Home / Industry

Internet Infrastructure Leaders Join Movement of Companies Verifying Their Technology for DNSSEC

Don't miss a thing – sign up for CircleID Weekly Wrap newsletter delivered to your inbox once a week.

A trio of Internet infrastructure leaders joined a growing movement of companies testing their technologies with Verisign following a landmark achievement in Internet security. As Verisign has now deployed Domain Name System Security Extensions (DNSSEC) in .net — the largest-ever domain secured by the technology — Arbor Networks, Infoblox and RioRey, have completed testing of their technology solutions in the Verisign DNSSEC Interoperability Lab.

DNSSEC helps protect the Domain Name System (DNS) against so-called "cache poisoning" or "man-in-the-middle" attacks by allowing DNS data to be digitally signed and authenticated. These digital signatures authenticate the origin of the data and verify its integrity as it moves throughout the Internet. At the self-contained Verisign DNSSEC Interoperability Lab facility in Dulles, a wide-range of Internet infrastructure solutions undergo a battery of tests to review how equipment will interoperate in a DNSSEC-enabled environment. Verisign conducts the tests free of charge to encourage use of the service and pave the way for broader DNSSEC adoption.

Arbor Networks, Infoblox and RioRey join a growing number of organizations — including A10 Networks, BlueCat Networks, Brocade, Cisco Systems and Juniper Networks — that have taken advantage of the opportunity to verify their solutions at Verisign's DNSSEC Interoperability Lab. By examining the interoperability of their products with DNSSEC, these companies are participating in the shared effort needed to ensure a measured and deliberate implementation of the security extensions worldwide.

"Arbor Networks is very focused on the problem of infrastructure security and DNS is obviously among the most critical elements of it," said Rob Malan, Arbor Networks Chief Technology Officer. "The Verisign DNSSEC Interoperability Lab allowed us to test our products to review compatibility with DNSSEC. Arbor's customers make up the vast majority of the world's ISPs and many of the largest hosting and data centers operators. This is a critical issue for our customers."

"Systemic vulnerabilities to the DNS, such as cache poisoning, represent a significant threat to e-commerce, online banking, email communications, customer service and even government secrets," said Cricket Liu, Vice President of Architecture and Technology at Infoblox, the leader in network infrastructure automation and control, including physical and virtual DNS, DHCP and IP Address Management platforms. "That's why a successful implementation of DNSSEC is vital, as is the need for the Internet community at large to verify that their solutions are compatible with DNSSEC. On that front, the Verisign DNSSEC Interoperability Lab has proven indispensable."

"As a company whose key focus is to detect and mitigate Distributed Denial of Service (DDoS) attacks, RioRey understands that DNS is essential to the Internet's framework of trust," said Nitin Mehrotra, CTO at RioRey, Inc., a provider of dedicated platforms for DDoS defense. "We knew it was critical to ensure that our solutions were interoperable with DNSSEC by taking advantage of Verisign's robust testing environment, and we would strongly urge all other Internet stakeholders to do likewise."

Cache poisoning attacks can occur when hackers corrupt DNS data stored on recursive servers to redirect queries to malicious sites. With DNSSEC, a hacker's ability to poison the cache is eliminated for the zones that are signed and the resolvers that are validating signed records. The resulting digital signatures on that DNS data are validated by creating a "chain of trust" that starts with the public key, published in the root zone.

"DNSSEC will only be effective if it is implemented from end to end in an effort that is shared across the Internet," said Pat Kane, Senior Vice President and General Manager of Naming Services at Verisign. "Now following the .net signing, Arbor Networks, Infoblox and RioRey are joining a critical group of forward-thinking Internet companies that are showing the leadership and initiative necessary to make this a truly successful community endeavor. We look forward to helping more Internet stakeholders test their solutions at the DNSSEC Interoperability Lab."

DNSSEC testing is growing ever more crucial as the global roll-out of the security extensions continues. DNSSEC was deployed in the DNS root zone in July and in the .net domain in December. Meanwhile, plans call for Verisign to deploy the .com domain by the end of the first quarter 2011.

In addition to operating the DNSSEC Interoperability Lab, Verisign has rolled out a program to ease DNSSEC deployment and adoption for a wide range of Internet stakeholders. Over the past several months, Verisign has published technical resources, led educational sessions, participated in industry forums and developed tools designed to simplify DNSSEC management.

As part of its effort to ease DNSSEC deployment, Verisign is introducing a new iPhone application called the DNSSEC Analyzer, a mobile tool that can assist in diagnosing problems with DNSSEC-signed names and zones. The application will allow a quick diagnosis of any domain name, allowing knowledgeable users to view debugging information and receive useful tips on how to remediate any problems that are discovered.

The company has also actively provided support to its network of registrars for DNSSEC implementation, including a software development kit (SDK) and a DNSSEC signing and key management service following the signing of.net.

More information on Verisign's DNSSEC plans is available here:


About Verisign – Verisign, a global leader in domain names and internet security, enables internet navigation for many of the world's most recognized domain names and provides protection for websites and enterprises around the world. Verisign ensures the security, stability and resiliency of key internet infrastructure and services, including the .com and .net domains and two of the internet's root servers, as well as performs the root-zone maintainer functions for the core of the internet's Domain Name System (DNS). Learn More

Related topics: DDoS, DNS, DNS Security, Security


Related Blogs

Related News

Explore Topics

Sponsored Topics

Promoted Posts

Now Is the Time for .eco

.eco launches globally at 16:00 UTC on April 25, 2017, when domains will be available on a first-come, first-serve basis. .eco is for businesses, non-profits and people committed to positive change for the planet. See list of registrars offering .eco more»

Boston Ivy Gets Competitive With Its TLDs, Offers Registrars New Wholesale Pricing

With a mission to make its top-level domains available to the broadest market possible, Boston Ivy has permanently reduced its registration, renewal and transfer prices for .Broker, .Forex, .Markets and .Trading. more»

Industry Updates – Sponsored Posts

Leading Internet Associations Strengthen Cooperation

Global Domain Name Registrations Reach 329.3 Million, 2.3 Million Growth in Last Quarter of 2016

Verisign Releases Q4 2016 DDoS Trends Report: 167% Increase in Average Peak Attack from 2015 to 2016

Neustar to be Acquired by Private Investment Group Led by Golden Gate Capital

Verisign Q3 2016 DDoS Trends Report: User Datagram Protocol (UDP) Flood Attacks Continue to Dominate

2016 U.S. Election: An Internet Forecast

Government Guidance for Email Authentication Has Arrived in USA and UK

ValiMail Raises $12M for Its Email Authentication Service

Don't Gamble With Your DNS

Defending Against Layer 7 DDoS Attacks

Understanding the Risks of the Dark Web

New TLD? Make Sure It's Secure

Verisign Releases Q2 2016 DDoS Trends Report - Layer 7 DDoS Attacks a Growing Trend

How Savvy DDoS Attackers Are Using DNSSEC Against Us

Radix Adds Dyn as a DNS Service Provider

Facilitating a Trusted Web Space for Financial Service Professionals

MarkMonitor Partners with CYREN to Deepen Visibility into Global Phishing Attacks

Verisign Named to the Online Trust Alliance's 2016 Honor Roll

Dyn Partners with the Internet Systems Consortium to Host Global F-Root Nameservers

Verisign Q1 2016 DDoS Trends: Attack Activity Increases 111 Percent Year Over Year