How to find domain registrar and DNS hosting with good DNSSEC support?

Posted by rsp on Pro Webmasters See other posts from Pro Webmasters or by rsp
Published on 2012-10-11T19:44:38Z Indexed on 2012/10/11 21:48 UTC
Read the original article Hit count: 612

Simplified problem

I want to buy a domain and make a website that is fully secured with DNSSEC.

Background

I've been hearing about the insecurity of DNS for years. I've watched all of the talks by Dan Kaminsky and others from DNS exploits to The future of DNS Security Panel. I knew that using DNS without security is a disaster waiting to happen. I followed the development of the DNSSEC standard. I celebrated the key signing ceremony. Everything was on the right track to finally have a secure DNS system in place.

And now more than 2 years later I wanted to just do what everyone said I should do: use DNSSEC for a new domain. So I need a domain registrar and a DNS hosting service that supports DNSSEC. Surprisingly it is not that easy to even find out who does support DNSSEC. It was actually much easier to find info on DNSSEC two years ago when everyone was going to support DNSSEC Real Soon Now but now years passed and I hardly see any progress done. I just hope that I was just looking in the wrong places and someone here will explain all of the doubts.

I hope that other people who want to have a secure website will also find this question useful.

What is needed

  • registrar and DNS servers with full DNSSEC support for .com domains

What is not needed

  • IPv6 support
  • Web hosting
  • anything more

What I found out so far

Related questions

  1. How to find web hosting that meets my requirements?
  2. What is needed to add DNSSEC to my site?
  3. DNS hosting better managed by Domain provider or Hosting provider?
  4. Registrar with good security, DNS hosting, and DNSSEC and IPv6 resolvers?

In no. 1 no one is ever mentioning DNS at all. In no. 2 answers only mention the .se TLD, there are very few answers and they seem very outdated. In no. 3 one answer says "On projects that demand higher security, I might look for a web host that supports DNSSEC" but no more information is provided.

The only relevant answers are in no. 4 where easyDNS is recommended by someone who has never used them personally. Meanwhile, as of October 2012, the support of DNSSEC is described as "in beta" on the easyDNS feature list. Another one recommends SiteGround but searching their site for DNSSEC returns no results. Other answers recommend web hosting providers that don't meet the requirement of DNSSEC support. Also the question mentioned above lists 9 very specific requirements other than only DNSSEC (like eg. HTTP-only login cookies, two-factor authentications, no DNS record limits, DNS statistics of queries/day, audit trails etc.) which might have excluded many possible recommendations if one is only interested in DNSSEC support.

Conclusions

I thought that by the end of 2012 the support of DNSSEC among domain registrars and DNS providers would be nearly universal. I am shocked that the support seems virtually nonexistent. Is this a result of some serious problems with the DNSSEC adoption? Or is it just not a hot topic and no one bothers anymore? According to the DNSSEC Scoreboard roughly about 0.1% of .com domains support DNSSEC. Could that be caused by the lack of DNSSEC support among registrars and DNS providers, is the information too hard to find or maybe no one cares? There is even no "dnssec" tag here.

Questions

The information is surprisingly hard to find. That is why I am asking for first-hand experience and personal recommendations.

Has anyone here actually set up a website with DNSSEC, from the domain registration to the configuration of DNS servers?

Can anyone recommend any of the registrars mentioned above?

Can anyone recommend any registrar not mentioned above?

© Pro Webmasters or respective owner

Related posts about dns

Related posts about security