VeriSign today launched a cloud based service to ease the implementation of Domain Name System Security Extensions (DNSSEC).
The VeriSign DNSSEC Signing Service is being offered to registrars to help them incorporate signing and provisioning into their infrastructure, while reducing costs, complexity and the administrative burden associated with implementing DNSSEC support for their customers. The service is ideal for registrars that host their own DNS, but are not ready to invest in the engineering and infrastructure needed to sign domain names (zones) or manage keys for DNSSEC.
DNSSEC provides an additional layer of security to the Internet by protecting against cache poisoning and man-in-the-middle attacks, in which forged data is used to redirect unsuspecting users to fraudulent websites and unintended addresses. DNSSEC is becoming essential to maintaining trust in the Internet; however, implementing DNSSEC can be a complex process and faces many challenges.
The VeriSign DNSSEC Signing Service performs the initial cryptographic signing, the regular re-signing of zone resource records and the ongoing management of key rollover schedules and the associated zone re-signing. Registrars can use the VeriSign DNSSEC Signing Service for the initial signing of second-level domain names (zones) as well as the periodic resigning and the ongoing management of keys associated with the DNSSEC protocol.
Related Reading: Trouble Ahead – The Implementation Challenges for DNSSEC
Related Reading: Deploying DNSSEC – Four Ways to Prepare Your Enterprise for DNSSEC
Related Reading: Five Strategies for Flawless DNSSEC Key Management and Rollover
Related Reading: The Missing Ingredients for DNSSEC Success
Related Reading: DNS Hijack – How to Avoid Being a Victim
Related Reading: First Step For The Internet’s next 25 years: Adding Security to the DNS