Recommendations for DNSSEC deployment

This guide is designed as an aid and tool for municipalities that have the intention to implement DNSSEC, but it can even be applied to other organisations in both the public and private sectors

In principle, all internet-based services are dependent on a working domain name system (DNS). The consequences of mistakes can be extensive. This is even more so with the introduction of DNSSEC, which places higher demands on technical competence than the operation of a traditional DNS. One obstacle for implementation has been the lack of guidance for individual domain holders regarding which requirements should be made in particular for small and medium-sized businesses.

The ambition is that this guide will provide such support, both in the introduction and ongoing work with DNSSEC.

The guide is built on that which the regional council in Kalmar prepared when they introduced DNSSEC in the region’s municipalities, but it is reworked in parts to suit a wider audience. The manuscript to the guide has been written by Fredrik Ljunggren and Jakob Schlyter, Kirei AB, in connection with The Swedish Internet Foundation’s Chief Information Security Officer, Anne-Marie Eklund Löwinder.

Recommendations for DNSSEC deployment at municipal administrations and similar organisations.



DNSSEC makes the internet safer by ensuring the validity of the information traffic on the domain name system, so that a user can be sure that he or she is actually visiting their internet bank and not a false copy that has been set up to steal passwords and account information.

DNSSEC creates a chain of trust that insures a user’s click on a website ends up where it should, instead of being redirected along the way. With DNSSEC, a consumer on the internet can feel a greater trust that they will get what they want. It has the potential to combat online fraud far more efficiently than today.

Download Practice Statement (DPS) for .se and .nu here.