The .net zone is the largest yet to be DNSSEC enabled, with more than 13 million domain name registrations worldwide. The .net signing also represents one of the most critical implementations of DNSSEC technology, since .net serves as the underpinning for many critical Internet functions.
"VeriSign's roll-out of DNSSEC is on schedule with the signing of .net in 2010. The DNS data associated with .net registrations will be protected from many hackers and identity thieves trying to redirect users' queries to malicious sites through cache poisoning," said Raynor Dahlquist, Senior Vice President and General Manager of Naming Services at VeriSign. "There is, however, more work to be done, as ISPs, browser vendors, registrars and other members of the DNS ecosystem confirm that their solutions and services are ready for DNSSEC enablement. We'll continue to work with all of those parties to shepherd a stable deployment of DNSSEC, particularly as we prepare to sign the .com zone in Q1 2011."
DNSSEC applies digital signatures to DNS data to authenticate the data's origin and verify its integrity as it moves throughout the Internet. The security extensions are designed to protect the DNS from attacks intended to redirect queries to malicious sites by corrupting DNS data stored on recursive servers. The successful implementation of DNSSEC will greatly reduce a hacker's ability to manipulate DNS data. The resulting digital signatures on that DNS data are validated through a "chain of trust."
"Go Daddy works to keep the Internet safe for all users, and DNSSEC is an important additional step toward keeping the infrastructure more secure," said Warren Adelman, President and Chief Operating Officer of GoDaddy.com, the world's largest domain name registrar. "That's why Go Daddy supports DNSSEC for .net. We believe DNSSEC helps us continue providing our customers with what they want and need -- security and reliability."
The .net milestone is the latest achievement in VeriSign's efforts to improve the integrity of Internet communications and transactions by implementing DNSSEC throughout the DNS. By protecting the .net zone with DNSSEC, VeriSign can now include DNSSEC-enabled records from domain name registrars in its authoritative .net registry. Today's milestone follows months of deliberate and rigorous testing of DNSSEC, and builds on VeriSign's collaboration with EDUCAUSE and the U.S. Department of Commerce to deploy DNSSEC in the .edu zone earlier this year. VeriSign expects to sign .com by first quarter 2011.
A key part of VeriSign's DNSSEC collaboration with the Internet community is the company's operation of the DNSSEC Interoperability Lab. Staffed by VeriSign personnel, the lab helps solution and service providers determine if DNS packets containing DNSSEC information, which are typically larger than standard DNS packets, will cause problems for their Internet and enterprise infrastructure components. The lab is helping to ensure that the entire Internet communications ecosystem is ready for DNSSEC.
VeriSign's DNSSEC initiatives also dovetail with Project Apollo, the company's effort to dramatically scale up the Internet infrastructure that delivers DNS from its current levels by a factor of a thousand. Doing so will help to manage an estimated 4 quadrillion queries per day in 2020. The Apollo effort follows on the heels of the successful completion of VeriSign's Project Titan that aimed to improve DNS infrastructure tenfold over 2007 levels. Project Apollo is designed to move beyond Titan, to help VeriSign meet the Internet infrastructure challenges of the next decade.
About VeriSign VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign enables companies and consumers all over the world to connect online with confidence. Additional news and information about the company is available at www.verisign.com.