Technology Preview

Internet Engineers Collaborate On Open Source Project To Secure the Domain Name System.

OpenDNSSEC lowers the threshold for ISPs, Hosting companies and Name Server Operators to deploy secure DNS.

London, 30th July 2009 – The OpenDNSSEC project announces the development of Open Source software that manages the security of domain names on the Internet. The project intends to drive adoption of Domain Name System Security Extensions (DNSSEC) to further enhance Internet security.

Industry leaders including .SE (The Internet Infrastructure Foundation), NLNetLabs, Nominet, Kirei, SURFnet, SIDN and John Dickinson have come together to create open source software that promises to make it easier to deploy DNSSEC. The group’s primary aim is to further protect the Internet by increasing the security for end-users.

Removing the manual aspect of deploying DNSSEC using the open source software is set to make it easier for Internet service providers, web hosting companies and name service operators to deploy DNSSEC, which will significantly increase the number of DNSSEC users.

Specialists can download a preview of the OpenDNSSEC technology in order to gain experience with the OpenDNSSEC software, and give feedback to the project. It is available from

OpenDNSSEC features:

  • No manual management is needed for signing a zone or managing the cryptographic keys. The software manages the entire process from unsigned to signed zones.
  • OpenDNSSEC is supplied with a licence that gives a green light to suppliers of commercial products who want to utilise the open source code and include it in their own software, without having to open up their own code.
  • The software works with all different versions of the Unix operating systems and is suitable for both those who need to sign a few very large zones (for example TLDs) and for those responsible for a large number of smaller zones.

Lesley Cowley, CEO at Nominet comments: “Making the Internet a more trusted place for all is one of Nominet’s main objectives. This is a key initiative for us and we actively support and encourage the development of any software that will create an environment safe for Internet users. We enjoyed working with other registries who share our vision to develop this tool and will continue working with them.”

Patrik Wallström, responsible for DNSSEC at .SE comments: “In order to spread the use of DNSSEC to an increased number of domain names, the management surrounding this technology must be simplified. Together with a number of collaborators, we’re developing OpenDNSSEC. Leveraging our deployment experience, we will produce a well-packaged, easy-to-use and flexible DNSSEC tool that eliminates all manual procedures. Those in charge of name servers no longer need detailed knowledge about the protocol in order to use it.”


Notes to Editors

About OpenDNSSEC

OpenDNSSEC is a tool which simplifies the process of signing one or more zones with DNSSEC. OpenDNSSEC handles the entire process from an unsigned to a signed zone automatically, including secure key management and timing issues. With OpenDNSSEC, fewer manual operations are needed by the operator.

OpenDNSSEC makes sure that all the steps in signing process are done in the correct order and at the right time, making sure that nothing breaks. The issue of handling the private keys associated with DNSSEC signing has been secured by using so called HSM:s (Hardware Security Modules), so that that the private keys can not be leaked to an unauthorized third party, just keeping them secured in hardware.

It is an open source solution under a BSD license that gives a green light to suppliers of commercial products who want to utilise the open source code and include it in their own software, without having to open up their own code.

OpenDNSSEC works in all Unix-like operating systems and is suitable for those who will only sign a single large zone (e.g. TLDs) and as well as those who have many small zones (e.g. web hotels, ISPs)

About Nominet

Nominet operates at the heart of e-commerce in the UK, running one of the world’s largest Internet registries and managing over seven million domain names. Nominet maintains the register of .uk domain names and runs the DNS infrastructure that keeps .uk working.

It runs the technology that locates a computer in the Internet hosting the web site or email system you’re looking for when you type in a web address or send an email to an address that ends in .uk.

Nominet is a not-for-profit company limited by guarantee that has members not shareholders, pays no dividends and its charges only cover its running costs. Anyone with an interest in the Internet may become a member. Nominet has over 2,800 members representing all areas of the Internet industry.

Nominet also runs the Tier 1 registry for UK ENUM, a new UK registry service that combines telephone numbers and the Domain Name System to simplify the way telephone calls over the Internet work.  ENUM lets callers know that you can receive VoIP calls – it allows more VoIP calls to be connected directly over the Internet, for no charge, rather than via the traditional PSTN network.

About NLNetLabs

NLnet Labs is based in the Netherlands and was founded in 1999 by Stichting NLnet. It is a non-profit public benefit research foundation aimed at providing open source and open standards tools for internet communication.

It focuses on developments in Internet technology. It provides a bridge between theory and practical deployment that need to be built; and areas where development, engineering, and standardisation takes place.  Stichting NLnet has provided a long-term commitment in the form of a subsidy contract such that NLnet Labs can guarantee support for the software it develops. It is committed to provide maintenance for Unbound.

NLnet Labs key activities are to develop, implement, evaluate, and promote new protocols and applications for the Internet. Its activities are focused on topics directly relating to the Internet’s infrastructure, such as DNS, DNSSEC, IPv6, and routing.

About .SE (The Internet Infrastructure Foundation)

.SE  (The Internet Infrastructure Foundation) is an independent utility that acts to promote positive development of the Internet in Sweden. .SE is responsible for the Internet´s Swedish top-level domain, .se, encompassing domain name registration and administration, as well as the technical operation of the national domain name register. Profits from domain name registrations are used to support projects that contribute to Internet development in Sweden. For more information, see

About Kirei

Kirei AB (, founded in 2005 by Jakob Schlyter and Fredrik Ljunggren, is a consultancy company with its main focus on information security management and network architectures. The Kirei founders have been working with DNS and DNS Security within the IETF community since 1999 and have played an active role in the DNSSEC standardization process as well in the deployment of DNSSEC in several top level domains.

About SURFnet

SURFnet is responsible for the Dutch university network and has contributed security and cryptographic assistance. More information is available at

About SIDN

SIDN is responsible for the functional stability and development of the .nl Internet domain. As well as registering and allocating .nl domain names, the organisation enables Internet users all over the world to make use of these labels at any given moment.

About John Dickinson

John Dickinson is a DNS consultant providing Internet research and software development services. His focus is on making DNS security simple to deploy and manage by helping to develop and improve Open Source software. He has many years of experience in the provision of mission critical DNS services and Internet technology research.

For Further Information please contact:

Gemma Griffiths or Elissa Fry at Racepoint UK

Tel: 020 8752 3205 / 2272


Comments are closed.