Innovation

Domain Name System Security Extension (DNSSEC)

Authenticating the Internet from end-to-end

A Critical Component of the Internet Infrastructure

The Domain Name System (DNS), the Internet's addressing system, is the most critical component of the Internet infrastructure. Without it, the Internet could not function.

However, it was not designed with security in mind. As a result, it is vulnerable to man-in-the-middle (MITM) attacks and cache poisoning. These threats use forged data to redirect Internet traffic to fraudulent sites and unintended addresses.

Once an unsuspecting user or device reaches the fraudulent site, cyber criminals can potentially extract credit card data, steal user passwords, eavesdrop on voice over IP (VoIP) communications, plant malicious software or display images and text that defame the legitimate brand or provide misleading information. Given that a single DNS name server can act as the name-to-address resolution point for thousands of users, the potential impact of a MITM attack or cache poisoning can be considerable.

Verisign has been involved in DNSSEC development since 2000, and our engineers played a leading role in the development of the NSEC3 protocol. We continue to collaborate with the Internet technical community as DNSSEC testing, implementation and adoption move forward.

Verisign collaborates with tech community on DNSSEC test