Nov 29 – 30, 2021
UTC timezone
OARC 36 Day 1 - begins 14:00 UTC Today 29 November

Understanding DNSSEC debugging patterns using DNSVIZ.

Nov 30, 2021, 1:30 PM
Standard Presentation Online Workshop OARC 36 Day 2


Dr Tijay Chung (Virginia Tech)


DNS Security Extensions (DNSSEC) were introduced nearly two decades ago to provide integrity and authenticity of DNS messages. There have been some studies focusing on how DNSSEC has been deployed over years using active scans, which commonly reported pervasive mismanagement such as missing DS records.

From the domain administrator perspective, however, it is hard to understand what makes it really challenging to deploy and "manage" DNSSEC, or to fix errors; for example, answering the question of "how long do usually take for DNS administrators to resolve a specific DNSSEC error?" is nontrivial.

To shed a light on these questions, we leverage DNSVIZ (, which is one of the most extensive and popular tools for debugging DNSSEC errors. It helps domain name owners and others help understand the current DNSSEC status of a domain name and diagnoses the problem if exists.

With 7 years of DNSViz dataset that contain DNS debugging histories of domains, we would like to share our preliminary findings.

Primary authors

Dr Tijay Chung (Virginia Tech) Md. Ishtiaq Ashiq (Virginia Tech) Dr Casey Deccio (Brigham Young University)

Presentation materials