By applying digital signatures to DNS data, DNSSEC authenticates the origin of the data and verifies its integrity as it moves across the Internet. Testing the widest array of infrastructure components in the VeriSign DNSSEC Interoperability Lab is especially crucial as the signed root zone is set to become available on July 15. Plans call for VeriSign to sign the .edu domain in July, .net by fourth quarter 2010 and .com by first quarter 2011.
Additionally, VeriSign is working in collaboration with the industry, including ICANN and the Department of Commerce, on the deployment of DNSSEC in the root zone. In an important DNSSEC deployment milestone, VeriSign recently joined ICANN, the Department of Commerce and 14 Trusted Community Representatives in generating and securely storing the first cryptographic digital key used to secure the Internet root zone.
Brocade, A10 Networks and BlueCat Networks have joined Cisco Systems, Juniper Networks and other organizations in working with VeriSign's DNSSEC Interoperability Lab to review their solutions in a DNSSEC-enabled environment. DNSSEC is designed to protect the Domain Name System from "man in the middle" and cache poisoning attacks.
"The growing need to access critical data and applications anytime and anywhere through the Internet requires a collaborative effort to mitigate possible threats to network infrastructures," said Keith Stewart, director of product management at Brocade. "As a networking leader delivering customers unmatched investment protection and high availability, Brocade is committed to simplifying and securing Internet communications end-to-end, including at the name server level. Our participation with the VeriSign DNSSEC Interoperability Lab will provide customers a proven and secure solution to deploy next generation networks."
"DNS is fundamentally essential to Internet operation, and DNSSEC offers the ability to provide a higher level of integrity for DNS queries, giving consumers, enterprises or any Internet user more trust in their transactions," said Lee Chen, founder and CEO for A10 Networks. "We are pleased to participate with our AX Series in the VeriSign DNSSEC Interoperability Lab to ensure our Application Delivery and Server Load Balancing functionality works seamlessly in true DNSSEC environments."
"BlueCat didn't become an award-winning provider of physical and virtual IPAM (IP Address Management) solutions by ignoring the demands of the marketplace," said Luc Roy, vice president of product management and marketing at BlueCat Networks. "For our customers and for the industry at large, ensuring DNSSEC interoperability is a business imperative. VeriSign's DNSSEC Interoperability Lab makes it significantly easier for all members of the Internet communications ecosystem to be part of the DNSSEC solution."
The DNSSEC Interoperability Lab is staffed by VeriSign personnel who can help solution and service providers determine if DNS packets containing DNSSEC information, which are typically larger than standard DNS packets, will cause problems for their Internet and enterprise infrastructure components. For instance, some solutions may make assumptions about DNS packet size and structure that are no longer true with DNSSEC.
"Interoperability testing helps identify and solve any technical roadblocks that might pose a challenge to the secure, stable and resilient implementation of DNSSEC across .edu, .net and .com," Ken Silva, senior vice president and chief technology officer at VeriSign. "When DNSSEC goes live, we'll see larger volumes of data traffic move through the DNS system, because DNSSEC packets are larger than current DNS packets. That's why, as we begin the final stage of the root zone deployment this summer, it's essential for more organizations to take advantage of the DNSSEC Interoperability Lab to ensure firewalls, applications and other equipment can support DNSSEC."
In addition to operating the DNSSEC Interoperability Lab, VeriSign has rolled out a program to ease DNSSEC deployment for a wide range of Internet stakeholders. Over the past several months, VeriSign has published technical resources, led educational sessions, participated in industry forums and developed tools designed to simplify DNSSEC management.
The company has also actively provided support for its network of registrars for DNSSEC implementation, and has provided a software development kit (SDK) and other tools, training, services and support. Once .com and .net are signed, VeriSign also plans to provide registrars with key exchange services.
"Adopting DNSSEC could be significantly more costly, difficult and time-consuming without the support we're receiving from VeriSign," said Clint Page, president and CEO at Dotster, Inc. "VeriSign is working with us to establish a deployment strategy. This is on our product road map, and availability is currently under review."
More information on VeriSign's DNSSEC plans is available here: http://www.verisign.com/dnssec.
About VeriSign VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at www.verisign.com.