Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:28 AM
Dark Reading
Dark Reading
Products and Releases

VeriSign DNSSEC Interop Lab Adds Brocade, A10 Networks, BlueCat Networks

Meanwhile, VeriSign continues to work closely with ICANN and the Department of Commerce on root zone deployment

MOUNTAIN VIEW, CA--(Marketwire - June 25, 2010) - VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world, today announced that Brocade, A10 Networks and BlueCat Networks are participating in the DNS Security Extensions (DNSSEC) Interoperability Lab. The lab was established by VeriSign to help vendors confirm that their solutions interoperate with DNSSEC.

By applying digital signatures to DNS data, DNSSEC authenticates the origin of the data and verifies its integrity as it moves across the Internet. Testing the widest array of infrastructure components in the VeriSign DNSSEC Interoperability Lab is especially crucial as the signed root zone is set to become available on July 15. Plans call for VeriSign to sign the .edu domain in July, .net by fourth quarter 2010 and .com by first quarter 2011.

Additionally, VeriSign is working in collaboration with the industry, including ICANN and the Department of Commerce, on the deployment of DNSSEC in the root zone. In an important DNSSEC deployment milestone, VeriSign recently joined ICANN, the Department of Commerce and 14 Trusted Community Representatives in generating and securely storing the first cryptographic digital key used to secure the Internet root zone.

Brocade, A10 Networks and BlueCat Networks have joined Cisco Systems, Juniper Networks and other organizations in working with VeriSign's DNSSEC Interoperability Lab to review their solutions in a DNSSEC-enabled environment. DNSSEC is designed to protect the Domain Name System from "man in the middle" and cache poisoning attacks.

"The growing need to access critical data and applications anytime and anywhere through the Internet requires a collaborative effort to mitigate possible threats to network infrastructures," said Keith Stewart, director of product management at Brocade. "As a networking leader delivering customers unmatched investment protection and high availability, Brocade is committed to simplifying and securing Internet communications end-to-end, including at the name server level. Our participation with the VeriSign DNSSEC Interoperability Lab will provide customers a proven and secure solution to deploy next generation networks."

"DNS is fundamentally essential to Internet operation, and DNSSEC offers the ability to provide a higher level of integrity for DNS queries, giving consumers, enterprises or any Internet user more trust in their transactions," said Lee Chen, founder and CEO for A10 Networks. "We are pleased to participate with our AX Series in the VeriSign DNSSEC Interoperability Lab to ensure our Application Delivery and Server Load Balancing functionality works seamlessly in true DNSSEC environments."

"BlueCat didn't become an award-winning provider of physical and virtual IPAM (IP Address Management) solutions by ignoring the demands of the marketplace," said Luc Roy, vice president of product management and marketing at BlueCat Networks. "For our customers and for the industry at large, ensuring DNSSEC interoperability is a business imperative. VeriSign's DNSSEC Interoperability Lab makes it significantly easier for all members of the Internet communications ecosystem to be part of the DNSSEC solution."

The DNSSEC Interoperability Lab is staffed by VeriSign personnel who can help solution and service providers determine if DNS packets containing DNSSEC information, which are typically larger than standard DNS packets, will cause problems for their Internet and enterprise infrastructure components. For instance, some solutions may make assumptions about DNS packet size and structure that are no longer true with DNSSEC.

"Interoperability testing helps identify and solve any technical roadblocks that might pose a challenge to the secure, stable and resilient implementation of DNSSEC across .edu, .net and .com," Ken Silva, senior vice president and chief technology officer at VeriSign. "When DNSSEC goes live, we'll see larger volumes of data traffic move through the DNS system, because DNSSEC packets are larger than current DNS packets. That's why, as we begin the final stage of the root zone deployment this summer, it's essential for more organizations to take advantage of the DNSSEC Interoperability Lab to ensure firewalls, applications and other equipment can support DNSSEC."

In addition to operating the DNSSEC Interoperability Lab, VeriSign has rolled out a program to ease DNSSEC deployment for a wide range of Internet stakeholders. Over the past several months, VeriSign has published technical resources, led educational sessions, participated in industry forums and developed tools designed to simplify DNSSEC management.

The company has also actively provided support for its network of registrars for DNSSEC implementation, and has provided a software development kit (SDK) and other tools, training, services and support. Once .com and .net are signed, VeriSign also plans to provide registrars with key exchange services.

"Adopting DNSSEC could be significantly more costly, difficult and time-consuming without the support we're receiving from VeriSign," said Clint Page, president and CEO at Dotster, Inc. "VeriSign is working with us to establish a deployment strategy. This is on our product road map, and availability is currently under review."

More information on VeriSign's DNSSEC plans is available here: http://www.verisign.com/dnssec.

About VeriSign VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at www.verisign.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
DevSecOps: The Answer to the Cloud Security Skills Gap
Lamont Orange, Chief Information Security Officer at Netskope,  11/15/2019
Attackers' Costs Increasing as Businesses Focus on Security
Robert Lemos, Contributing Writer,  11/15/2019
Human Nature vs. AI: A False Dichotomy?
John McClurg, Sr. VP & CISO, BlackBerry,  11/18/2019
Register for Dark Reading Newsletters
White Papers
Cartoon Contest
Write a Caption, Win a Starbucks Card! Click Here
Latest Comment: -when I told you that our cyber-defense was from another age
Current Issue
Navigating the Deluge of Security Data
In this Tech Digest, Dark Reading shares the experiences of some top security practitioners as they navigate volumes of security data. We examine some examples of how enterprises can cull this data to find the clues they need.
Flash Poll
Rethinking Enterprise Data Defense
Rethinking Enterprise Data Defense
Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industrys conventional wisdom. Heres a look at what theyre thinking about.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2019-11-19
masqmail 0.2.21 through 0.2.30 improperly calls seteuid() in src/log.c and src/masqmail.c that results in improper privilege dropping.
PUBLISHED: 2019-11-19
Zikula 1.3.0 build #3168 and probably prior has XSS flaw due to improper sanitization of the 'themename' parameter by setting default, modifying and deleting themes. A remote attacker with Zikula administrator privilege could use this flaw to execute arbitrary HTML or web script code in the context ...
PUBLISHED: 2019-11-19
lightdm before 0.9.6 writes in .dmrc and Xauthority files using root permissions while the files are in user controlled folders. A local user can overwrite root-owned files via a symlink, which can allow possible privilege escalation.
PUBLISHED: 2019-11-19
The XMLFileLookupService in NiFi versions 1.3.0 to 1.9.2 allowed trusted users to inadvertently configure a potentially malicious XML file. The XML file has the ability to make external calls to services (via XXE) and reveal information such as the versions of Java, Jersey, and Apache that the NiFI ...
PUBLISHED: 2019-11-19
When updating a Process Group via the API in NiFi versions 1.3.0 to 1.9.2, the response to the request includes all of its contents (at the top most level, not recursively). The response included details about processors and controller services which the user may not have had read access to.