A diagram depicting DNSSEC implementation involving the key components of the Internet
(WEB HOST INDUSTRY REVIEW) — Internet infrastructure service provider VeriSign (www.verisign.com) announced on Friday it has deployed DNS Security Extensions in the .net zone.
The move follows the launch of VeriSign’s new service to ease the implementation of Domain Name System Security Extensions.
The signing of .net is now the largest domain extension to be DNSSEC enabled, as the .net zone has more than 13 million domain name registrations worldwide.
“VeriSign’s roll-out of DNSSEC is on schedule with the signing of .net in 2010,” says Raynor Dahlquist, SVP and GM of naming services at VeriSign. “The DNS data associated with .net registrations will be protected from many hackers and identity thieves trying to redirect users’ queries to malicious sites through cache poisoning. There is, however, more work to be done, as ISPs, browser vendors, registrars and other members of the DNS ecosystem confirm that their solutions and services are ready for DNSSEC enablement. We’ll continue to work with all of those parties to shepherd a stable deployment of DNSSEC, particularly as we prepare to sign the .com zone in Q1 2011.”
DNSSEC assigns digital signatures to DNS data to authenticate the data’s origin and verify its integrity.
The security extensions are designed to protect the DNS from attacks that redirect queries to malicious sites by corrupting DNS data stored on recursive servers, significantly reducing a hacker’s ability to manipulate DNS data.
The .net milestone continues to “improve the integrity of Internet communications and transactions” by implementing DNSSEC throughout the DNS, says VeriSign.
By protecting the .net zone with DNSSEC, VeriSign can now include DNSSEC-enabled records from domain name registrars in its authoritative .net registry.
VeriSign has spent months rigorously testing DNSSEC, previously collaborating with EDUCAUSE and the US Department of Commerce to deploy DNSSEC in the .edu zone earlier this year.
The company says it expects to sign .com by the first quarter of 2011.
VeriSign has collaborated with the Internet community at its DNSSEC Interoperability Lab, which helps solution and service providers determine if DNS packets containing DNSSEC information will cause problems for their Internet and enterprise infrastructure components.
Through its testing, the lab is working to ensure that the entire Internet communications ecosystem is ready for DNSSEC.
VeriSign’s DNSSEC initiatives are a part of Project Apollo, the company’s 10-year initiative to strengthen and scale the .com and .net infrastructure.
