Site Map    |    Site Index    | 

Quick Links: Select A Link Below About ICANN Accountability and Review Accountability and Transparency Address Supporting Organization (ASO) Announcements Annual Report Articles of Incorporation At-Large Advisory Committee (ALAC) Blog Board Meeting Minutes Board of Directors Budget Bylaws Calendar of Events Committees - Other Committees - Advisory Committees - Board Committees - Past Contact Information Contracts Contractual Compliance Newsletter Contractual Compliance Program Corporate Documents Correspondence Country Code TLD Managers - Information for Country-Code Names Supporting Organization (ccNSO) Country-Code Top-Level Domain Agreements Country-Code Top-Level Domain Board Materials Country-Code Top-Level Domain Listings Current Topics Dashboard Documents Domain Name Dispute Resolution Policies Employment Opportunities Factsheets Fellowship Office Financial Information First-Time Visitors Former Directors Frequently Asked Questions Generic Names Supporting Organization (GNSO) Generic Top-Level Domain (gTLD) Program Generic Top-Level Domain (gTLDs) Life Cycle Generic Top-Level Domain Information (gTLDs) Global Partnerships Glossary Governmental Advisory Committee IANA Agreement IANA ccTLD Reports IANA ICANN Info IDN Glossary IPv6 Policy Independent Reviews of ICANN Structures InterNIC Internal Procedure for Conflicts with Privacy Law Internationalized Domain Names Links Litigation Documents Major Agreements Maps Meetings Mission Monthly Magazine Monthly Registry Reports News Newsletters & News Alerts Newsletters Archive Nominating Committee Ombudsman Operating Plan Organizational Chart PGP Keys Participate in ICANN Partnership Memorandums of Understanding Payments to ICANN Planning Process Policy Documents Presentations President and CEO President's Strategy Committee Press Resources Public Comment Public Participation Site Publications RSS Feed Registrants Information Registrar Accreditation Agreement Amendments Consultation Registrar Accreditation Overview Registrar Advisories Registrar Agreements Registrar Complaints Registrar Data Escrow Program Registrar Information Registrar Problem - Get Help Registrars - Accredited Registry Agreements Registry Information Registry Listings Registry Monthly Reports Registry Services Evaluation Process Report Inaccurate Whois Information Resources Root Server System Advisory Committee (RSSAC) Security and Stability Advisory Committee (SSAC) Speeches Sponsored Top-Level Domains Staff Strategic Plan Supporting Organizations Technical Liason Group Transfers Translations Transparency Universal Acceptance of All Top-Level Domains Vint Cerf's Legacy Letter to ICANN Community Website Enhancement Whois Information Whois Search

Search:

Internet Corporation for Assigned Names and Numbers

  |  Subscribe: Newsletters & News Alerts  |  ICANN Blog  |  Public Comment

• Home
• About
• News
• Current Topics
• Events
• Structure
• Processes
• Resources
• Documents
• Contact    

^ Home

^ Structure

> Security and Stability Advisory Committee

 

Survey of DNSSEC Capable DNS Implementations

SAC 030

14 April 2008

Background  |  Methodology  |  Survey Questions  |  Survey Results  |  Disclaimer

 

Background

SAC 026 [PDF, 29K], SSAC Statement to ICANN and Community on Deployment of DNSSEC, identifies issues have been exposed with respect to DNSSEC and recommends actions IANA, registries, registrars, and ICANN should take to improve the security of the DNS through the deployment of DNS Security Extensions. In the Statement, SSAC indicated that it would study the availability of DNSSEC on commonly used DNS server platforms. This page identifies the method SSAC adopted to conduct the survey, the survey questions, and collates the survey responses in tabular form.

Methodology

SSAC members identified approximately 40 commercial and open source DNS implementations. Members obtained contact information for companies providing commercial DNS products and open source developers. The committee authorized David Piscitello to send email messages explaining the purpose of the survey to these contacts. The email message asked a set of DNSSEC implementation survey questions and asked that the contacts provide a response for each product supported. The email message also explained that responses were voluntary and that the responses would be posted publicly, on this page.

Survey Questions

The survey asked the following questions:

1. When will you support DNSSEC standards (RFCs 4033-4035)?

Today :
<Product name as you wish it to be published, version/release>

1. Does this implementation support recursion (i.e., accept queries with RD=1)?
2. Can the product perform DNSSEC validation?
3. Can the product act as an authority server?
4. Can it host a signed zone and return DNSSEC metadata when requested via the DO bit?

 Under development :
<specify release/version and estimated availability>  

No plans to implement :
<state reason (optional)>

2. When will you support NSEC3 (RFC 5155)?

Today :
<product name as you wish it to be published, version/release>

Under development :
<specify release/version and estimated availability (year/quarter)>

No plans to implement:
<state reason (optional)>

3. When will you provide DNSSEC key management tools?

Today :
<product name as you wish it to be published, version/release>

 Under development :
<specify release/version and estimated availability (year/quarter)>

 No plans to implement :
<state reason (optional)>

4. Have you performed Interoperability testing with your product deployed as an authoritative NS to a DNSSEC-aware recursive resolver?
   
   <Please list products tested>
5. Have you performed Interoperability testing with your product deployed as a recursive resolver to DNSSEC-aware stub resolvers
   
   <Please list products tested>
6. Have you performed Interoperability testing with your product deployed as a DNSSEC-aware stub resolver to a recursive resolver?
   
   <Please list products tested>
7. What encryption algorithms do you support?
   
   <Specify key sizes supported>
8. Do you provide DNSSEC-aware utilities with your product?
   
   <Please list utilities>
9. Does your product support recursion (i.e., will it accept queries with RD=1)?
10. If your product supports recursion,

1. Can it perform DNSSEC validation?
2. Can it act as an authority server?
3. Can it host a signed zone and return DNSSEC metadata when requested via the DO bit?

Survey Results

 <TABLE TO BE PROVIDED>

 Disclaimer

The information provided on this page was voluntarily disclosed by commercial DNS server vendors and by developers of open source and free distribution DNS software. DNS implementations may evolve over time and thus, this survey may not reflect subsequent changes in feature availability that is not reported to the SSAC. We recommend that you contact vendors and developers for the most current status of their DNSSEC implementation. [Note: SSAC is aware that certain DNS operators and providers have proprietary implementations but has only anecdotal information regarding which operators deploy DNS in this manner. The committee encourages all operators who have proprietary implementations to contact us with answers to the survey questions. We will include all responses we receive.]

 Only product information is published from the report. Personal or company contact information has not been shared or disclosed to any parties other than SSAC members and ICANN staff that assisted in the preparation of this report. SSAC publishes survey results as they are received; thus, this survey is at this time a living document. Subsequent to the initial survey, vendors may request that SSAC update DNSSEC implementation availability by answering the survey questions and submitting these to ssac-fellow@icann.org.

<date>

This file last modified 05-May-2008

© 2008 Internet Corporation For Assigned Names and Numbers