterprise advocates promote DNSSEC within their enterprise