Issue 11: Additional Operator Resource Requirements
mundy at tislabs.com
mundy at tislabs.com
Mon Dec 20 14:29:40 EST 2004
Following is a write up on Issue 11. Comments & suggestions are requested.
Issue: 11. Additional operator resource requirements
1. Framing the question
- Operation of dnssec signed zones requires additional functions by the staff
responsible for operations in all parts of the name system beyond what is
needed for operation of an unsigned zone. Some additional functions will be
required through the entire name process that results in signed dns information
being available from name servers, i.e., some additional functions WRT
registrant, registrar, and registry as well as 'regular' name server operation.
Some portions of these additional functions can be effectively done thru
automation but this will often vary significantly between various operations.
For example, small organizational DNS data is often maintained by hand in plain
text files with editors by the zone operators while large enterprizes tend to
automate most or all maintenance through use of data bases, scripts and other
The functional additions needed for dnssec need to be documented in a way that
organizations can make a reasonable assessment of how much dnssec functions
will impact their particular operations particularly with respect to whether or
not additional staff is required for their operation. Depending on the primary
function of an operation, it is likely that there will be several 'types' of
operations. Following is an initial candidate list of types of operations:
- Enterprise DNS operations;
- Small organizational DNS operations;
- Large registry operations;
- Small registry operations;
- Large registrar operations;
- Small registrar operations:
- "Integrated" service provider (e.g., AOL)
2. Work to date
- Some information about operating name servers for dnssec signed zones is
available from various early dnssec fieldings, experiments and testbed
activities but this information does not generally try to directly address
whether or not additional staffing is required.
3. Current status
- There is no specific work underway to address this issue.
4. Relation to other issues
- This is related to Issue 10 which is intended to identify the additional
computing resources that are required to dnssec deployment. The results of
these two issues should permit organizations to do the necessary financial
planning needed to effect the operation of dnssec signed zones.
5. Next steps
- Determine that amount and kind of information needed for organizations to do
their staff planning.
6. Major protagonists
- Don't think that there is anyone that would be opposed to having information
needed for business planning.
7. How do we know when this is done?
- When information is available that 'new to dnssec' organizations can use to
determine staffing requirements for their organizations.
More information about the Dnssec-deployment