DNSSEC is not fully supported across the Internet -- and it is not even close to fully deployed by most organizations. Many organizations won't embark on DNSSEC until the core infrastructure is in place, tested, and stable.
While it may be slow to roll out, DNSSEC is still very much alive. With the support of governments and vendors, it is only a matter of time until DNSSEC is widely deployed and a de facto standard.
DNSSEC prevents some major DNS vulnerabilities, but it is not the end-all transport security solution that some first believed it to be. Transport layer protections, DDoS mitigation, and identity verification are among those risks that will still remain and are best tackled outside of DNS.
While DNSSEC support grows and the backbone strengthens, do your homework and understand where your organization stands. What technologies need upgrading, modification, or replacement? Work with vendors and third parties to ensure all products and service offerings are ready, so your organization can begin signing and validating records right away. DNSSEC is a good step forward, and one your organization should be ready to implement.
Have a comment on this story? Please click "Discuss" below. If you'd like to contact Dark Reading's editors directly, send us a message.