Learn Try Buy

Add Trust to Your DNS


When you visit a web site, send an email, or download software, can you be sure you are communicating with the server you should be? The answer is that you can’t, at least not with certainty.

For businesses that rely on the Internet for revenue or to perform daily business operations, trust that DNS queries came from an authorized source and have not been altered in transit is critical. DNSSEC adds this high level of trust to the DNS.

What is DNSSEC?

DNSSEC adds digital signatures to DNS responses, which are then validated by the recipient. So, if someone tries to impersonate an authorized DNS server, the response is detected as bogus and discarded. Or if someone tries to forge a response, the bogus response is detected and discarded. With DNSSEC, you know with certainty if a response can be trusted or not.

So, why isn’t DNSSEC broadly implemented? Because DNSSEC is complex to learn and time consuming to implement correctly. Sometimes it can even require programming or system integration skills that you may not have available. And if you make a mistake, you may cause your web and email servers to be unreachable.

Simple, Secure DNSSEC

Secure64® DNS Signer™ makes it easy to implement DNSSEC securely and correctly. Signer runs on SourceT, Secure64’s malware-immune, Genuinely Secure micro OS, so it is able to safely keep signing keys online and has acheived FIPS 140-2 level 2 certification. This allows full automation of all of the DNSSEC key management and signing processes. Simply turn DNSSEC signing on and your zones are signed!

No Disruption to your existing DNS

Unlike other DNSSEC solutions, Signer integrates into your existing DNS infrastructure. It is fully compatible with Secure64 DNS Authority, BIND, Microsoft Windows 2008 r2 and NSD masters and slaves, so you don't have to throw away your existing DNS to deploy DNSSEC.

Fast and Scalable

No matter how large or dynamic your DNS data, Signer's high-performance and incremental-signing capabilities mean it can handle the load. It is being used to sign a single domain with 14 million records, as well as hundreds of thousands of domains with a few records each. And it can easily handle the load associated with dynamic DNS in your internal network. Additionally, Signer supports all of the RFCs and best practices required to deploy DNSSEC.

Good Practice is Good Business

DNSSEC thwarts many of the attacks used for committing fraud, including
  • Pharming
  • Cache poisoning
  • DNS redirection attacks or hijacking
This increases consumer confidence in the security of their online transactions. And that’s good for business. Signer delivers a positive impact on the company bottom line—also good for business.

Reduce Costs
  • Deployment can take less than 1 week
  • Eliminate scripting and programming
  • Greatly reduce administration costs
Reduce Risk
  • Eliminate implementation errors
  • Simplify disaster recovery
Enables Compliance
  • Accelerates compliance with OMB mandate                                   
  • Meets NIST guidelines for secure DNS
 		  



FIPS 140-2 Inside

TM: A Certification Mark of NIST, which does not imply product endorsement by NIST, the U.S. or Canadian Governments

 

 

 

 




Learn
Find out more about DNSSEC and DNS Signer.
Try
Try DNS Signer through online demos or on-site evaluation units.
Buy
Request a quote from a Secure64 representative.

Featured Video

DNSSEC Deployment Options

 

  For more information call:

    (877) 890-0064

  or email:

     Sales@Secure64.com