F5 Security Solutions Help Deliver DNS Security For Newly Signed .com Domain

BIG-IP solutions provide a central point of control for DNSSEC based on trusted, signed query responses

April 16, 2011

5 Min Read


SEATTLE, APRIL 15, 2011 – F5 Networks, Inc. (NASDAQ: FFIV), the global leader in Application Delivery Networking (ADN), today announced that its BIG-IP' Global Traffic Manager™ (GTM™) product helps customers deploy powerful Domain Name System Security Extensions (DNSSEC) protection for .com and other Internet domain types. By incorporating DNS security capabilities into their IT infrastructures, customers can drastically reduce the risks of threats such as cache poisoning, domain hijacking, man-in-the-middle, and DNS redirection attacks. Defending against these specific attacks helps customers mitigate the risk of customer data theft, fraud, or other malicious activity. With the help of F5' DNSSEC solutions, organizations can deliver secure, dynamically signed responses in real time for all internet domains, including the recently signed top-level .com domain.


On March 31, VeriSign announced that the top-level domain for .com—the Internet’s largest domain with more than 90 million domain name registrations worldwide—now supports DNS Security Extensions. With this development, all major generic top-level domains (.org, .edu, .net, and .gov) support DNSSEC, signifying that the broader DNSSEC infrastructure is ready for production. This is an important step that enables organizations to realize the significant benefits of deploying DNSSEC capabilities for their specific domain names. Accordingly, because organizations managing .com sites can now configure their infrastructures to digitally sign their domain names, an increasing number of DNSSEC-focused technology deployments are expected worldwide. A digitally signed domain name provides an added layer of infrastructure security to help ensure data integrity and increase customer confidence.

To help organizations best address DNSSEC considerations, F5 established an innovative technology partnership with Infoblox, the industry leader in network infrastructure automation and control solutions. Together, these companies offer a comprehensive, integrated solution that provides industry-leading global load balancing, real-time signing, enhanced DNS management, and simplified DNSSEC deployment. “The combination of BIG-IP GTM with Infoblox IPv6- and DNSSEC-ready DDI appliances delivers a complete end-to-end, secure, scalable, and manageable DNS infrastructure along with multi-data center traffic management and disaster recovery,” said Cricket Liu, Vice President of Architecture and Technology at Infoblox and author of O’Reilly Media’s best-selling series of books on DNS.

Advantages of the joint F5/Infoblox solution include:

Easy Deployment of Compelling DNSSEC Capabilities

The joint solution incorporates the benefits of F5’s traditional ADN global traffic management and Infoblox’s DNS server and zone management capabilities, providing customers with powerful DNS security. F5 BIG-IP solutions deliver automated, realtime DNSSEC signing—a particularly critical feature for dynamic zones that contain globally load balanced DNS names. Customers enjoy flexible deployment options and can select which domains use F5’s real-time signing or Infoblox’s DNSSEC functionality.

To help organizations seamlessly bring their infrastructures up to speed, the solution includes default settings based on governmental guidelines, making DNSSEC enforcement simple and easy to manage by using a convenient turnkey implementation. Moreover, while other DNSSEC solutions require complex and expensive manual provisioning of keys, F5 and Infoblox automate DNSSEC key generation, rollover, and distribution.

Global Load Balancing Capabilities for High Availability and Disaster Recovery

Because basic DNSSEC architecture has not supported intelligent global server load balancing (GSLB) systems in the past, organizations historically have been forced to choose between deploying DNSSEC and ensuring the high availability of GSLB functions for their infrastructures. This made it incredibly difficult for organizations that relied on multiple data centers for site resiliency to integrate DNSSEC capabilities with disaster recovery efforts. With F5’s GSLB capabilities, customers leveraging multiple and globally dispersed data centers can ensure high availability and centralized management capabilities without exposing their infrastructures to DNS-related attacks. F5’s real-time DNSSEC signing functionality enables organizations to realize both the business benefits of GSLB and a high performance, secure DNS infrastructure.

Tested, Proven, and Supported DNSSEC Interoperability

Depending on an organization’s infrastructure, there are many possible designs for DNSSEC deployments. At the F5 Technology Center in Seattle, F5 and Infoblox devices were tested and proven to support several deployment configurations that simulate customers’ diverse IT environments. Additionally, F5 and Infoblox continue to conduct successful proof-of-concept engagements with customers and prospects, further validating the joint solution. Separately, F5 and Infoblox have also reviewed their devices in VeriSign’s DNSSEC Interoperability Lab.

“Security is a crucial, integrated part of our solution offerings, and we understand organizations’ need to defend against emerging attacks while maintaining an agile, optimized IT infrastructure overall,” said Dan Matte, SVP of Marketing and Business Development at F5. “By making it easy for customers to add security capabilities such as DNSSEC or DDoS protection into their environments, we can help them defend their information—and their brand—without sacrificing performance for users. Because F5’s Application Delivery Controllers can intelligently process application traffic traversing the network, they’re in an ideal position to thwart many targeted attacks, helping organizations implement comprehensive, end-to-end security solutions.”

About F5 Networks

F5 Networks is the global leader in Application Delivery Networking (ADN), focused on ensuring the secure, reliable, and fast delivery of applications. F5’s flexible architectural framework enables community-driven innovation that helps organizations enhance IT agility and dynamically deliver services that generate true business value. F5’s vision of unified application and data delivery offers customers an unprecedented level of choice in how they deploy ADN solutions. It redefines the management of application, server, storage, and network resources, streamlining application delivery and reducing costs. Global enterprise organizations, service and cloud providers, and Web 2.0 content providers trust F5 to keep their business moving forward. For more information, go to www.f5.com.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like

More Insights