Infoblox For DNSSEC

Systemic vulnerabilities to cache poisoning have prompted the Internet community to begin widespread implementation of Domain Name System Security Extensions (DNSSEC). A successful DNS cache poisoning attack affects everything from e-commerce to online banking, from email communications to customer service, from encryption to government secrets.

DNSSEC is the only solution that solves the DNS cache poisoning security hole, conclusively. Many top-level zones, including .ARPA, .GOV and .ORG, as well as the root zone, have already been signed using DNSSEC. This new technological strategy allows appropriately configured name servers to validate answers cryptographically from these zones - effectively eliminating the possibility of cache poisoning. In the coming months, many additional zones will be signed, including .NET and .COM.

Now, every organisation needs to assess its DNSSEC implementation drivers and readiness, and develop a DNSSEC policy and implementation plan.

Infoblox automates and simplifies the deployment and management of DNSSEC. Using hardened appliances that run on patented Grid technology, DNSSEC from Infoblox reduces the risk of configuration errors, gives you an accelerated path to security and compliance, makes the cost of implementation and maintenance manageable and eliminates the risks of DNSSEC implementation.

DNSSEC by Infoblox offers central configuration of all DNSSEC parameters, enforces standards by configuring DNSSEC parameters at a Grid level (default key type, size and validity period & based on NIST-800-81 and RFC 4641 standards and includes NSEC and NSEC3 support).

Configuring a secondary and/or recursive name server for DNSSEC can be accomplished with a single click, including enabling sending DNSSEC records as a secondary, enabling validation of DNSSEC for an external zone and easy importing of trust anchors.

Infoblox Features:

  • Configure all DNSSEC parameters graphically, in one place
  • Built-in defaults according to NIST 800-81 ease configuration
  • Supports NSEC3
  • One-click zone signing
  • Automated re-signing of zone (after modifying zone data)
  • Automated roll-over of Zone-Signing Keys
  • Automated configuration of trust anchors for signed zones managed by the Infoblox Grid