Three key network management software suppliers, Infoblox, Arbor Networks and RioRey (News - Alert), have joined a growing movement of companies for verifying technologies with Verisign. In essence, Verisign has now deployed Domain Name System Security Extensions (DNSSEC) in .net zone. And Infoblox, Arbor Networks and RioRey have completed testing of their technology solutions in the Verisign DNSSEC Interoperability Lab.

DNSSEC helps protect the Domain Name System (DNS) against so-called “cache poisoning” or “man-in-the-middle” attacks by allowing DNS data to be digitally signed and authenticated. These digital signatures authenticate the origin of the data and verify its integrity as it moves throughout the Internet. At the self-contained Verisign DNSSEC Interoperability Lab facility in Dulles, Va., a wide-range of network management software solutions undergo a battery of tests to review how equipment will interoperate in a DNSSEC-enabled environment. Verisign conducts the tests free of charge to encourage use of the service and pave the way for broader DNSSEC adoption.

In fact, Arbor Networks, Infoblox (News - Alert) and RioRey join a growing number of organizations, including A10 Networks, Brocade, Cisco Systems and Juniper Networks, that have taken advantage of the opportunity to verify their solutions at Verisign's DNSSEC Interoperability Lab. By examining their interoperability with DNSSEC, these companies are participating in the shared effort needed to ensure a measured and deliberate implementation of the security extensions worldwide, said Verisign.

In a statement, Nitin Mehrotra, CTO at RioRey, a provider of dedicated platforms for DDoS defense, said “As a company whose key focus is to detect and mitigate Distributed Denial of Service (DDoS) attacks, RioRey understands that DNS is essential to the Internet’s framework of trust.”

He added, “We knew it was critical to ensure that our solutions were interoperable with DNSSEC by taking advantage of Verisign’s robust testing environment, and we would strongly urge all other Internet stakeholders to do likewise.”

Similarly, Cricket Liu, vice president of architecture and technology at Infoblox, said “Systemic vulnerabilities to the DNS, such as cache poisoning, represent a significant threat to e-commerce, online banking, email communications, customer service and even government secrets. That’s why a successful implementation of DNSSEC is vital, as is the need for the Internet community at large to verify that their solutions are compatible with DNSSEC. On that front, the Verisign DNSSEC Interoperability Lab has proven indispensable.”

Arbor Networks chief technology officer Rob Malan also expressed his view on this development. He said, “Arbor’s customers make up the vast majority of the world’s ISPs and many of the largest hosting and data centers operators. This is a critical issue for our customers. Cache poisoning attacks can occur when hackers corrupt DNS data stored on recursive servers to redirect queries to malicious sites. With DNSSEC, a hacker’s ability to poison the cache is eliminated for the zones that are signed and the resolvers that are validating signed records.”

DNSSEC testing is growing ever more crucial as the global roll-out of the security extensions continues. DNSSEC was deployed in the DNS root zone in July and in the .net domain earlier this month. Meanwhile, plans call for Verisign to the .com domain by the end of the first quarter 2011.

In addition to operating the DNSSEC Interoperability Lab, Verisign has rolled out a program to ease DNSSEC deployment and adoption for a wide range of Internet stakeholders. Over the past several months, Verisign has published technical resources, led educational sessions, participated in industry forums and developed tools designed to simplify DNSSEC management.

More information on Verisign’s DNSSEC plans is available at http://www.Verisign.com/dnssec.