Close-up of a circuit board with glowing orange and blue pathways.

The 2024-2026 Root Zone KSK Rollover: Initial Observations and Early Trends

March 19, 2025 • By Duane Wessels • Security

On Jan. 11, 2025, Verisign supported the Internet Corporation for Assigned Names and Numbers (ICANN) in taking a major step to ensure the continued security, stability, and resiliency of the Domain Name System (DNS). While imperceptible to most users, this action – specifically, the introduction of a new Domain Name System Security Extensions (DNSSEC) Key Signing Key (KSK) in the root zone – is the next step of a multi-year-long process to change, or “roll,” the cryptographic key that secures the root of the DNS. In this blog post, we’ll go into more detail about what this means and what observations we can make about the new key, which we refer to as “KSK-2024.”¹

(more…)

Verisign and ICANN Renew Root Zone Maintainer Service Agreement

October 22, 2024 • By Pat Kane • Security

On October 20th, ICANN and Verisign renewed the agreement under which Verisign will continue to act as Root Zone Maintainer for the Domain Name System (DNS) for another 8-year term. The Root Zone sits atop the hierarchical architecture of the DNS and is essential to virtually all internet navigation, acting as the dynamic, cryptographically secure, global directory of all top-level domains that exist in the DNS. The Root Zone Maintainer is a unique role that ensures the cryptographic signing and publication of the Root Zone no less than once a day, without which, navigation on the internet would be impossible.

(more…)

Blue abstract lines and dots on a dark blue gradient background.

The Verisign Shared Registration System: A 25-Year Retrospective

June 3, 2024 • By Scott Hollenbeck • Security

Every day, there are tens of thousands of domain names registered across the globe – often as a key first step in creating a unique online presence. Making that experience possible for Verisign-operated top-level domains (TLDs) like .com and .net is a powerful and flexible technology platform first introduced 25 years ago.

Thanks to the Shared Registration System (SRS) – a hardware and software system conceptualized, designed, and launched by our teams 25 years ago – we’re able to successfully manage relationships with approximately 2,000 ICANN-accredited registrars who generally submit more than 100 million domain name transactions daily. Over the past quarter century, the SRS has thrived and grown with the global internet, in large part because we’ve continuously scaled and evolved the technology to meet exponentially increasing global demand, and a rapidly changing cyberthreat landscape.

(more…)

A digital blue tree on a gradient blue background.

Verisign Provides Open Source Implementation of Merkle Tree Ladder Mode

January 4, 2024 • By Burt Kaliski • Security

The quantum computing era is coming, and it will change everything about how the world connects online. While quantum computing will yield tremendous benefits, it will also create new risks, so it’s essential that we prepare our critical internet infrastructure for what’s to come. That’s why we’re so pleased to share our latest efforts in this area, including technology that we’re making available as an open source implementation to help internet operators worldwide prepare.

(more…)

Photographs of three Hispanic Verisign employees on a dark purple background.

Verisign Celebrates Hispanic Heritage Month

September 22, 2023 • By Ellen Petrocci • Security

Celebrating National Hispanic Heritage Month reminds us how the wide range of perspectives and experiences among our employees makes us stronger both as a company and as a steward of the internet. In honor of this month, we are proud to recognize the stories of three of our Hispanic employees, and the positive impact they make at Verisign.

(more…)

abstract blue data stream on black background

Verisign Will Help Strengthen Security with DNSSEC Algorithm Update

August 10, 2023 • By Duane Wessels • Security

As part of Verisign’s ongoing effort to make global internet infrastructure more secure, stable, and resilient, we will soon make an important technology update to how we protect the top-level domains (TLDs) we operate. The vast majority of internet users won’t notice any difference, but the update will support enhanced security for several Verisign-operated TLDs and pave the way for broader adoption and the next era of Domain Name System (DNS) security measures.

(more…)

binary digits on a gradient blue background

Next Steps in Preparing for Post-Quantum DNSSEC

July 20, 2023 • By Burt Kaliski • Security

In 2021, we discussed a potential future shift from established public-key algorithms to so-called “post-quantum” algorithms, which may help protect sensitive information after the advent of quantum computers. We also shared some of our initial research on how to apply these algorithms to the Domain Name System Security Extensions, or DNSSEC. In the time since that blog post, we’ve continued to explore ways to address the potential operational impact of post-quantum algorithms on DNSSEC, while also closely tracking industry research and advances in this area.

(more…)

Building a More Secure Routing System: Verisign’s Path to RPKI

June 5, 2023 • By Verisign • Security

This blog was co-authored by Verisign Distinguished Engineer Mike Hollyman and Verisign Director – Engineering Hasan Siddique. It is based on a lightning talk they gave at NANOG 87 in February 2023, the slides from which are available on the NANOG website.

At Verisign, we believe that continuous improvements to the safety and security of the global routing system are critical for the reliability of the internet. As such, we’ve recently embarked on a path to implement Resource Public Key Infrastructure (RPKI) within our technology ecosystem as a step toward building a more secure routing system. In this blog, we share our ongoing journey toward RPKI adoption and the lessons we’ve learned as an operator of critical internet infrastructure.

(more…)

Verisign Honors Vets in Technology For Military Appreciation Month

May 4, 2023 • By Ellen Petrocci • Security

For Murray Green, working for a company that is a steward of critical internet infrastructure is a mission that he can get behind. Green, a senior engineering manager at Verisign, is a U.S. Army veteran who served during Operation Desert Storm and sees stewardship as a lifelong mission. In both roles, he has stayed focused on the success of the mission and cultivating great teamwork.

Teamwork is something that Laura Street, a software engineer and U.S. Air Force veteran, came to appreciate through her military service. It was then that she learned to appreciate how people from different backgrounds can work together on missions by finding their commonalities.

(more…)

Adding ZONEMD Protections to the Root Zone

April 18, 2023 • By Duane Wessels • Security

The Domain Name System (DNS) root zone will soon be getting a new record type, called ZONEMD, to further ensure the security, stability, and resiliency of the global DNS in the face of emerging new approaches to DNS operation. While this change will be unnoticeable for the vast majority of DNS operators (such as registrars, internet service providers, and organizations), it provides a valuable additional layer of cryptographic security to ensure the reliability of root zone data.

In this blog, we’ll discuss these new proposals, as well as ZONEMD. We’ll share deployment plans, how they may affect certain users, and what DNS operators need to be aware of beforehand to ensure little-to-no disruptions.

(more…)

Browsing Category

Security