Nominum simplifes DNSSec roll-outs

Users that implement DNSSec manually run the risk of removing their domain from the internet

Domain name system (DNS) server vendor Nominum today launched new software for its server products designed to simplify and speed up the DNSSec roll-out, which many believe is vital to the future security of the internet's underlying infrastructure.

The DNSSec protocol has been around for several years, but take-up has been slow due to its complexity, despite being identified as the only practical long-term solution for eliminating the so-called Kaminsky flaw that was found in the DNS.

The new capabilities are built into Nominum's ANS and ANSP authoritative DNS servers and Vantio caching DNS servers, and have been designed to remove traditional barriers to the deployment of DNSSec.

These include automating vital DNSSec processes such as the signing and ongoing management of cryptographic keys which turn a DNS record into a DNSSec record, explained Nominum's director of product marketing, Bruce van Nice.

The benefits include "reducing operational overheads and removing the risk of error" which could lead to entire sites and domains disappearing from the internet, according to van Nice.

"There is a tremendous amount of momentum now around deployment, but everyone's experience is that DNSSec is such a horribly complex protocol. The new steps needed to get from a DNS to a DNSSec record are not familiar to DNS groups in any business," he added.

"We're integrating all DNSSec functionality into our software so you can get it all in one place, and what previously took multiple steps is now automated."

Nominum is also offering the new capabilities as part of its Skye cloud-based services.