We’ve been getting an increasing number of queries regarding the rollout of DNSSEC, the security extensions for DNS.
We have been testing DNSSEC internally and plan to have it available for members ahead of the key deployments this year. Some of the deployments are as follows:
.CA plans to sign the root on March 31, 2011
.COM will sign the root March 31, 2011
The “.” root zone was signed in June, 2010
With this in mind, we plan to have DNSSEC capability within the easyDNS user interface in February.
We have not finalized pricing for DNSSEC enhancements. DNSSEC signed zones increase the size of the data by a factor of 2X to 5X depending on keysize, because every resource record inside the zone is signed by a cryptographic key. This directly increases the bandwidth associated with serving the DNS queries, and bandwidth is one of our basic costs.
As such we are looking at various ideas, including:
- limiting keysize on DNS Hosting level domains
- implementing a nominal fee on DNS Hosting level domains ($10/year – $15/year)
- Increasing key-size for DNS Pro level domains
- Bundling full DNSSEC capability into Enterprise level DNS ($9.95/month)
We welcome feedback in this regard and we’ll be posting more details here as they become available.