Skip to content

Internet Infrastructure Leaders Join Movement of Companies Verifying their Technology for DNSSEC

Arbor Networks, Infoblox and RioRey Participate in Community Effort to Complete DNSSEC Testing Following .net Domain Signing

A trio of Internet infrastructure leaders joined a growing movement of companies testing their technologies with Verisign, (NASDAQ: VRSN) following a landmark achievement in Internet security. As Verisign has now deployed Domain Name System Security Extensions (DNSSEC) in .net—the largest-ever domain secured by the technology—Arbor Networks, Infoblox and RioRey, have completed testing of their technology solutions in the Verisign DNSSEC Interoperability Lab.

DNSSEC helps protect the Domain Name System (DNS) against so-called “cache poisoning” or “man-in-the-middle” attacks by allowing DNS data to be digitally signed and authenticated. These digital signatures authenticate the origin of the data and verify its integrity as it moves throughout the Internet. At the self-contained Verisign DNSSEC Interoperability Lab facility in Dulles, a wide-range of Internet infrastructure solutions undergo a battery of tests to review how equipment will interoperate in a DNSSEC-enabled environment. Verisign conducts the tests free of charge to encourage use of the service and pave the way for broader DNSSEC adoption.

Arbor Networks, Infoblox and RioRey join a growing number of organizations—including A10 Networks, Brocade, Cisco Systems and Juniper Networks—that have taken advantage of the opportunity to verify their solutions at Verisign’s DNSSEC Interoperability Lab. By examining their interoperability with DNSSEC, these companies are participating in the shared effort needed to ensure a measured and deliberate implementation of the security extensions worldwide.

“As a company whose key focus is to detect and mitigate Distributed Denial of Service (DDoS) attacks, RioRey understands that DNS is essential to the Internet’s framework of trust,” said Nitin Mehrotra, CTO at RioRey, Inc., a provider of dedicated platforms for DDoS defense. “We knew it was critical to ensure that our solutions were interoperable with DNSSEC by taking advantage of Verisign’s robust testing environment, and we would strongly urge all other Internet stakeholders to do likewise.”

“Systemic vulnerabilities to the DNS, such as cache poisoning, represent a significant threat to e-commerce, online banking, email communications, customer service and even government secrets,” said Cricket Liu, Vice President of Architecture and Technology at Infoblox, the leader in network infrastructure automation and control, including physical and virtual DNS, DHCP and IP Address Management platforms. “That’s why a successful implementation of DNSSEC is vital, as is the need for the Internet community at large to verify that their solutions are compatible with DNSSEC. On that front, the Verisign DNSSEC Interoperability Lab has proven indispensable.”

“Arbor Networks is very focused on the problem infrastructure security and DNS is obviously among the most critical elements of it,” said Rob Malan, Arbor Networks chief technology officer. “The Verisign DNSSEC Interoperability Lab allowed us to test our products to review compatibility with DNSSEC. Arbor’s customers make up the vast majority of the world’s ISPs and many of the largest hosting and data centers operators. This is a critical issue for our customers.” Cache poisoning attacks can occur when hackers corrupt DNS data stored on recursive servers to redirect queries to malicious sites. With DNSSEC, a hacker’s ability to poison the cache is eliminated for the zones that are signed and the resolvers that are validating signed records. The resulting digital signatures on that DNS data are validated by creating a “chain of trust” that starts with the public key, published in the root zone.

“DNSSEC will only be effective if it is implemented from end to end in an effort that is shared across the Internet,” said Pat Kane, Assistant General Manager of Naming Services at Verisign. “Now following the .net signing, Arbor Networks, Infoblox and RioRey are joining a critical group of forward-thinking Internet companies that are showing the leadership and initiative necessary to make this a truly successful community endeavor. We look forward to helping more Internet stakeholders test their solutions at the DNSSEC Interoperability Lab.”

DNSSEC testing is growing ever more crucial as the global roll-out of the security extensions continues. DNSSEC was deployed in the DNS root zone in July and in the .net domain earlier this month. Meanwhile, plans call for Verisign to the .com domain by the end of the first quarter 2011.

In addition to operating the DNSSEC Interoperability Lab, Verisign has rolled out a program to ease DNSSEC deployment and adoption for a wide range of Internet stakeholders. Over the past several months, Verisign has published technical resources, led educational sessions, participated in industry forums and developed tools designed to simplify DNSSEC management.

The company has also actively provided support to its network of registrars for DNSSEC implementation, and has provided a software development kit (SDK) and other tools, training, services and support. Verisign also plans to provide registrars with a DNSSEC signing and key management service around the signing

More information on Verisign’s DNSSEC plans is available here:

About Verisign

Verisign, Inc. (NASDAQ: VRSN) is the trusted provider of Internet infrastructure services for the networked world. Billions of times each day, Verisign enables companies and consumers all over the world to connect online with confidence. Additional news and information about the company is available at


Statements in this announcement other than historical data and information constitute forward-looking statements within the meaning of Section 27A of the Securities Act of 1933 as amended and Section 21E of the Securities Exchange Act of 1934 as amended. These statements involve risks and uncertainties that could cause Verisign’s actual results to differ materially from those stated or implied by such forward-looking statements. The potential risks and uncertainties include, among others, the uncertainty of future revenue and profitability and potential fluctuations in quarterly operating results due to such factors as increasing competition, pricing pressure from competing services offered at prices below our prices and changes in marketing practices including those of third-party registrars; the current global economic downturn; challenges to ongoing privatization of Internet administration; the outcome of legal or other challenges resulting from our activities or the activities of registrars or registrants; new or existing governmental laws and regulations; changes in customer behavior; the inability of Verisign to successfully develop and market new services; the uncertainty of whether our new services will achieve market acceptance or result in any revenues; system interruptions; security breaches; attacks on the Internet by hackers, viruses, or intentional acts of vandalism; and the uncertainty of whether Project Apollo will achieve its stated objectives. More information about potential factors that could affect the company’s business and financial results is included in Verisign’s filings with the Securities and Exchange Commission, including in the Company’s Annual Report on Form 10-K for the year ended December 31, 2009, Quarterly Reports on Form 10-Q and Current Reports on Form 8-K. Verisign undertakes no obligation to update any of the forward-looking statements after the date of this announcement.

©2010 Verisign, Inc. All rights reserved. Verisign, Verisign Trust, and other related trademarks, service marks, and designs are registered or unregistered trademarks of Verisign, Inc., or its affiliates or subsidiaries in the United States and other countries. All other trademarks are property of their respective owners.

Back To Top