VeriSign Updates on Deployment of DNSSEC

The registry operator is on schedule with its rollout of DNSSEC on the top-level domain servers that it operates.

By Enterprise Networking Planet Staff | Posted Mar 3, 2010
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

According to VeriSign, there has been no serious problems with its ongoing deployment of DNS Security Extensions (DNSSEC) on the Internet's root servers and on the top-level domain servers that it operates. According to the report on Network World, VeriSign says the only difficulty with its DNSSEC deployments was on some legacy hardware and software such as firewalls and load balancers that can't handle the larger packets that are sent with DNSSEC.


"The only difficulty that VeriSign has run into with its DNSSEC deployments is that some legacy hardware and software such as firewalls and load balancers can't handle the larger packets that are sent with DNSSEC.

"'DNSSEC-enabled traffic is slightly different than the DNS traffic we've had in the past. The packets are larger…Based on anecdotal information, there are some pieces of equipment that have issues with this,' Larson says, pointing out that some network gear has default configurations limiting DNS packets to 512 bytes whereas DNSSEC packets can be as large as 4KB."

Read the Full Story at Network World

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter