Every organization needs to assess its DNSSEC implementation drivers and readiness and develop a DNSSEC policy and implementation plan. Infoblox has extensive DNSSEC expertise and is available to our customers and prospects to define and implement plans for deploying this critical technology.
The latest shipping version of Infoblox NIOS software has built-in support for DNSSEC and allows you to become compliant with the OMB mandate - at no additional cost for current customers. Infoblox is the leader in Core Network Services appliances and in delivering DNSSEC capabilities.
Transparent to end users, DNSSEC by Infoblox can be configured with single clicks, and delivers automated, on-the-fly key generation and management using the latest technology and protocol features (BIND 9.6.1 with NSEC3 support).
Leverages Infoblox Grid Technology
By leveraging Infoblox Grid technology, management and configuration of
DNSSEC is easier and less costly than with overlay approaches and manual tools.
DNSSEC by Infoblox offers central configuration of all DNSSEC parameters, enforces standards by configuring DNSSEC parameters at a Grid level (default key type, size and validity period (based on NIST-800-81 and RFC 4641 standards) and includes NSEC and NSEC3 support.
Configuring a secondary and/or recursive name server for DNSSEC can be accomplished with a single click, including enabling sending DNSSEC records as a secondary, enabling validation of DNSSEC for an external zone and easy importing of trust anchors.
Any zone can be signed with a single click by using the “Sign Zone” toolbar button. Keys are generated on the fly and records are automatically signed; all associated DNSSEC records are auto-created. Signed zones are automatically maintained. All ZSK key expiration and resigning are handled automatically. When new records are added DNSSEC zones are automatically resigned.
Signed zones are then easily identifiable with the DNSSEC icon. DNSKEY, RRSIG, DS, NSEC, NSEC3, NSEC3PARAM record types are all supported. New zone signing keys are automatically generated before the current keys expire. Key rollover is transparent to the admin and admins are automatically notified in the GUI before keys expire.
Summary
While viewed for years by many as a complex solution in search of a problem, DNSSEC is poised for explosive growth as it represents the only viable technology that addresses the imminent threat of DNS cache poisoning. DNSSEC technology has been extensively reviewed and, with proper tools, can be deployed with minimal operational overhead. Several top level domains (TLDs) have been signed, including .gov and .org and the country level domains for 6 countries. The US Office of Management and Budget (OMB) has mandated the used of DNSSEC by US government agencies before the end of 2009. Notably, ICANN and Verisign have announced plans to sign the root zone by the end of 2009. Its clear that DNSSEC will move from the lab to extensive production deployment from the end of 2009 through 2010.
Every organization needs to assess its DNSSEC implementation drivers and readiness and develop a DNSSEC policy and implementation plan. Infoblox has extensive DNSSEC expertise and is available to our customers and prospects to define and implement plans for deploying this critical technology.
Click here to set up a sales briefing.
Disaster Recovery (DR)