US flag signifying that this is a United States Federal Government website   Official website of the Department of Homeland Security

Homeland Security

Domain Name System Security (DNSSEC)

As part of the federal government's effort to increase its level of service to the public, agencies have been instructed to implement Domain Name System Security (DNSSEC) measures to all web sites in the ".gov" domain.

Purpose & Authority

The purpose of this initiative is to ensure that public users of government services that are provided online are confident that the website they visit and over which they transmit information is an authentic government website and is secure. OMB Memo M-08-23 establishes authority to carry out this mission.

  • OMB Memo: M-08-23 (PDF, 1 page - 28 KB) - Securing the Federal Government’s Domain Name System Infrastructure

Benefits of Domain Name System Security

Securing federal internet domains is of critical importance given the government’s increased reliance on the Internet to provide services and disseminate information to the public. Implementing DNSSEC policies will improve service delivery by increasing public confidence in the security and authenticity of websites over which they interact with the federal government.

DNSSEC Deployment Plan Outline (Developed by OMB)

  • Section 1 - Enumerate .gov Domains - Enumerate the second level domains beneath .gov operated by your agency (or on behalf of your agency). Only the second level sub-domains need to be listed
  • Section 2 - Identify Sources of DNS Services - For each domain listed above, describe if your DNS administration and server operation are provided in house, outsourced to a commercial provider (e.g., vendor), or delivered by other means (e.g., provided by another agency)
  • Section 3 - Describe DNS Server Infrastructure - Document the provider, vendor, or source of DNS server implementations within your agency (e.g., BIND, NSD, Microsoft Advanced Directory, etc.). Include in your estimate the number of such servers per source
  • Section 4 - Identify and Address Barriers - Document any perceived technical, contractual or operational barriers impeding deployment of DNSSEC, and milestones for addressing each
  • Section 5 – Train and Pilot - Review the activities of the USG Secure Naming Infrastructure Pilot at www.dnsops.gov and plan for your agency will participate in this pilot test bed, as well as associated training workshops
  • Section 6 – Plan of Action and Milestones - Document your Agency’s plan of action and milestones to fully implement the policies described in this memo. In particular this plan should detail all key activities (e.g., acquisition if necessary, training, test, deployment, operations plans with priority given to citizen services and E-government domains especially those that collect any personally identifiable information) and milestones necessary to achieve the goal of fully operating DNSSEC signed .gov sub-domains by December 2009
Last Published Date: January 3, 2014
Back to Top