Hotspots: Security issues can push DNS clouds services

VeriSign, Afilias, and other vendors are working on cloud-based DNS (domain name server) services.

With the addition of digital signature and public key encryption, the security of Internet domain Name system will be improved. But is the deployment of the domain Name System Security Extension Protocol (DNSSEC) prompting more companies to outsource their DNS operations?

This is an opportunity for service providers, including VeriSign and Afilias, to launch new management DNS and related security services in the coming weeks.

DNSSEC is a new Internet standard that can prevent spoofing attacks by verifying domain names and corresponding IP addresses with digital signatures and public key encryption.

Once the DNSSEC is fully deployed, the enterprise is able to prevent cache poisoning attacks, in which traffic from legitimate Web sites is redirected to a bogus site, without being known to webmasters and users. A cache poisoning attack originated in a serious vulnerability in DNS that was discovered by security researcher Dan Kaminsky in 2008.

DNSSEC has been deployed in the Internet infrastructure, from the root server at the top of the DNS infrastructure to servers running. com and. NET and other top-level domain names, and then to servers that cache the content of personal sites.

The DNS root server began supporting DNSSEC on July 15, which ensures that top-level domain names that are supported by this standard, including non-profit. Org,.se,. UK,. BR and. Cz. adding DNSSEC support for. edu,. NET, and. com will be implemented within the next six months.

Experts point out that DNSSEC makes DNS more complex after adding additional layers of encryption, which makes it more likely that service providers will start outsourcing their DNS.

"DNSSEC does have a certain degree of complexity, and it will be harder for companies to manage DNS," said Ben Petro, senior vice president of network Intelligence and effectiveness at VeriSign. "We can reduce the burden of managing DNS for our businesses and make dnssec easier." ”

"The DNSSEC is very complex, and this Protocol does significantly improve security, but we found a lot of bad configurations in our test DNSSEC customers," said Sean Leach, chief technical officer of name.com (domain registrar). "I believe in the near future, Outsourcing DNS will be the first choice for most businesses. ”

VeriSign and Afilias will launch a cloud-based domain Name System

The company's official spokesman said they were developing cloud-based DNS services that would be sold directly to corporate customers. VeriSign hosts two clusters of 13 root domain server clusters in the Internet, and it is a registrar of. com and. NET domain names that operates a large global DNS infrastructure that the company hopes will attract corporate customers.

VeriSign is expanding its management DNS service for years through channel distributors, and is consolidating cloud-based DNS services with Distributed denial of service (DoS) with network Intelligence protection services.

"Managing the DNS market is very, very mature, because DNS is a very difficult service, it involves open source software and requires a lot of professional operations," says Petro, "running DNS involves network and load balancing, and we can save a lot of costs from that service." ”

At the same time, the DNS device vendor BlueCat Network and Afilis are also planning to launch a cloud-based DNS service that will be managed through its Proteus devices. Afilia is a provider of back-end registration services that provide. info and. org domain names, and will support DNS services in its global network.

BlueCat Official spokesman said they were trying to integrate with the Afilias API to provide a single interface for managing internal and external DNS services. BlueCat the new service into a Proteus cloud service.

"The problem we are trying to solve is how to improve the client's DNS," said John Kane, vice president of Afilias Enterprise Services. "We have a globally diverse anycast network that provides 100% uptime through our service level agreements, and we offer a variety of protection measures, And can avoid a single point of failure. ”

Kane says the Afilias network provides an advantage for businesses to run multiple types of DNS software and multiple-brand routers.

"We have a very flexible DNS network that allows BlueCat to use our APIs to build this functionality directly into their control panel, and then the customer has a seamless overall sense of the management platform," added Kane.

Dyn Increase IPV6 support

Managing DNS service Providers Dyn recently cooperated with NTT America to increase support for Ipv6, an upgrade to the Internet's main communications protocol.

Dyn has fully supported DNSSEC since 2009, providing its customers with a dynect platform for the front of different areas and automated key management. Dyn Official spokesman said DNSSEC and Ipv6 have added to the complexities of DNS, making outsourcing more appealing.

"From a network load point of view, DNSSEC adds encryption to DNS, and encryption requires more bandwidth because it needs to send more bytes," said Tom Daly, Dyn's chief technology officer, "and Ipv6 makes DNS communications even bigger, Increase the IP payload header from 32 bits to 128 bits. ”

As both DNSSEC and Ipv6 have added to the complexities of DNS, DYN outsourcing customers have expanded to 500, including Twitter, Netflix and Zappos.

"We see more and more people starting to choose to manage DNS, as their site status is upgraded," Daly said, "They've outsourced web hosting services and now they're going to need someone to help them run DNS." ”

Ultradns is ahead of the DNS outsourcing market

Ultradns (Neustar's branch) is an absolute leader in the outsourcing of the DNS market, which has benefited more than $100 million trillion this year from its management of the DNS business, up 16% per cent from the same period last year.

A spokesman for Ultradns said they wanted more companies to choose to outsource DNS, not just because of the complexity of DNSSEC, but because of the wide range of security concerns.

"Most of our energy is now on security," says Rodney Joffe, founder and chairman of Ultradns Inc., "It's not just a question of having a DNS infrastructure, it's a question of how to help customers defend themselves against security threats." ”

"We use sensors to determine the source of an attack and how it is attacked, and what type of vulnerability the attacker exploits," Joffe said. "The common enterprise does not even consider how their distance is handled on the Internet for the DNS infrastructure." I believe there will be a proliferation of outsourced DNS, but this increase is due to security considerations, not because of DNSSEC. ”