.nz DNSSEC Deployment

DNSSEC has been developed to provide authentication and integrity to the Domain Name System (DNS).

DNSSEC in .nz improves the security posture of New Zealand by providing Registrants with an effective tool to combat attacks such as website phishing. 

The first consultation on the .nz DNSSEC implementation identified the issues for Registrants and Registrars, and proposed solutions to these.  The second consultation detailed the proposed amendments to the .nz policies that allowed for the implementation of DNSSEC.  

The amended policies came into effect on Monday 2 May 2011.

DNSSEC Friendly Registrars

A DNSSEC Friendly status has been developed to identify Registrars that meet a higher level of service relative to offering DNSSEC services in the .nz space.  The Domain Name Commission recommends that Registrants looking to deploy DNSSEC look for Registrars who are DNSSEC Friendly on the on the  .nz Authorised Registrars list.  This list also identifies Registrars who may not meet the criteria to be deemed DNSSEC Friendly but can accept and submit DS Records to the .nz Registry on behalf of Registrants.

Working with DNS Operators

DNS Operators who are are not .nz Registrars and are providing DNSSEC related services for Registrants can email their contact details to [email protected].  These details will be provided to .nz Registrars, upon request, who may need to work with a given DNS Operator to ensure there are no resolution errors, when transferring a signed name.

Further Reading

A DNS Security FAQ has been prepared for Registrants and a DNSSEC FAQ has been prepared for Registrars and DNS Operators.