The ENISA Good Practices Guide lists the considerations that have to be made and provides recommendations for the security details and procedures to be defined and followed with specific timing requirements in order to deploy DNSSEC:
- by domain holders, signing their domain zones;
- in validating recursive resolvers.
These considerations have to be addressed when specifications are compiled:
- to deploy DNSSEC using internal resources;
- for buying a DNSSEC enabled commercial-of-the-shelf (COTS) DNS product;
- to outsource all or part of the DNS service and sign a service level agreement (SLA).
The guide addresses DNSSEC deployment from the point of view of information security managers responsible for defining a policy and procedures to secure the DNS services of a company or an organisation, and from the point of view of competent authorities defining requirements for deployment.
http://www.enisa.europa.eu/act/res/technologies/tech/gpgdnssec