Deploying DNSSEC
In the summer of 2008, security researcher Dan Kaminsky exposed a fundamental security flaw in the DNS protocol – a flaw that allowed hackers easily to hijack web sites and redirect email communications. Ever since then, the world has been begun adopting DNSSEC as the permanent solution to this problem.
DNSSEC has now been deployed at the root domain and at an increasing number of large top level domains like .com, .net, and .org. Furthermore, DNSSEC deployment is required for U.S. federal government domains and has been recommended by the National Institute of Standards and Technology as a critical technology to strengthen the cybersecurity of any organization that relies on the Internet to do business.
The Need
DNSSEC uses asymmetric cryptography to digitally sign DNS responses. These digital signatures can then be validated by the recipient to ensure that a DNS response is authentic and has not been altered in transit.
But DNSSEC is complex, and this complexity leads to long implementation times and high deployment and maintenance costs. And if it is implemented incorrectly, DNSSEC can cause your organization’s domains to become unreachable.
The Solution
Secure64 DNS Signer is a secure, DNSSEC software appliance that works with your existing DNS infrastructure and automates all of the activities required to deploy DNSSEC. DNS Signer allows your organization to:
- Implement DNSSEC in days, not months
- Reduce deployment and maintenance costs
- Retain the investment in your existing DNS infrastructure
- Eliminate errors that can cause your domain to become unreachable
