coopster - 2:28 pm on Jun 6, 2009 (gmt 0)

From your second link there is a PDF survey in the footnotes that is an interesting read as well.

If you have not implemented DNSSEC, do you plan to? Many of the registries who replied "No" mentioned that although the registry doesn't plan implementing DNSSEC at the moment, they know it is important and that it will probably happen at some point in the future. Some of them also mentioned that some existing problems first need to be solved – such as Zone Walking, or having an IETF standard developed. A few also stated they don't see a point in implementing DNSSEC as long as the root has not been signed.

Those that have implemented DNSSEC were asked to please briefly describe the technical environment used:

A summarising overview shows that some were doing fully manual signing, however most had developed systems to help sign their zones.

So the process can be automated by the sounds of it. Could one assume that there should be no additional expenses upon full implementation of DNSSEC?