March 01, 2010, 8:04 PM — F5 Networks and Infoblox announced on Monday what they claim is the first integrated solution that combines DNS Security Extensions key management and signing capabilities with global server load balancing to boost performance.
DNSSEC is an Internet standard that prevents spoofing attacks by allowing Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption.
DNSSEC is being deployed across the Internet infrastructure, from the root servers at the top of the DNS heirarchy to the servers that run .com and .net and other top-level domains, and then down to the servers that cache content for individual Web sites.
DNSSEC has been in the news in recent weeks, with Comcast being the first U.S. carrier to announce a public trial of its DNSSEC signing and resolution services.
Infoblox and F5 said they have integrated their network appliances to make it easier for corporations to deploy DNSSEC on their Web sites.
Infoblox has built-in DNSSEC features in its DNS appliances, while F5's BIG-IP Global Traffic Manager offers hardware acceleration features for real-time signing of DNSSEC signature queries. Now F5 applicances can be used to load balance several Infoblox appliances to support real-time DNSSEC services.
F5 executives said the integrated solution -- which features patent-pending software from F5 -- is ideal for organizations that need dynamic DNSSEC services.
"The static way, the pre-signed way, that Infoblox or anybody else does DNSSEC today does not work with a dynamic, distributed environment, where you might have one mail server in Seattle and one in Washington, D.C., and you're using global server load balancing to direct the user to the appropriate mail server," says Eric Giesa, F5 vice president of product management and marketing. "Because we do the real-time signing, it can be done."
F5 said the combination of the two companies' products should remove a barrier to DNSSEC adoption that has tripped up many large enterprises, including U.S. government agencies that missed a 2009 deadline to deploy DNSSEC.
"The vast majority of our beta customers that have implemented this solution are government agencies," Giesa says. "We've finally removed all the barriers to DNSSEC adoption, so [agencies] no longer have an excuse."
Read more about wide area network in Network World's Wide Area Network section.