New DNSSEC pilot program for the US Government

DNSSEC-Deployment Team members National Institute for Standards and Technology (NIST) and SPARTA Inc. are working together under guidance from the Dept. of Homeland Security to form a new DNSSEC deployment pilot program for US government Domain Name System administrators. DNSSEC implementation and usage is included in several new security controls that are part of the Federal Information Security Management Act (FISMA).

The Security Naming Infrastructure Pilot (SNIP) was formed to help civilian US government agencies to deploy DNSSEC and test new operational procedures. The goal is to provide a distributed training ground where US government DNS administrators can deploy and maintain a signed test delegation before signing their actual production DNS zones.

The SNIP is composed of a central domain (dnsops.gov) with individual agencies to be delegated under it. The entire dnsops.gov tree will be signed, and the SNIP key would become the trust anchor for the dnsops.gov domain and allow DNSSEC aware clients to validate responses from dnsops.gov. In addition to being a pilot deployment within the civilian federal government, the SNIP will also be a testbed for DNSSEC enabled software from authoritative servers, validators, and DNSSEC aware applications. The goal is to mirror the current .gov domain as much as possible with regards to the various software products used within government IT.

The SNIP pilot is open to all interested parties that need to meet FISMA controls or wish to test DNSSEC enabled software and membership is strictly voluntary. Agency DNS administrators can request a delegation from the SNIP zone and are responsible for deploying and maintain their delegation. Other resources, material and training classes will be part of the project as it progresses. For more information on SNIP and current project status, go to