Dyn Inc. makes the Internet a more reliable and secure place with its first-to-market security measures
MANCHESTER, NH – Dyn, a leading DNS provider based in Manchester, NH has become the first managed DNS provider to offer DNS Security Extensions (DNSSEC) to its clients on the DynECT Platform. DNSSEC is a new technology that secures the critical Domain Name System (DNS) and is designed to protect the Internet from certain types of malicious attacks. The DynECT Platform powers several hundred enterprises’ DNS and more than fifteen Top Level Domain (TLDs) names. This is one of several efforts the company is involved with to facilitate the DNSSEC adoption and to continue to push the importance of rock-solid DNS services further into the market.
The DynECT Platform allows customers to turn on DNSSEC with a single mouse click. Once activated, Dyn assumes responsibility for the complex steps of generating, maintaining, and rolling of the secure cryptographic keys used in DNSSEC. A coming upgrade will also automatically send this key information to the Internet Systems Consortium DNSSEC Look-aside Validation (ISC DLV) Registry, which is becoming an authoritative registry for secure domains until TLD adoption occurs. As an example, dyn-dnssec.org has been set up as a DNSSEC domain with DLV.
“While other providers are full of chatter announcing proprietary stop-gap and temporary solutions, we have chosen to be an early adopter of DNSSEC, the real solution to DNS cache poisoning attacks. By enabling our customers to sign their domains and participate in DLV, we are speeding along the adoption of DNSSEC at an accelerated pace. By the time other providers do the same, we’ll have years of operational experience with DNSSEC, as we already do, and will have a distinct advantage over other DNS service providers,” said Tom Daly, CTO of Dyn.
Dyn Inc. plans to enable DNSSEC for its registrar customers on DynDNS.com in the near future, with the challenge of securely transmitting DNSSEC key information to TLDs as a next step. The Public Interest Registry (PIR) and its subcontractor Afilias (the registry operator and technical provider of .org), through the efforts of the DNSSEC Coalition, have put a DNSSEC registry testbed in production for providers like Dyn to test.
“We’re just waiting until the registry accepts DNSSEC keys and we can turn it on for our users,” added Daly.
Still true to its community roots, Dyn is donating server capacity by hosting the Internet Assigned Numbers Authority (IANA) DNSSEC testbed service on the company’s globally Anycast DNS server network.
“Since the Kaminsky attack was disclosed in the summer of 2008, the DNS system has become even more vulnerable. More sophisticated phishing attacks that are virtually impossible to trace are happening more frequently,” said Jeremy Hitchcock, CEO of Dyn. “By hosting this testbed for IANA, we are able to be involved and help push the adoption along.”
“We are really pushing the adoption of these technologies, perhaps faster than others are. As a savvy technical operator with the ability to understand the full benefits of DNSSEC, Dyn Inc. realizes that this is what our clients are looking for and we have a willingness to provide it,” added Hitchcock. “Twitter cares that when someone types in ‘twitter.com’, its micro-blogging site comes up. DNSSEC guarantees that will happen, where the current DNS system does not. We want to help sites like Twitter achieve this level of security and ensure that end users get secure and accurate DNS answers as well.”
Dyn is the registrar for over 50,000 domains, and provides DNS service to hundreds of thousands of domains. For more information on Dyn Inc. or its DNS products, please visit dyn.com.