Search DNSSEC Blog


Monday, December 28, 2009

What is Google Public DNS?

What is Google Public DNS?

Google Public DNS is a free, global Domain Name System (DNS) resolution service, that you can use as an alternative to your current DNS provider.
To try it out:
  • Configure your network settings to use the IP addresses and as your DNS servers or
  • Read our configuration instructions.
If you decide to try Google Public DNS, your client programs will perform all DNS lookups using Google Public DNS.

Why does DNS matter?

The DNS protocol is an important part of the web's infrastructure, serving as the Internet's phone book: every time you visit a website, your computer performs a DNS lookup. Complex pages often require multiple DNS lookups before they start loading, so your computer may be performing hundreds of lookups a day.

Why should you try Google Public DNS?

By using Google Public DNS you can:


Tuesday, December 15, 2009

Neustar Implements DNSSEC in the .US Registry

Neustar announced today that it has implemented DNSSEC in the .US country-code top level domain registry.

"This is an important step for Neustar, and gives .US domain name holders a significant way to differentiate their businesses," said Tim Switzer, vice president of registry services at Neustar. ".US now stands for unprecedented Internet security."

Source: Neustar Implements DNS Security Extensions in the .US Registry, Neustar, Inc., Retrieved on December 15, 2009 from

Monday, December 14, 2009

Infoblox Delivers the Industry's Most Automated DNSSEC Solution

Fully Automated Key Management and Rollover Eliminates Barriers to DNSSEC Adoption

Infoblox Inc. today announced availability of additional functionality to help organizations simplify deployment of the Domain Name System Security Extensions (DNSSEC), a suite of IETF specifications for securing information provided by DNS.

Infoblox addresses this with its "one-click DNSSEC" solution that replaces manual key generation and zone signing with a one-click process that generates and securely distributes encryption keys to all appliances in the Infoblox grid that serve DNSSEC data. Infoblox also automates the critical process of periodically changing keys, also known as "key rollover," which is essential to ensuring that secure DNS data cannot be compromised. Keys are rolled over automatically according to best practices recommended by the National Institute of Standards and Technology (NIST-800-81) and RFC 4641 standards. DNSSEC records are signed and re-signed automatically each time DNS data are changed. This eliminates dozens of error-prone, manual operations and eliminates the need to write and maintain custom scripts.

Further, configuring a secondary and/or recursive name server for DNSSEC can also be accomplished with a single click. The solution also automates important administrative functions including easy importing of trust anchors.

Infoblox Vice President of Architecture and DNS expert, Cricket Liu, commented: "Addressing the most threatening DNS security concerns requires a globally coordinated effort to deploy DNSSEC. The functionality Infoblox provides in its purpose-built, highly automated solutions helps organizations overcome deployment challenges by eliminating the complex tasks required to support DNSSEC with conventional solutions."

Pricing and Availability

The most comprehensive DNSSEC functionality is now available in Infoblox NIOS software version 5.0r1, the only core network services solution on the market with a single Web-based graphical user interface (GUI) that provides management of all aspects of the domain name system (DNS), IP address assignment (DHCP) and IP address management (IPAM) infrastructure and data.

The NIOS software version 5.0r1 will be available Dec. 21, 2009. Pricing for the solution on the Infoblox-250 appliance starts at $2,495 in the U.S. Software upgrades are available free of charge for all current customers with a valid maintenance contract.

For more information about Infoblox products, visit:

Source: Marketwire, Infoblox Delivers the Industry's Most Automated DNSSEC Solution, Retrieved on December 14, 2009 from

Tuesday, December 1, 2009

Secure64 DNS Signer Earns FIPS 140-2 Level 2 Security Certification

Product Meets Stringent Cryptographic Security Standards Required for Federal Agencies

Secure64 Software Corporation today announced that the company's Secure64 DNS Signer software appliance will receive FIPS 140-2 Level 2 certification from the National Institute of Standards and Technology (NIST) and the Communications Security Establishment Canada (CSEC). Secure64 DNS Signer is the first commercial DNSSEC software appliance certified to Level 2. U.S. federal agencies are required to utilize only FIPS-certified products in any federal system that uses cryptography to protect sensitive or valuable information.

"This FIPS certification recognizes the security inherent in Secure64's architecture, which is able to store sensitive information online safely. By combining this security with high speed cryptography, our DNSSEC signing software is able to offer better cryptographic security and performance than other software solutions without the added cost and complexity of cryptographic hardware," said Steve Goodbarn, Secure64 CEO.

FIPS 140-2 is a NIST standard for cryptographic security that defines four levels of compliance ranging from Level 1 to Level 4. Level 1 certification provides assurance that the most basic security requirements have been met, while security requirements become more stringent as the certification levels increase. DNSSEC products use cryptographic digital signatures to protect the DNS, so FIPS 140-2 certification is a good measure of the degree of private key protection provided. No software cryptographic module has ever been certified to Level 3 or 4.

"FIPS certification is increasingly an important foundational technology requirement to drive adoption across the federal government marketplace," said Rishi Sood, Research Vice President at Gartner.

Public key cryptography is commonly used in computer systems to ensure the authenticity, integrity or confidentiality of data communicated across a network. Trust in the security of network communications depends on the degree of security those computer systems provide to protect their cryptographic keys. Without sufficient security, messages could easily be forged or confidential information intercepted.

"Most of our competitors simply use the cryptographic module that ships with the underlying operating system, or an OpenSSL cryptographic module," said Joe Gersch, Secure64 COO and nationally-recognized DNSSEC expert. "These modules may have been certified by NIST to Level 1, but the version of the module that was certified may or may not be the one actually used by the vendor. In contrast, Secure64 DNS Signer actually met the requirements for Level 3 in four of ten categories, and provides mitigation of attacks beyond what is required for certification. This means our software provides significantly more cryptographic security than any other commercial DNSSEC signing software available today."

For more information about DNSSEC and Secure64 DNS Signer, visit

SOURCE: Secure64 Software Corporation, PR NReswire, Retrieved on December 1, 2009 from