DNSSEC Content Roadmap

The Deploy360 Programme staff has been collecting requirements and feedback for DNSSEC-related content from the community here at the Deploy360 site, from within social networks and at our ION conferences.

Based on that feedback, this document is an analysis of the IPv6-related content that needs to be added to the Deploy360 Programme website. The content listed below will either be curated (i.e. found on the Internet, verified for accuracy and pointed to with a review from the Deploy360 site) or will be created by the Deploy360 team in conjunction with partners and volunteers.

If you know of current content that you believe would fit our roadmap below, or if you are interested in writing or creating a listed piece of content, please contact us. We also appreciate any feedback on this roadmap – will the resources we have listed here help you deploy DNSSEC?

Please note that we are always looking for the following kinds of information:

The resources below are listed in the rough order of priority that we would like to add them to the Deploy360 site:

Section Content Status
Basics A document explaining the two sides of DNSSEC (signing and validation) and the roles of each actor in those processes Done
Basics Slide deck that explains value of DNSSEC to managers In development
Case Studies Multiple case studies are needed. Could exist in different forms such as

  • blog posts
  • video or audio interviews
  • slide decks
  • existing presentations at recent industry conferences
Basics Document explaining difference between registrar and DNS hosting operator functions In development
Basics Document outlining the different roles and responsibilities for registry, registrar, registrant and DNS hosting provider In development
Basics A review of and guide to relevant RFCs related to using DNSSEC. In development
Basics Expand info on page about plan for where we need DNSSEC validation. Dan Y. assigned.
Page found here
Basics Animated video going into more depth about the difference of validation versus signing.
Tutorials Simple tutorial on configuring DNSSEC on BIND (both signing and validation)
Tutorials Simple tutorial on configuring DNSSEC in NSD
Tutorials Simple tutorial on configuring DNSSEC in Unbound
Tutorials Simple tutorial on configuring DNSSEC in Microsoft Windows server 2012 MS already has a detailed document. Question is whether a simplified version can be created.
Tutorials/Basics Update DNS Servers supporting DNSSEC with links to relevant resource pages (that will need to be created) for the various DNS servers Page found here
Tools Tutorials of the tools listed on the DNSSEC Tools page
Tools Video tutorials/screencasts of various tools
Books A page listing books both free and commercial related to DNSSEC.
Books Reviews of those books with commentary.

Feedback on this roadmap is definitely welcome. Thank you.


Back in 2012, we went through an exercise identifying pieces of content we felt needed to be included in the DNSSEC section of the site in order for it to be “complete”.  Many of the resources suggested below have been included in the site.  Others have now been included in the roadmap list above.  The full list is maintained here as a reference.

DNSSEC Basics

Requirements:

  • Intro document – What DNSSEC is, why it matters, etc.
  • Information about how to ensure your local DNS server will pass along DNSSEC records
  • More information about the role of DS records within parent domains
  • Information about DANE and the value it brings
  • More information about the business reasons for using the added security of DNSSEC
  • Information about how SSL and DNSSEC can work together
  • Tutorials for how to use DNSSEC at various registrars (expanding the current list)
  • Guidance on DNSSEC key rollover
  • Information about establishing a DNSSEC Policy and Practice Statement (DPS)
  • DNSSEC RFC review

Enhancements:

  • Videos/screencasts of securing and signing your domain using various registrars
  • Animated video (Common Craft-style) that explains DNSSEC to regular audience
  • Assistance in editing/updating the DNSSEC HOWTO maintained by NLnet Labs
  • Marketing-type materials for internal advocates to champion DNSSEC

Case Studies

Requirements:

  • Case study (text) with a registry
  • Case study with a registrar making DNSSEC available to customers
  • Case studies with ISPs deploying DNSSEC-validating name servers
  • Case studies with multiple developers of different types of applications

Enhancements:

  • Video case studies with all of the above
  • Design and publish “deployment scenarios” for DNSSEC that are suited to specific industry segments rather than rely solely on case studies

Tools

Requirements:

  • Tutorial on how to add CZ.NIC DNSSEC extension to Microsoft IE
  • Tutorial/info about how to configure DNSSEC using
    • BIND
    • PowerDNS
    • Unbound
    • Windows 8
    • (other servers)
  • Pointers to more of the existing videos/screencasts about DNSSEC tools

Enhancements:

  • Videos/screencasts of adding DNSSEC extensions to Chrome, Firefox, IE
  • Videos/screencasts of configuring DNSSEC using the various nameservers

Training

Requirements:

  • Identification of further courseware available for open/free usage
  • Further identification of additional train-the-trainer courseware

Enhancements:

  • Creation of additional written courseware
  • Creation of deployment-focused e-learning / video tutorials
  • Ongoing webinar series offering IPv6 education
  • Develop and standardize a training package for DNSSEC that trainers and consultants can use as a base for educating their customers

Network Operators (including registries and registrars)

Requirements:

  • Guidelines for considerations for supporting DNSSEC
    • Include information about whether or not to validate at ISP-level
  • Case studies (previously covered above)
  • Questions to ask vendors regarding DNSSEC support
  • Pointers to databases of DNSSEC-enabled software and services
  • Information about DNSSEC automation software
  • Tutorial on DNSSEC deployment at the gTLD/ccTLD level

Enhancements:

  • Commissioned analyst whitepapers on DNSSEC
  • Videos/screencasts related to DNSSEC implementation at operator level
  • Funding to assist in adding DNSSEC capability to registry/registrar software

Developers

Requirements:

  • Guidelines/best practices for adding DNSSEC support to applications
  • Case studies (previously covered above)

Enhancements:

  • Videos/screencasts showing use of DNSSEC libraries
  • Creation of additional open source test tools and/or libraries

Content Providers

Requirements:

  • Case studies
  • Information about business case / value in using DNSSEC
  • Information about how to work with registrars in signing domains
  • Information about using content delivery networks (CDNs) that support DNSSEC
  • Information about DANE and other uses of DNSSEC

Enhancements:

  • (Same video screencasts as under DNSSEC Basics)

Consumer Electronics Manufacturers

Requirements:

  • Case studies
  • Information about business case / value in using DNSSEC
  • (similar information as with Developers in how to add DNSSEC support to a device)

Enhancements:

  • (Same video screencasts as under DNSSEC Basics and Developers)

 


Enterprise Customers

Requirements:

  • More material helping C-levels understand the need to deploy DNSSEC
  • Business case / cost benefit analysis support for DNSSEC
  • Case studies
  • (Tutorials on DNSSEC configuration as referenced earlier)

Enhancements:

  • Commissioned analyst whitepapers on DNSSEC
  • Videos/screencasts related to enterprise usage of DNSSEC
  • Slides / materials to help enterprise advocates promote DNSSEC within their enterprise