Verisign tries to secure DNS

NOTORIOUS DOMAIN REGISTRY Verisign has issued a call to arms for companies to signup to its DNSSEC lab in order to get it off the ground.

To do this Verisign has set up a lab where vendors can play God of the Internet in order to implement DNSSEC. Currently network giants Cisco and Juniper Networks are using the lab. DNSSEC is a set of specifications set out by the IETF to secure the existing DNS system. It is seen by many as a vital step in securing the Internet.

At the core of DNSSEC is the ability to verify the answers given by DNS servers. This should, in theory, make it harder for spoofing and poisoning attacks. The digital signing of answers mean that like SSL certificates for websites, it can be checked to see whether the DNS query has produced the legitimate answer.

Although the technology is similar in many ways to HTTPS, there are differences and arguments have raged about who will own the root certificates for the top level domains. This may go some way to explain why Verisign is trying to take the lead in DNSSEC, as it already runs the three most popular top level domains (TLDs) on the Net, .com, .net and .org, and a number of the root DNS servers. The chances are that whoever controls the TLD will also own the root certificates for the respective domains.

Aside from potential political problems, there are a number of technical issues that need to be resolved, chief among which is whether the system can actually scale to handle the Internet and the differing implementations of DNSSEC. To that end, Verisign's lab may help vendors work together and get the thing out the door.

Verisign has a chequered history with DNS. Most notably it generated mass condemnation through its Site Finder system that made money on misspellings of URLs. Verisign will be hoping that its investment will lead it to greater control over the inner workings of the Internet. µ