Related Links

  • Nominum
  • VeriSign
  • Reed Exhibitions Ltd is not responsible for the content of external websites.

Related Stories

  • Misconfigured modems leave web open to DDoS attacks
    Poorly configured cable and DSL modems are leaving the internet open to distributed denial of service (DDoS) attacks based on rogue DNS queries, according to research to be released this week by Infoblox.
  • Infosecurity - the week in brief
    Black Hat DC This week, Black Hat DC was on in Arlington, VA. Moxie Marlinspike announced a new attack against SSL that forces HTTPS traffic into HTTP to allow a man in the middle attack. Dan Kaminsky, who discovered the infamous DNS flaw last year and criticized SSL at the the time, reacts here. He also resolved at the conference to take two months off work to promote the adoption of DNSSEC - a more secure DNS standard that has not been widely implemented.
  • ICANN cans Estonian registrar's credentials
    For a while it looked like the not-for-profit Internet registrar of registrars might waver in its plans to revoke the credentials of EstDomains, a domain name registrar with a reported reputation for dealing with spam generators and similar internet companies.

Top 5 Stories


DNSSEC encrypted domain technology gets welcome boost

19 November 2009

Things appear to be moving ahead for DNSSEC, the encrypted domain technology designed to protect the domain name system from spoofing and other hacks. Nominum, which supplies DNS systems, announced new capabilities in its products designed to eliminate barriers to DNSSEC deployment.

"DNSSEC processes that previously took additional equipment such as external 'signing' appliances are now Nominum software features running on commodity server hardware", the company said. Operations that were previously complex multistep manual processes have been condensed to a few keystrokes by Nominum.

The DNSSEC encrypted domain technology is now supported within Nominum's authoritative DNS servers. Online or off-line deployment models are both supported. Its line of Vantio caching DNS servers already support the technology and have validation turned on by default.

Earlier in the week, VeriSign, which is responsible for operating the .com and .net top level domains, announced that it would complete DNSSEC implementation on them both by the first quarter of 2011. It is working with ICANN and domain name registrars across the world, along with ISPs, to assist them with DNSSEC encrypted domain technology deployment, and launched a technical boot camp program to provide tools and training.

The DNSSEC encrypted domain technology uses digital keys to encrypt a domain name, making it much more difficult for an attacker to spoof a domain name by tampering with DNS. It would also help to protect organizations against the crucial DNS design flaw discovered by Ioactive researcher Dan Kaminsky last year.

This article is featured in:
Encryption  •  Internet and Network Security


Comment on this article

You must be registered and logged in to leave a comment about this article.

We use cookies to operate this website and to improve its usability. Full details of what cookies are, why we use them and how you can manage them can be found by reading our Privacy & Cookies page. Please note that by using this site you are consenting to the use of cookies. ×