Deploying a new technology requires investment in software, hardware and human resources. In the case of DNSSEC the cost of these investments is not well defined and this uncertainty can hinder its deployment.
Deploying DNSSEC requires a number of security details and procedures to be defined and followed with specific requirements as to timing. This guide addresses these issues from the point of view of information security managers responsible for defining a policy and procedures to secure the DNS services of a company or an organization, and from the point of view of competent authorities defining or regulating requirements for deployment.
DNSSEC will introduce procedures such as key management that will be either automatic or manual and will have to be repeated at specific time intervals. Additionally, trusted roles will be introduced which will be given specific tasks to perform and defined responsibilities. These roles must be assigned to individuals. All the procedures, the tasks, and their assignment should be specified and documented in a practices statement.
ENISA for this reason run a two fold study on the deployment of DNS Sec: