Economic incentives on DNSSEC deployment: time to move from quantity to quality

Tho Le, Roland Van Rijswijk-Deij, Luca Allodi, Nicola Zannone

Research output: Chapter in Book/Report/Conference proceedingConference contributionAcademicpeer-review

8 Citations (Scopus)


The security extensions to the DNS (DNSSEC) currently cover approximately 3% of all domains worldwide. In response to the low deployment of DNSSEC, a few top-level domains started offering 'per-domain' economic incentives to encourage adoption of the protocol by offering a yearly discount on each signed domain. However, it remains unclear whether these incentives are well-balanced and foster the overall security of the infrastructure as well as its deployment at scale. In this paper we argue that, in the presence of fixed costs of deployment, misaligned 'per-domain' incentives may have the collateral effect of encouraging large operators to massively deploy unsecure implementations of DNSSEC, whereas smaller operators, for which the effect of the economic incentive is negligible, may not significantly benefit from it. To investigate this, we study the security of DNSSEC deployment at scale, particularly in TLDs that offer economic incentives. We find that the security of DNSSEC implementations in the wild poorly reflects standard recommendations, particularly for tasks that cannot be solved by triggering a flag in the DNS software service (e.g. key rollover). Further, we find that, on average, large operators deploy weak DNSSEC security more frequently than small DNSSEC operators, suggesting that current incentives are ineffective in promoting a secure adoption and in deterring insecure implementations. We conclude the paper with actionable recommendations for TLD registry operators to improve the alignment of economic incentives with secure DNSSEC requirements.

Original languageEnglish
Title of host publicationIEEE/IFIP Network Operations and Management Symposium
Subtitle of host publicationCognitive Management in a Cyber World, NOMS 2018
Place of PublicationBrussels
PublisherInstitute of Electrical and Electronics Engineers
Number of pages9
ISBN (Electronic)9781538634165
Publication statusPublished - 6 Jul 2018
Event2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018 - Taipei, Taiwan
Duration: 23 Apr 201827 Apr 2018


Conference2018 IEEE/IFIP Network Operations and Management Symposium, NOMS 2018


  • DNS
  • Economic incentives
  • Measurement
  • Network security


Dive into the research topics of 'Economic incentives on DNSSEC deployment: time to move from quantity to quality'. Together they form a unique fingerprint.

Cite this