|
DNSSEC by NamesBeyond. |
One-Click Management, Trouble-Free DNSSEC Deployment for the .ORG Zone |
NamesBeyond is proud to be the first DNSSEC enabled gTLD registrar in today's domain market. As an early adopter of DNSSEC technology, NamesBeyond has deployed DNSSEC technology first for the .ORG zone. If you are interested in getting your .org zone signed, pre-register here.
NamesBeyond now has embedded support for DNSSEC. This allows you to upgrade the security of your DNS deployment. The US Office of Management and Budget (OMB) has mandated the use of DNSSEC by US government agencies before the end of 2009. NamesBeyond has extensive DNSSEC expertise and is available to our customers and prospects to define and implement plans for deploying this critical technology.
Using BIND 9.5.0 Release 29.P2.fc8 with NSEC support, NamesBeyond´s DNSSEC implementation allows customers to sign their zones using an intuitive control panel, and delivers automated key generation and management. |
| Convenient DNSSEC management and configuration |
NamesBeyond provides a control panel interface which allows for simple configuration of all DNSSEC parameters. Using this system, customers can configure DNSSEC parameters such as Key type, size, validity period, and NSEC parameters.
Importing trust anchors, adding DNSSEC records, configuring external nameservers and enabling validation of DNSSEC for an external zone is also an easy task in the NamesBeyond interface.
Zones can be signed with a single click; we generate keys automatically and sign all records. The associated DNSSEC keys and records are automatically created and signed. Zones, once signed, are managed and maintained by NamesBeyond, including ZSK expiration and resigning at regular intervals.
NamesBeyond supports the following record types: DNSKEY, RRSIG, DS, NSEC. New zone signing keys are generated in our system before the current keys expire, and rolled over without any disruption to the signed zone.
|
| Background |
DNSSEC(short for DNS Security Extensions) adds security to the Domain name system. Web sites that are signed using DNSSEC cannot be hijacked once a user decides to visit the web site.
DNSSEC enhances web site protection for domain name owners, and also protects your email from being redirected after transmission has begun.
DNSSEC is different from SSL (Secure Certificates) in the following ways:
- SSL provides encryption of web site contents, but ONLY after users have arrived at your web site.
- DNSSEC ensures that no one else can hijack your visitor once they have typed in your web site address in the browser. They cannot be redirected without their knowledge to a spurious web site.
- NamesBeyond offers both SSL and DNSSEC to customers.
DNSSEC provides a form of signed verification for DNS information, which is intended to assure DNS authenticity. What does this mean?
Let´s assume your ISP is hacked, and someone tries to hijack your web site visits or eavesdrop on your visit to a website. If the website you are visiting is not signed with DNSSEC, then your computer does not know whether it is going to the "authentic" site or a fake site. If the website (and domain name) are signed with DNSSEC, then it can make out the difference between a hacked and an unhacked DNS request.
Without DNSSEC, DNS server traffic could be hijacked in a cache poisoning attack redirecting users to arbitrary addresses without user´s knowledge.
NamesBeyond is the very first domain name registrar worldwide to work with the .org registry in providing DNSSEC services. We will post as much information as possible in this site to guide and inform our customers and DNSSEC users.
For more information on DNSSEC please go through the NamesBeyond Frequently Asked Questions(FAQ), technical guide, presentations etc.
© 2009 NamesBeyond. All rights reserved. All registered trademarks are property of their respective owners.
|
|
