abstract-technology-background

Building a More Secure Routing System: Verisign’s Path to RPKI

By Security

This blog was co-authored by Verisign Distinguished Engineer Mike Hollyman and Verisign Director – Engineering Hasan Siddique. It is based on a lightning talk they gave at NANOG 87 in February 2023, the slides from which are available on the NANOG website.

At Verisign, we believe that continuous improvements to the safety and security of the global routing system are critical for the reliability of the internet. As such, we’ve recently embarked on a path to implement Resource Public Key Infrastructure (RPKI) within our technology ecosystem as a step toward building a more secure routing system. In this blog, we share our ongoing journey toward RPKI adoption and the lessons we’ve learned as an operator of critical internet infrastructure.

(more…)
Verisign veterans american flag

Verisign Honors Vets in Technology For Military Appreciation Month

By Security

For Murray Green, working for a company that is a steward of critical internet infrastructure is a mission that he can get behind. Green, a senior engineering manager at Verisign, is a U.S. Army veteran who served during Operation Desert Storm and sees stewardship as a lifelong mission. In both roles, he has stayed focused on the success of the mission and cultivating great teamwork.

Teamwork is something that Laura Street, a software engineer and U.S. Air Force veteran, came to appreciate through her military service. It was then that she learned to appreciate how people from different backgrounds can work together on missions by finding their commonalities.

(more…)
blue-circuit-board

Adding ZONEMD Protections to the Root Zone

By Security

The Domain Name System (DNS) root zone will soon be getting a new record type, called ZONEMD, to further ensure the security, stability, and resiliency of the global DNS in the face of emerging new approaches to DNS operation. While this change will be unnoticeable for the vast majority of DNS operators (such as registrars, internet service providers, and organizations), it provides a valuable additional layer of cryptographic security to ensure the reliability of root zone data.

In this blog, we’ll discuss these new proposals, as well as ZONEMD. We’ll share deployment plans, how they may affect certain users, and what DNS operators need to be aware of beforehand to ensure little-to-no disruptions.

(more…)
green-and-yellow-web-circuit-board

Minimized DNS Resolution: Into the Penumbra

By Security

Over the past several years, domain name queries – a critical element of internet communication – have quietly become more secure, thanks, in large part, to a little-known set of technologies that are having a global impact. Verisign CTO Dr. Burt Kaliski covered these in a recent Internet Protocol Journal article, and I’m excited to share more about the role Verisign has performed in advancing this work and making one particular technology freely available worldwide.

(more…)
Verisign Logo

ICANN’s Accountability and Transparency – a Retrospective on the IANA Transition

By Security

As we passed five years since the Internet Assigned Numbers Authority transition took place, my co-authors and I paused to look back on this pivotal moment; to take stock of what we’ve learned and to re-examine some of the key events leading up to the transition and how careful planning ensured a successful transfer of IANA responsibilities from the United States Government to the Internet Corporation for Assigned Names and Numbers. I’ve excerpted the main themes from our work, which can be found in full on the Internet Governance Project blog.

(more…)
Mysterious DNS Root Query Traffic from a Large Cloud/DNS Operator

More Mysterious DNS Root Query Traffic from a Large Cloud/DNS Operator

By Security

This blog was also published by APNIC.

With so much traffic on the global internet day after day, it’s not always easy to spot the occasional irregularity. After all, there are numerous layers of complexity that go into the serving of webpages, with multiple companies, agencies and organizations each playing a role.

That’s why when something does catch our attention, it’s important that the various entities work together to explore the cause and, more importantly, try to identify whether it’s a malicious actor at work, a glitch in the process or maybe even something entirely intentional.

(more…)
colorful laptop

Routing Without Rumor: Securing the Internet’s Routing System

By Security

This article is based on a paper originally published as part of the Global Commission on the Stability of Cyberspace’s Cyberstability Paper Series, “New Conditions and Constellations in Cyber,” on Dec. 9, 2021.

The Domain Name System has provided the fundamental service of mapping internet names to addresses from almost the earliest days of the internet’s history. Billions of internet-connected devices use DNS continuously to look up Internet Protocol addresses of the named resources they want to connect to — for instance, a website such as blog.verisign.com. Once a device has the resource’s address, it can then communicate with the resource using the internet’s routing system.

Just as ensuring that DNS is secure, stable and resilient is a priority for Verisign, so is making sure that the routing system has these characteristics. Indeed, DNS itself depends on the internet’s routing system for its communications, so routing security is vital to DNS security too.

(more…)
Globe with caution signs

Observations on Resolver Behavior During DNS Outages

By Security

When an outage affects a component of the internet infrastructure, there can often be downstream ripple effects affecting other components or services, either directly or indirectly. We would like to share our observations of this impact in the case of two recent such outages, measured at various levels of the DNS hierarchy, and discuss the resultant increase in query volume due to the behavior of recursive resolvers.

(more…)