VeriSign Boasts Tenfold Capacity Increase

As the Internet continues to grow in both users and usage, the underlying DNS infrastructure is growing along with it.

Today at its Analyst Day event, root DNS operator VeriSign (NASDAQ: VRSN) said that it had completed its Project Titan DNS upgrade ahead of schedule.

Project Titan, originally forecast to entail a $100 million investment, has expanded VeriSign’s ability to handle DNS queries by a factor of 10, the company boasted.

VeriSign is also growing its infrastructure to deal with the increasing security needs of the Internet, including both DNSSEC , SSL certificates and whatever else the future might bring.

“We’ve got a lot of capacity today but we don’t think we’re done,” VeriSign CTO Ken Silva said. “We’re going to build on the success of Project Titan. I’m happy to say that Titan was a very successful project and we were able increase our capacity 10 times what it was in 2005 by 2009, and we finished it ahead of schedule. But we’re not done.”

Silva added that VeriSign is working on re-purposing its Atlas DNS infrastructure for more kinds of lookups. In 2008, VeriSign added some support for IPv6 to Atlas.

“As we look into the future and the types of things we might serve in the future, we need to make enhancements and database adjustments that will allow us to add more data to be able to look up more things at the scale we’re doing DNS lookups today,” Silva said.

In 2007, VeriSign estimated the cost of the Project Titan infrastructure overhaul to be $100 million. In response to a question from an analyst, Silva declined to specifically break out the final costs for the effort.

“Project Titan was always part of our annual forecast,” Silva said. “With respect to what it cost, it was really blended in with the overall capital structure of the resolution and naming piece. It would be difficult to say we spent exactly this amount of money on Project Titan itself.”

The need for DNSSEC is one of the key factors pushing forward the requirements for VeriSign’s continued investment in DNS infrastructure. Last week, VeriSign announced its plans to support DNSSEC on the .com and .net registries, which it operates.

DNSSEC provides a cryptographically signed mechanism for ensuring that authenticity of DNS information. The issue of DNS security vaulted to prominence in the summer of 2008 with the disclosure by security researcher Dan Kaminsky that DNS was vulnerable to attack.

Silva said that VeriSign is committed to DNSSEC, noting that his was one of the first companies involved in developing standards and making sure that the Internet is prepared for the technology. He added that VeriSign is in the process of making the necessary upgrades to its infrastructure to prepare for DNSSEC, which will put additional lookup strain on the company’s resources.

“The day we turn DNSSEC on our bandwidth requirements will literally double, but we’ve anticipated that and it has been baked into our plans for some time,” Silva said.

In terms of challenges that are facing VeriSign’s Internet infrastructure moving forward, Silva isn’t too worried about the technology piece of the puzzle. In his view, he’s got that part under control. His problem is one of power.

“The problem today is power and cooling — not space in the datacenter,” Silva said. “Our two largest datacenters we have sufficient power which we think will carry us through 2015. My biggest concern is not the ability to provision servers but to provide power to those servers.”

News Around the Web