Go Daddy has officially unveiled its Premium DNS service, which will enable its customers to buy and use managed DNSSEC services for the first time.
The price is $2.99 per month, which works out to $35.88 a year.
For the money, buyers also get a bunch of other tools, such as reports and audits, off-site DNS functionality and backup name servers.
There’s also a “Vanity Nameserver” option, which appears to let customers set their domain’s name servers to display as something like brand.domaincontrol.com, rather than ns1.domaincontrol.com.
It also appears that users of Go Daddy’s standard service will now be limited to 100 forwarded sub-domains, with Premium DNS users getting an unlimited number.
But the big deal as I see it is the addition of managed DNSSEC.
DNSSEC is a new security protocol that substantially mitigates the risk of falling prey to a DNS hijacking using, say, a cache poisoning attack.
Remember the Kaminsky Bug? DNSSEC prevents that kind of thing from happening again.
The problem with DNSSEC is that it’s massively complex and quite hard work to manage, requiring frequent key generation and rollover.
Go Daddy users can already manage their own DNSSEC records if they choose, but that’s only really an option if you’re a hard-core DNS geek.
Paying a few bucks a month to have somebody else manage it for you is an absolute bargain, if you care enough about your domain’s security.
I suggest that this could be a lucrative business for Go Daddy primarily because proponents of DNSSEC hope that one day it will be ubiquitous. Every domain will use it.
Go Daddy has over 45 million domains under management today. If customers representing only 1% of its domains choose to upgrade, that’s an extra $16 million into company coffers annually.
If they all do (which is not going to happen) we’re talking about a $1.6 billion business.
I don’t think the new service is going to lead to a massive uptick in the number of signed domains, but it will certainly get the ball rolling. For enterprises, it’s good value.
But individuals and large domain portfolio holders will not flock to return to 1999 .com prices just in order to implement a protocol they’ve been doing just fine without.
The future of broad DNSSEC adoption is more likely to be in open-source and freeware tools and services that can be easily understood by geeks and non-geeks alike.