The critical vulnerabilities of the Domain Name System ably documented by Dan Kaminsky brought into sharp relief the importance of implementing the security technology known as DNSSEC. But that process is neither simple nor cheap.
In an effort to help domain registrars make the transition, VeriSign is rolling out a new DNSSEC Signing Service, automating the process of key signing and updating, while also providing the management of cryptographic keys. eSecurity Planet takes a look.
In the summer of 2008, Dan Kaminsky demonstrated the inherent vulnerability in unsecured DNS. Since then, Top Level Domain (TLD) registries and registrars have been racing to secure their infrastructure with DNSSEC (DNS Security Extensions) which provide a degree of cryptographic authenticity to DNS information.
Getting DNSSEC setup on a domain is no easy task, which where the new VeriSign DNSSEC Signing Service comes into play. The new VeriSign service will provide the initial signing of a second-level domain name as well as the management of cryptographic keys. With the DNSSEC Signing Service, VeriSign is aiming to make it easier for registrars to enable DNSSEC.