VeriSign has been working on DNSSEC deployment with Educause, a non-profit organization that operates the .edu domain for universities and colleges. VeriSign and Educause are hosting a DNSSEC testbed for universities to trial new DNS authentication mechanisms. VeriSign says it will have DNSSEC fully operational on .edu by March.
“Signing the root is in a testbed right now,” says Pat Kane, vice president of naming at VeriSign. “We will have a deliberate, pragmatic rollout by July 1. Then the entire DNS root zone across the globe will be signed.”
Kane says the trickiest part of deploying DNSSEC across .com and .net is allowing domain name registrars—such as Go Daddy, Network Solutions and Register.com—to do the key management for their customers.
Kane says VeriSign plans to have DNSSEC deployed across .net by the fourth quarter of 2010 and .com by the first quarter of 2011.
DNSSEC also needs to be deployed across more domains. VeriSign says it will add these DNS security mechanisms to two more domains that it operates -- .tv and .cc – by the end of 2011.
Corporations with large portfolios of domain names need to make sure that their registrars are rolling out DNSSEC, Kane advises. “These companies don’t just have .com and .net names, but also .info and .biz names,” he adds. “They should be encouraging their registrars to get other [top-level domains] working on this.”
The U.S. federal government is deploying DNSSEC on the .gov domain this year, and the Public Interest Registry announced support for DNSSEC on the .org domain in June. Other countries such as Sweden, Puerto Rico, Bulgaria, Brazil and Czech Republic already support this added layer of security for DNS look-ups.
Source: VeriSign bolsters security for .com, .net sites, Carolyn Duffy Marsan, Network World , Retrived on November 17, 2009 from networkworld.com/news/2009/111609-verisign-dnssec.html?hpg1=bn
Posts
No comments:
Post a Comment