Changes

# [[Verisign]], which is contracted by the U.S. government to edit the root zone with the information supplied and authenticated by [[ICANN]], which is subsequently  authorized by the Department of Commerce, and also to distribute the root zone file containing information on where to find info on [[TLD]]s

# [[Verisign]], which is contracted by the U.S. government to edit the root zone with the information supplied and authenticated by [[ICANN]], which is subsequently  authorized by the Department of Commerce, and also to distribute the root zone file containing information on where to find info on [[TLD]]s

# An international group of [[Root Service Operators]] that distributes root information from the root zone file across the Internet. Those groups are:

# An international group of [[Root Service Operators]] that distributes root information from the root zone file across the Internet. Those groups are:

* [[Verisign]] Global Registry Services

:* [[Verisign]] Global Registry Services

* [[Information Sciences Institute]] at USC

:* [[Information Sciences Institute]] at USC

* [[Cogent Communications]]

:* [[Cogent Communications]]

* [[University of Maryland]]

:* [[University of Maryland]]

* [[NASA Ames Research Center]]

:* [[NASA Ames Research Center]]

* [[Internet Systems Consortium Inc.]]

:* [[Internet Systems Consortium Inc.]]

* U.S. [[DOD Network Information Center]]

:* U.S. [[DOD Network Information Center]]

* [[U.S. Army Research Lab]]

:* [[U.S. Army Research Lab]]

* [[Autonomica/NORDUnet]], Sweden

:* [[Autonomica/NORDUnet]], Sweden

* [[RIPE NCC]], Netherlands

:* [[RIPE NCC]], Netherlands

* [[ICANN]]

:* [[ICANN]]

* [[WIDE Project]], Japan <ref>[http://www.icann.org/en/announcements/dnssec-qaa-09oct08-en.htm ICANN explains DNSSEC]</ref>

:* [[WIDE Project]], Japan <ref>[http://www.icann.org/en/announcements/dnssec-qaa-09oct08-en.htm ICANN explains DNSSEC]</ref>

On January 27th, 2007 deployment of DNSSEC for the root zone officially started; it was undertaken by [[ICANN]] and [[Verisign]], with support from the U.S. Department of Commerce.<ref>[http://www.circleid.com/posts/20100127_icann_begins_public_dnssec_test_plan_for_the_root_zone/ Circle ID]</ref> Details of the root signature can be found on the [http://www.root-dnssec.org/ Root DNSSEC's website].

On January 27th, 2007 deployment of DNSSEC for the root zone officially started; it was undertaken by [[ICANN]] and [[Verisign]], with support from the U.S. Department of Commerce.<ref>[http://www.circleid.com/posts/20100127_icann_begins_public_dnssec_test_plan_for_the_root_zone/ Circle ID]</ref> Details of the root signature can be found on the [http://www.root-dnssec.org/ Root DNSSEC's website].

In June, 2010, [[ICANN]] hosted the first production DNSSEC key ceremony in a high security data centre outside of Washington, D.C.. The key ceremony involved the creation of the first cryptographic digital key used to secure the Internet root zone, which was securely stored after its generation. Each key ceremony is designed to allow the private key material for the root zone to be managed in a transparent yet secure manner. The goal is for the whole Internet community to be able to trust that the procedures involved were executed correctly, and that the private key materials are stored securely. There is an emphasis on the transparency of the process through the use [[TCR|Trusted Community Representatives]] (TCRs), who undertake the detailed procedures with 14 [[ICANN]] employees. [[TCR]]s are members of the international [[DNS]] community, and are unaffiliated with [[ICANN]], [[Verisign]], or the US Department of Commerce.  These ceremonies will take place 4 times a year in two different American locations.<ref>[http://www.icann.org/en/announcements/announcement-2-07jun10-en.htm ICANN's DNSSEC Key Ceremony Announcement]</ref>

In June 2010, [[ICANN]] hosted the first production DNSSEC key ceremony in a high-security data centre outside of Washington, D.C. The key ceremony involved the creation of the first cryptographic digital key used to secure the Internet root zone, which was securely stored after its generation. Each key ceremony is designed to allow the private key material for the root zone to be managed in a transparent yet secure manner. The goal is for the whole Internet community to be able to trust that the procedures involved were executed correctly and that the private key materials are stored securely. There is an emphasis on the transparency of the process through the use [[TCR|Trusted Community Representatives]] (TCRs), who undertake the detailed procedures with 14 [[ICANN]] employees. [[TCR]]s are members of the international [[DNS]] community, and are unaffiliated with [[ICANN]], [[Verisign]], or the US Department of Commerce.  These ceremonies will take place 4 times a year in two different American locations.<ref>[http://www.icann.org/en/announcements/announcement-2-07jun10-en.htm ICANN's DNSSEC Key Ceremony Announcement]</ref>

At the [[ICANN]] meeting in Brussels later that month there was an overwhelming response from companies who had implemented, or were supporting the new protocol.<ref>[http://www.securityweek.com/dnssec-becomes-reality-today-icann-brussels Security Week]</ref>

At the [[ICANN]] meeting in Brussels later that month there was an overwhelming response from companies who had implemented or were supporting the new protocol.<ref>[http://www.securityweek.com/dnssec-becomes-reality-today-icann-brussels Security Week]</ref>

During the [[ICANN 43]] meeting in Costa Rica, a half-day was devoted to DNSSEC discussion. [[Ram Mohan]], Executive Vice President of Business Operations and Chief Technology Officer at [[Afilias]], wrote in his blog that "the industry is quickly moving into the end-user adoption phase of global DNSSEC deployment." His statement was based on his assessment during the DNSSEC session in Costa Rica. He cited the [[.se]] ccTLD as an example wherein [[Staffan Hagnel]], a pioneer ccTLD operator in Sweden, said that 172,000 domain names adopted DNSSEC overnight after his offering a 5% discount to registrars. He plans to increase the discount to 7.5% to reach  350,000 domain names by the end of 2012. During the discussion, the ICANN community also learned about the experiences of companies implementing the DNSSEC protocol. Comcast noted that consumers do not have enough knowledge about DNSSEC, while Bill Smith, a representative from PayPal, said that it took the company a lot of planning and preparation to deploy the DNSSEC across its 1,100 domain names. He perceived that the next challenge is to create an effective key rollover strategy. <ref>[http://www.circleid.com/posts/20120405_slowly_cracking_the_dnssec_code_at_icann_43/ Slowly Cracking the DNSSEC Code at ICANN 43]</ref>

During the [[ICANN 43]] meeting in Costa Rica, a half-day was devoted to the DNSSEC discussion. [[Ram Mohan]], Executive Vice President of Business Operations and Chief Technology Officer at [[Afilias]], wrote in his blog that "the industry is quickly moving into the end-user adoption phase of global DNSSEC deployment." His statement was based on his assessment during the DNSSEC session in Costa Rica. He cited the [[.se]] ccTLD as an example wherein [[Staffan Hagnel]], a pioneer ccTLD operator in Sweden, said that 172,000 domain names adopted DNSSEC overnight after his offering a 5% discount to registrars. He plans to increase the discount to 7.5% to reach  350,000 domain names by the end of 2012. During the discussion, the ICANN community also learned about the experiences of companies implementing the DNSSEC protocol. Comcast noted that consumers do not have enough knowledge about DNSSEC, while Bill Smith, a representative from PayPal, said that it took the company a lot of planning and preparation to deploy the DNSSEC across its 1,100 domain names. He perceived that the next challenge is to create an effective key rollover strategy. <ref>[http://www.circleid.com/posts/20120405_slowly_cracking_the_dnssec_code_at_icann_43/ Slowly Cracking the DNSSEC Code at ICANN 43]</ref>

On December 23, 2020, ICANN announced that all 1,195 [[gTLD]]s had deployed Domain Name System Security Extensions (DNSSEC) and that the focus of the DNSSEC rollout would turn to [[ccTLD]]s.<ref>[https://www.icann.org/news/announcement-2020-12-23-en ICANN announces total gTLD DNSSEC deployment]</ref>

On December 23, 2020, ICANN announced that all 1,195 [[gTLD]]s had deployed Domain Name System Security Extensions (DNSSEC) and that the focus of the DNSSEC rollout would turn to [[ccTLD]]s.<ref>[https://www.icann.org/news/announcement-2020-12-23-en ICANN announces total gTLD DNSSEC deployment]</ref>