VERISIGN’S ROLE IN DNSSEC

Verisign is committed to serving as a trusted steward of the Internet. As the registry for .com and .net and a provider of critical internet infrastructure services, our goal is to enable the internet’s future innovations while protecting the internet community from new and emerging cyber threats. Our work on DNSSEC is another step in our ongoing fortification of, and investment in, critical internet infrastructure.


Verisign has been involved in DNSSEC development since 2000, and our engineers played a leading role in the development of the DNSSEC Hashed Authenticated Denial of Existence (NSEC3) protocol. As DNSSEC testing, implementation and adoption move forward, we continue to collaborate with the internet technical community and participate in industry organisations such as the DNSSEC Coalition.

To assist with understanding the implications of a DNSSEC-enabled environment, Verisign deployed a DNSSEC Interoperability Lab. The Interoperability Lab was a standalone environment with a suite of more than 8,000 test cases and allowed members of the IT community to test the compatibility of their internet and business infrastructure components with DNSSEC.

In July 2010, Verisign - working with the Internet Assigned Numbers Authority (IANA) and the US Department of Commerce (DoC) - completed deployment of DNSSEC in the root zone (the starting point of the DNS hierarchy). Verisign also enabled DNSSEC on .edu in July in collaboration with EDUCAUSE and the DoC, on .net in December 2010 and on .com in March 2011. In addition, a number of top-level domains (TLDs) have been signed by other registries, including .gov and .org, and country code TLD names for Brazil, Bulgaria, Czech Republic, Puerto Rico and Sweden.

In addition, we are taking many steps to help members of the internet ecosystem take advantage of DNSSEC. These steps include publishing technical resources, providing an Operational Test Environment, leading educational sessions, participating in industry forums and developing tools to simplify DNSSEC management.

NEED MORE INFO?