- Top level IPv4 address space exhaustion
- Top-level domain (TLD) zone signing
The signing particularly of the .com TLD will enable commercial organizations to greatly simplify the configuration of DNS security (DNSSEC). With the root zones having been signed since July, 2010, the signing of .com will enable commercial organizations beneath the .com zone to sign their zones with an unbroken chain of trust from their respective zones up to .com and finally to the root zone. Thus when you configure your DNS caching servers to authenticate DNS information via DNSSEC, you'll only need to configure the root zone public key as trusted-keys (technically as managed-keys within your BIND configuration so root zone key changes can be updated automatically).
Without this chain of trust you'd have to configure each signed zones' keys as trusted, vastly increasing DNS caching server configuration and administration.So TLD signing will simplify caching server configuration, but you'll still need to configure and manage the keys and signing of your external authoritative zones. Nevertheless, the road to wide-scale DNSSEC implementation will be vastly simplified when these TLDs are signed.
With time running out on the availability of IPv4 address space and the expected wider deployment of DNSSEC, 2011 will be the year to learn more about and begin making plans for IPv6 and DNSSEC deployment. Of course, you'll need to continue managing your current IP address space and DNS zones, signed and unsigned. Implementation of an IPAM solution can help keep IPv4, IPv6 and signed and unsigned DNS zone information organized and processes disciplined.