"This week, our subsidiary Yourhosting started signing domains," explains Bart Carlier, Yourholding’s General Manager. "We’re now up to more than a hundred thousand. Over the next few weeks, the remainder of the .nl domains that we manage for our clients will follow. Security is one of our main focuses. DNSSEC is a vital part of the protection that we provide and something that the market is pushing strongly for."
"The main challenge was the complexity of integrating DNSSEC into our backend processes. We worked closely with the people at PowerDNS to get everything sorted."
"We are currently signing all our domains," says Wouter de Vries, Antagonist’s founder. "We have nearly 65,000 .nl domains, the majority of which we also manage. All those names are going to be signed."
"Here at Antagonist, we are very security-minded. Our new Patchman service is a good example of that. DNSSEC is another important feature of our security strategy. It’s good that the Netherlands is leading the way when it comes to the application of DNSSEC. But we are pressing ahead with the signing of domains under other TLDs as well, in parallel with what we’re doing under .nl."
Like Yourhosting, Antagonist uses PowerDNS. "We switched from Bind to PowerDNS quite some time ago. It’s a really good package, especially for large-scale applications. We’ve been using it for some years and we’re very satisfied with it."
"For registrars, the key question is how to implement DNSSEC in their environments," explains Michiel Henneke, Marketing Manager at SIDN. "The best way to go about it very much depends on which DNS software and control panel you use. The general experience is that it’s easiest to concentrate on the DNS software first. Once that is working the way you want, you can turn your attention to the control panel. The Netherlands is very much ahead of the game where DNSSEC is concerned, so control panel suppliers are still in the process of integrating DNSSEC support into software."
"Fortunately, we have a substantial number of registrars who have already introduced DNSSEC and are willing to share their experience with others. (cases of dnssec ) As a result, registrars who already use PowerDNS have a good idea of how long implementation should take and what the risks are."
"SIDN’s incentive scheme has certainly been an important driver for the introduction of DNSSEC," continues Henneke. "We benefited from seeing how the Czech Republic and Sweden had incentivised registrars. It’s been so successful that we have recently extended our scheme to run until the end of 2018. The growth of DNSSEC has also been fuelled by the requirement that new gTLDs must support DNSSEC right from the start."
"We are now looking at how we can make it easier for registrars who work with resellers to implement DNSSEC. How do you enable a reseller who manages maybe a couple of thousand domains to easily sign domains registered through a registrar that supports DNSSEC? Small businesses can’t easily afford to develop their own solutions and consequently tend to be dependent on the software suppliers. We are therefore pressing the software houses to integrate DNSSEC support into their products. Full adoption of DNSSEC depends on them."