april 7, 2022

The Swedish Internet Foundation has been a big supporter of DNSSEC from the beginning. .SE was the first TLD to be DNSSEC signed back in 2005, long before the root. Now we continue to innovate and allow DNS operators to update registry data with the help of DNSSEC.

Traditionally registry updates could only be made through the registrar. And registrars would only register updates made by the registrant. DNS operators, the authoritative source of technical data for the domain, are not represented in the data flow. This is a well known problem in the industry.

In October 2021 the Swedish Internet Foundation started to support CDS/CDNSKEY data. For the first time a DNS-operator could update DNSSEC information in the registry by simply publishing it in the zone they already operate.

In February 2022 we added support for CSYNC. This allows DNS-operators to even change NS and glue data in the registry.

This is a big step for our industry. For the first time DNS-operators can update all technical data in the registry without going through a long (and failure prone) loop of manual information forwarding.

There a many interesting use-cases like, DNS-operators can change infrastructure for all domains without contacting registrants or registrars. DNSSEC signing, key changes, algorithm changes and even unsigning a domain can be done without any API integration, by simply publishing the right information in the DNS.