RSA '07 - VeriSign announces $100 million investment in DNS

VeriSign has announced a three-year, $100 million project to upgrade the servers and network infrastructure that power several critical components of the Internet’s Domain Name System, including the .com and .net registries and two root servers that it operates.

See our compilation of stories from RSA.

VeriSign announced the initiative -- dubbed Project Titan – at the RSA Conference in San Francisco on Thursday.

Project Titan will allow VeriSign to increase the capacity of its share of the Internet’s DNS infrastructure 10-fold by the year 2010. The DNS is a global distributed database that matches domain names with corresponding IP addresses.

"The bottom line is that when the DNS doesn’t work, the Internet doesn’t work," says Ken Silva, CSO for VeriSign.

VeriSign executives said Project Titan will help make the DNS better able to withstand hacking attacks such as those that damaged three root servers earlier this week.

The upgrades also will allow the DNS to support myriad new applications that service providers and corporations are rolling out including VoIP, IPTV and fixed/mobile convergence.

"We are investing in the DNS infrastructure for the very reason that more and more people are migrating to IP," Silva says. "We are making significant investments to make the infrastructure more resilient for .com and .net as well as the root."

With its latest upgrades, VeriSign will add more DNS servers in locations around the world to improve the redundancy and reduce latency of this highly distributed system. VeriSign also will add monitoring and security systems to support continued growth in Internet traffic.

"Some of the investments we are making are migrating our services to data centers that have direct peering with carriers like Comcast, Verizon and some of the smaller carriers, so when attacks come we can have finer grained metering and controls," Silva explains. "Some is for R&D for servers to perform as much as 10 times better. Some is investing in processes to monitor and predict attacks in a better way."

VeriSign says it can now handle 400 billion queries a day on its share of the DNS and supports bandwidth of 20Gbps. When Project Titan is done, VeriSign will be able to support 4 trillion queries a day and bandwidth of 200Gbps.

The investment includes "over-provisioning, preparing for scaling. It’s lots of things that have to be done,’’ Silva says. ``It’s not something that comes for free."

VeriSign is under contract with the Internet Corporation for Assigned Names and Numbers to operate the .com registry until 2012 and the .net registry until 2011. VeriSign operates two of the 13 root servers – A and J – on a volunteer basis.

VeriSign recommends that other root server operators – including the U.S. Department of Defense, NASA Ames Research Center and the University of Maryland – upgrade their infrastructure, too.

"Others need to follow our lead," Silva says. "Internet usage is going to continue to grow, and it’s going to continue to place demands on the infrastructure…This cannot be run as a hobby. It cannot be shortchanged."