News: E-commerce
21 Jul 2010
VeriSign Announces Deployment of DNS Security Extensions at the Internet's Root
VeriSign, Inc., the trusted provider of Internet infrastructure services for the networked world, has announced a key achievement in the ongoing effort to improve the integrity of Internet communications and transactions via DNS Security Extensions (DNSSEC).
DNSSEC - a critical security technology – has become enabled at the root zone, which lies at the core of the Internet's global addressing system. VeriSign worked closely with the Internet Corporation for Assigned Names and Numbers (ICANN) and the U.S. Department of Commerce to make the signed root zone available and to publish a single trust anchor that Internet infrastructure stakeholders need to streamline DNSSEC deployment.
"VeriSign is proud to work with ICANN and the Department of Commerce in strengthening the integrity of DNS data," said Ken Silva, senior vice president and chief technology officer at VeriSign. "In this collaborative, industry-wide effort to protect consumers and organisations from hackers who target DNS data, today's news marks a decisive step forward. We look forward to building on this vital effort in the months and years ahead."
DNSSEC applies digital signatures to DNS data to authenticate the data's origin and verify its integrity as it moves across the Internet. The security extensions are designed to protect the DNS from "man in the middle" and cache poisoning attacks, which can occur when hackers corrupt DNS data stored on recursive servers to redirect queries to malicious sites. With DNSSEC, poisoning a recursive server's cache is much more difficult because DNS administrators sign their data. The resulting digital signatures on that DNS data are validated through a "chain of trust" that starts with the public key published today for the root zone.
The announcement of the signed root zone's availability follows VeriSign's and ICANN's successful tests of DNSSEC with the operators of all root servers. Throughout the increasingly rigorous testing process, these organisations reported no detrimental impact on DNS performance, which led the Department of Commerce to authorise of the signing of the root zone.
VeriSign manages two of the world's 13 Internet root servers. Those two servers -- a.root-servers.net and j.root-servers.net -- are considered national IT assets by the U.S. government. VeriSign also manages numerous mirrored copies of the root servers via the Anycast routing technique.
Back to main news page.