DNSSEC

DNSSEC is an important enhancement of DNS, and offers authenticated data which can be relied on, even for cryptographic purposes. As an example, using DANE technology, operators can use DNSSEC to unambiguously signify the correct SSL certificate to be used for their services.

PowerDNS Authoritative Server 3.2 powers around 90% of all DNSSEC domains in Europe, with over 1 million DNSSEC domain names in The Netherlands alone.

DNSSEC however is very complicated, and this has been a hurdle for its adoption.

As of PowerDNS Authoritative Server 3.0, PowerDNS contains 'flick the switch' DNSSEC support, in which the entire operation to turn on DNSSEC for a domain consists of a single command.

In addition, DNSSEC in PowerDNS uses 'safe defaults' for all operations, which means that operators can be assured they are using DNSSEC correctly as long as they stick to the defaults.

The result of this is that in Sweden and The Netherlands, over 90% of all DNSSEC signed domains are now powered by PowerDNS. A graph of this stunning adoption can be seen here, and the process is discussed in this presentation at ICANN44, plus audio (starts at 3:30).

For more information on how to benefit from the DNSSEC support in the PowerDNS Authoritative Server, please consult our documentation.