How did the deployment of DNSSEC go within the .GOV top-level domain? What kind of errors were found in the deployment? What lessons were learned? If they could start it all again, what would they do differently?
These were all questions discussed by Scott Rose of the US NIST in a talk last December at LISA 12 (where we had ION San Diego) titled “DNSSEC Deployment In The .GOV TLD“. As we can know from NIST’s own statistics it was a long road to get DNSSEC deployed – but the latest stats now show around 81% of all .GOV domains being signed.
Scott’s talk is quite good and offers some good lessons for anyone interested in rolling out DNSSEC in a very large organization or community. From the LISA 12 presentation page, you can either watch the video or listen to the audio.