Search DNSSEC Blog


Wednesday, November 18, 2009

F5 Highlights New Security Features In BIG-IP 10.1

"Application Delivery Network vendor F5 has rolled out a number of security functionality features on their BIG-IP appliances. Along with enhanced protection against automated scanners and bots, the 10.1 release also delivers DNSSEC compliance, expanded IP geolocation and improved reporting.

For many enterprises, the DNSSEC updates are likely going to be the biggest draw to 10.1. The added security extension, meant to protect domain names from spoofing attacks, provides a trusted link between user and host. Unfortunately, this level of trust does not exist when a traffic manager, such as the BIG-IP's Global Traffic Manager, is redirecting traffic based on location or traffic load. F5's solution is to deliver the signed responses from the BIG-IP itself, making it the trusted host, ensuring compliance without having to re-engineer the application server environment behind it. F5 claims that their BIG-IP DNSSEC solution is the first to market among competitors in the load balancing space."

Source: F5 Highlights New Security Features In BIG-IP 10.1, Michael Brandenburg, Retrieved on November 18, 2009 from

Tuesday, November 17, 2009

VeriSign to offer DNSSEC by Q1 2011

VeriSign announced Monday that it will meet its goal of supporting DNS Security Extensions – dubbed DNSSEC -- in the .net and .com top-level domains by March 2011.

VeriSign has been working on DNSSEC deployment with Educause, a non-profit organization that operates the .edu domain for universities and colleges. VeriSign and Educause are hosting a DNSSEC testbed for universities to trial new DNS authentication mechanisms. VeriSign says it will have DNSSEC fully operational on .edu by March.

“Signing the root is in a testbed right now,” says Pat Kane, vice president of naming at VeriSign. “We will have a deliberate, pragmatic rollout by July 1. Then the entire DNS root zone across the globe will be signed.”

Kane says the trickiest part of deploying DNSSEC across .com and .net is allowing domain name registrars—such as Go Daddy, Network Solutions and—to do the key management for their customers.

Kane says VeriSign plans to have DNSSEC deployed across .net by the fourth quarter of 2010 and .com by the first quarter of 2011.

DNSSEC also needs to be deployed across more domains. VeriSign says it will add these DNS security mechanisms to two more domains that it operates -- .tv and .cc – by the end of 2011.

Corporations with large portfolios of domain names need to make sure that their registrars are rolling out DNSSEC, Kane advises. “These companies don’t just have .com and .net names, but also .info and .biz names,” he adds. “They should be encouraging their registrars to get other [top-level domains] working on this.”

The U.S. federal government is deploying DNSSEC on the .gov domain this year, and the Public Interest Registry announced support for DNSSEC on the .org domain in June. Other countries such as Sweden, Puerto Rico, Bulgaria, Brazil and Czech Republic already support this added layer of security for DNS look-ups.

Source: VeriSign bolsters security for .com, .net sites, Carolyn Duffy Marsan, Network World , Retrived on November 17, 2009 from