<P> On 22 August 2008, the Office of Management and Budget (OMB) released a memorandum requiring U.S. Federal Agencies to deploy DNSSEC across . gov sites; the . gov root must be signed by January 2009, and all subdomains under . gov must be signed by December 2009 . While the memo focuses on . gov sites, the U.S. Defense Information Systems Agency says it intends to meet OMB DNSSEC requirements in the . mil (U.S. military) domain as well . NetworkWorld's Carolyn Duffy Marsan stated that DNSSEC "hasn't been widely deployed because it suffers from a classic chicken - and - egg dilemma...with the OMB mandate, it appears the egg is cracking ." </P> <P> Several ISPs have started to deploy DNSSEC - validating DNS recursive resolvers . Comcast became the first major ISP to do so in the United States, announcing their intentions on October 18, 2010 and completing deployment on January 11, 2012 . </P> <P> According to a study at APNIC, the proportion of clients who exclusively use DNS resolvers that perform DNSSEC validation rose to 8.3% in May 2013 . About half of these clients were using Google's public DNS resolver . </P> <P> In September 2015, Verisign announced their free public DNS resolver service, and although unmentioned in their press releases, it also performs DNSSEC validation . </P>

How does a dns resolver bootstrap the domain name lookup process