Menu Close

Perceptions of IT Decision-makers on the use of DNSSEC

By Pablo Rodríguez, Executive Vice President of PR Top Level Domain 

DNSSEC’s slow adoption rate is an important social problem because information security issues are among the most current and prevalent concerns of individuals, government agencies, and corporations; issues such as identity theft, information tampering and disclosure. Despite the apparent protective advantages of DNSSEC and the negative repercussions of failure to adopt it, no studies have explored why the TLD IT decision-makers have decided not to use this technology. To gain insight into a problem impacting thousands of Internet users, a qualitative, exploratory case study using semi-structured interviews was employed to identify TLD IT decision-makers’ perceptions with the intention to develop, based on the findings, a set of recommendations that facilitate and promote DNSSEC implementation among ccTLD operators in Latin America and the Caribbean.

According to IANA, there are 47 ccTLD operators in total in the LAC region. In the study, IT decision-makers were invited to participate and were distinguished in two ccTLD categories: DNSSEC adopters and non-adopters. Ten or more participants from each category, DNSSEC adopters and non-adopters, was the minimum number required to conduct a valid and representative study of the 47 ccTLDs in the region. Twenty-four participants (12 adopters and 12 non-adopters) responded to the invitation to participate. The 24 interviews were conducted via Zoom in English (11, or ~ 46%) and Spanish (13, or 54%) to maximize the ccTLD representatives’ participation. 

The findings demonstrated the participants’ current perceptions and understanding about DNSSEC. The critical conclusion extracted from the study findings revealed, firstly, that participants broadly viewed DNSSEC as a technology that enhances ccTLD cybersecurity.  However, they argued that the need for dedicated personnel with a high-level skill set to implement it and maintain it is a disadvantage. Secondly, participants perceived that social influencers such as LACTLD, LACNIC, ICANN, and IETF help promote DNSSEC adoption. Nonetheless, the lack of technical infrastructure and trained personnel are challenges that impede DNSSEC implementations in ccTLDs. So is the lack of budget to support such infrastructure. Thirdly, reputation is a driver of DNSSEC technology adoption. Both adopters and non-adopters believe that others perceive them as competent, secure, reliable and innovative for implementing DNSSEC. Finally, participants in the adopter category perceive that overcoming financial, technical, promotional and workload challenges helps customer clients to adopt DNSSEC. 

The findings of this study revealed deficiencies in several areas that significantly impede the implementation of DNSSEC among ccTLDs and their clients. Consequently, the following technical, commercial, legal and policy recommendations should be followed to increase its use:

Technical framework

  • Explore what is needed to integrate a DNSSEC presence notification method into search engines (Chrome, Bing, Baidu, Yahoo, Yandex…).
  • Integrate a section to discuss the costs associated with the implementation of DNSSEC and seek to reduce them. 
  • Explore and develop a standard low-cost technical infrastructure (hardware) required to implement DNSSEC.
  • Explore and develop interfaces that reduce the effort of corporate clients to sign their keys with the ccTLD.

Policy and legal framework

  • Explore and develop a standard legal framework for the DNSSEC Statement of Practice (DPS) in order to facilitate:
    1. The implementation of DNSSEC in ccTLDs.
    2. The celebration of the key-signing ceremony in the ccTLDs.

Commercial framework

  • Develop an educational campaign that integrates the factors that promote the implementation of DNSSEC.
  • Technical training.
  • Low cost integration.
  • Interfaces that facilitate key-signing with clients.
  • Use of promotional incentives (discounts) for DNSSEC adopters.

This study filled a gap in the existing literature and provided suggestions for improving the security of the Internet ecosystem through DNSSEC implementation among the ccTLDs in the Central, South American and Caribbean regions.

For more information visit: