|
DNS protocol is not secure by architecture. This makes it vulnerable to man-in-the-middle, DNS cache poisoning
and other similar forms of malicious attacks. DNS Security Extension (DNSSEC) is a protocol designed to make DNS more secure. By
allowing end-users to verify that the DNS data received has in fact originated from a trusted DNS server, it ensures that the DNS
data has not been tampered with while travelling through the network. DNSSEC functions by requiring the DNS zone data to be signed
in order to assure the authenticity of the name resolution process.
DNSSEC deployments have been gaining momentum during the last number of years. The Root Zone was signed on 15 July 2010, and a number of country-code Top Level Domains (ccTLD) as well as generic Top Level Domains (gTLD) have decided or are planning to follow the lead. Various governments have also been extremely supportive of DNNSSEC adaptation. While enabling DNSSEC support in recursive DNS servers is relative straightforward, introducing full support requires all authoritative zones to be signed regularly. In practice, by signing a zone, the number of resource records increases by a multiple of five. Given the increased complexity and workload, organizations implementing DNSSEC support in their networks need tools and utilities that automate the zone management process. Having introduced DNSSEC support in its DND, DHCP and IPAM (DDI) product portfolio as early as 2008, Nixu DDI has been run in DNSSEC-enabled production environments since 2009, automating the signing process so that no additional work is required in DNSSEC-enabled environments. |
A Process that Should be Automated 
Advantages of Deploying DNSSEC
|
|
|
What differentiates our products? | Nixu DDI Product Portfolio |
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
