DNSSEC is nothing new. The initial RFC was written in 1997 and the first specification was published in 1999. In spite of these efforts, secure DNS languished during the early 2000s as it wasn’t a requirement for most organizations.
Things have changed, however. DNS security has been called to question many times through cache poisoning attacks and the infamous Kaminsky vulnerability. To address these security weaknesses, DNSSEC efforts are underway. The DNS root servers have all been signed, as have the .gov and .edu Top Level Domains (TLDs). The other TLDs will be signed soon. These efforts will eventually establish a root/chain of trust for all sub-level DNS servers.
Yes, DNSSEC will take years before it is fully deployed, but the foundation is nearly in place. The U.S. federal government is leading the transition to DNSSEC, which means that federal system integrators and leading technology vendors will follow suit. In terms of the market at large, ESG believes that the transition to DNSSEC means:
This migration will mostly fly under the radar, but it will be a lucrative opportunity for smart vendors with the right products and services at the right time.
Related posts:
Tags: BIND, Bluecat, BT, DNSSEC, Infoblox, Microsoft, Neustar, Verisign
Name (required)
Mail (will not be published) (required)
Website
Your email: