RealTime IT News

VeriSign Accelerates DNS

Verisign has launched its new name server initiative, a move designed to improve the speed with which .com and .net DNS zone files are updated.

VeriSign Naming and Directory Services (VNDS) promises to update the core 13 .com and .net authoritative name servers in less than five minutes. The current rate is about twice per day.

The move, which had been originally announced in January, could also become a potential windfall for spammers and phishers, according to at least industry one expert.

Under the current system, a registrar may have to wait up to 18 hours before a .com or .net DNS change shows up in all 13 .com/.net authoritative name servers. But with the new VNDS, that change will happen "nearly immediately," VeriSign said.

According to VeriSign, the move to rapid DNS updates is powered by its proprietary authoritative name server, ATLAS, which was designed specifically for .com and .net.

"Rapid updates are one of the features included in ATLAS's design to provide a better user experience for .com/.net registrants/domain name holders," a posting on VeriSign's Web site said. "After extensive testing, VeriSign is now confident this feature is ready to be deployed."

According to VeriSign, the rapid update scheme has met with a positive response so far.

"The response to rapid updates of .com and .net domains in the DNS has been overwhelmingly positive from ISPs, Registrars and others in the Internet community," said Matt Larson, principal engineer at VeriSign.

According to a leading expert on DNS, the move to rapid updates for .com and .net will bring them to parity with .org.

Paul Vixie, founder of the ISC, the group that produces BIND, told internetnews.com that .org moved to a similar rapid update when it was moved from VeriSign to UltraDNS last year.

"I suspect that VeriSign's marketing people have been demanding parity with .org for .com/.net ever since that move," said Vixie, who also operates one of the 13 root DNS servers.

Though VeriSign's rapid DNS initiative will significantly enhance the speed of updates for .com and .net, Vixie observed that it would not affect any root server belonging to the ISC or otherwise.

"This is just a change to the .com servers," Vixie said. "All the root servers have to say about .com is 'here is the list of VeriSign's nameservers.' What happens inside .com or .org or any other top level domain has no direct effect on the root name server system. They can update every five minutes, or every five seconds, it's all the same to us."

As to whether faster .com updates would be a boon for spammers, VeriSign said it doesn't think that would be an outcome.

"Rapid updates to .com and .net DNS files are consistent with processes in place at other registries today and do not create any additional opportunities for SPAM and phishing," VeriSign's Matt Larson said.

"Moreover, VeriSign is working actively with other leading technology providers and through Internet steering committees to bring security solutions to bear on the problems of SPAM and phishing that drain valuable resources and disrupt users' experiences on the Internet."

However, ISC's Vixie argued that spammers and phishers who want to operate as far "under the radar" as they can would be able to register a throw-away domain and start using it instantaneously. "Previously they had to create their throw-away domains days in advance, and I'm concerned about the ways they will use their new rapid-insert capability," he said.

"However, I think that rapid DNS updates will do much more good than harm, and I am happy to see .com and .net reach parity with .org in this area. (As an editor of a 1997 specification for dynamic updates in the domain name system, Vixie has long argued for DNS to be more dynamic.)