Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.


11:28 AM
Dark Reading
Dark Reading
Products and Releases

VeriSign DNSSEC Interop Lab Adds Brocade, A10 Networks, BlueCat Networks

Meanwhile, VeriSign continues to work closely with ICANN and the Department of Commerce on root zone deployment

MOUNTAIN VIEW, CA--(Marketwire - June 25, 2010) - VeriSign, Inc. (NASDAQ: VRSN), the trusted provider of Internet infrastructure services for the networked world, today announced that Brocade, A10 Networks and BlueCat Networks are participating in the DNS Security Extensions (DNSSEC) Interoperability Lab. The lab was established by VeriSign to help vendors confirm that their solutions interoperate with DNSSEC.

By applying digital signatures to DNS data, DNSSEC authenticates the origin of the data and verifies its integrity as it moves across the Internet. Testing the widest array of infrastructure components in the VeriSign DNSSEC Interoperability Lab is especially crucial as the signed root zone is set to become available on July 15. Plans call for VeriSign to sign the .edu domain in July, .net by fourth quarter 2010 and .com by first quarter 2011.

Additionally, VeriSign is working in collaboration with the industry, including ICANN and the Department of Commerce, on the deployment of DNSSEC in the root zone. In an important DNSSEC deployment milestone, VeriSign recently joined ICANN, the Department of Commerce and 14 Trusted Community Representatives in generating and securely storing the first cryptographic digital key used to secure the Internet root zone.

Brocade, A10 Networks and BlueCat Networks have joined Cisco Systems, Juniper Networks and other organizations in working with VeriSign's DNSSEC Interoperability Lab to review their solutions in a DNSSEC-enabled environment. DNSSEC is designed to protect the Domain Name System from "man in the middle" and cache poisoning attacks.

"The growing need to access critical data and applications anytime and anywhere through the Internet requires a collaborative effort to mitigate possible threats to network infrastructures," said Keith Stewart, director of product management at Brocade. "As a networking leader delivering customers unmatched investment protection and high availability, Brocade is committed to simplifying and securing Internet communications end-to-end, including at the name server level. Our participation with the VeriSign DNSSEC Interoperability Lab will provide customers a proven and secure solution to deploy next generation networks."

"DNS is fundamentally essential to Internet operation, and DNSSEC offers the ability to provide a higher level of integrity for DNS queries, giving consumers, enterprises or any Internet user more trust in their transactions," said Lee Chen, founder and CEO for A10 Networks. "We are pleased to participate with our AX Series in the VeriSign DNSSEC Interoperability Lab to ensure our Application Delivery and Server Load Balancing functionality works seamlessly in true DNSSEC environments."

"BlueCat didn't become an award-winning provider of physical and virtual IPAM (IP Address Management) solutions by ignoring the demands of the marketplace," said Luc Roy, vice president of product management and marketing at BlueCat Networks. "For our customers and for the industry at large, ensuring DNSSEC interoperability is a business imperative. VeriSign's DNSSEC Interoperability Lab makes it significantly easier for all members of the Internet communications ecosystem to be part of the DNSSEC solution."

The DNSSEC Interoperability Lab is staffed by VeriSign personnel who can help solution and service providers determine if DNS packets containing DNSSEC information, which are typically larger than standard DNS packets, will cause problems for their Internet and enterprise infrastructure components. For instance, some solutions may make assumptions about DNS packet size and structure that are no longer true with DNSSEC.

"Interoperability testing helps identify and solve any technical roadblocks that might pose a challenge to the secure, stable and resilient implementation of DNSSEC across .edu, .net and .com," Ken Silva, senior vice president and chief technology officer at VeriSign. "When DNSSEC goes live, we'll see larger volumes of data traffic move through the DNS system, because DNSSEC packets are larger than current DNS packets. That's why, as we begin the final stage of the root zone deployment this summer, it's essential for more organizations to take advantage of the DNSSEC Interoperability Lab to ensure firewalls, applications and other equipment can support DNSSEC."

In addition to operating the DNSSEC Interoperability Lab, VeriSign has rolled out a program to ease DNSSEC deployment for a wide range of Internet stakeholders. Over the past several months, VeriSign has published technical resources, led educational sessions, participated in industry forums and developed tools designed to simplify DNSSEC management.

The company has also actively provided support for its network of registrars for DNSSEC implementation, and has provided a software development kit (SDK) and other tools, training, services and support. Once .com and .net are signed, VeriSign also plans to provide registrars with key exchange services.

"Adopting DNSSEC could be significantly more costly, difficult and time-consuming without the support we're receiving from VeriSign," said Clint Page, president and CEO at Dotster, Inc. "VeriSign is working with us to establish a deployment strategy. This is on our product road map, and availability is currently under review."

More information on VeriSign's DNSSEC plans is available here: http://www.verisign.com/dnssec.

About VeriSign VeriSign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, VeriSign helps companies and consumers all over the world engage in communications and commerce with confidence. Additional news and information about the company is available at www.verisign.com.

Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
7 Old IT Things Every New InfoSec Pro Should Know
Joan Goodchild, Staff Editor,  4/20/2021
Cloud-Native Businesses Struggle With Security
Robert Lemos, Contributing Writer,  5/6/2021
Defending Against Web Scraping Attacks
Rob Simon, Principal Security Consultant at TrustedSec,  5/7/2021
Register for Dark Reading Newsletters
White Papers
Current Issue
2021 Top Enterprise IT Trends
We've identified the key trends that are poised to impact the IT landscape in 2021. Find out why they're important and how they will affect you today!
Flash Poll
How Enterprises are Developing Secure Applications
How Enterprises are Developing Secure Applications
Recent breaches of third-party apps are driving many organizations to think harder about the security of their off-the-shelf software as they continue to move left in secure software development practices.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
PUBLISHED: 2021-05-12
Affected versions of Atlassian Jira Server and Data Center allow an unauthenticated user to enumerate users via an Information Disclosure vulnerability in the QueryComponentRendererValue!Default.jspa endpoint. The affected versions are before version 8.5.13, from version 8.6.0 before 8.13.5, and fro...
PUBLISHED: 2021-05-11
In the Linux kernel 5.11 through 5.12.2, isotp_setsockopt in net/can/isotp.c allows privilege escalation to root by leveraging a use-after-free. (This does not affect earlier versions that lack CAN ISOTP SF_BROADCAST support.)
PUBLISHED: 2021-05-11
A flaw was found in the hivex library in versions before 1.3.20. It is caused due to a lack of bounds check within the hivex_open function. An attacker could input a specially crafted Windows Registry (hive) file which would cause hivex to read memory beyond its normal bounds or cause the program to...
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11 and before 6.9.12, where a division by zero in WaveImage() of MagickCore/visual-effects.c may trigger undefined behavior via a crafted image file submitted to an application using ImageMagick. The highest threat from this vulnerability is to ...
PUBLISHED: 2021-05-11
A flaw was found in ImageMagick in versions before 7.0.11, where a division by zero ConvertXYZToJzazbz() of MagickCore/colorspace.c may trigger undefined behavior via a crafted image file that is submitted by an attacker and processed by an application using ImageMagick. The highest threat from this...