Sandia Labs touts DNSSEC tool

Seeking funding, partners to take DNS security visualization tool to next level

Sandia National Laboratories is touting a free Web-based visualization tool called DNSViz to help domain name registrars, government organizations and others rolling out DNS Security to better manage the technology that federal entities have been mandated to employ. DNSSEC for the .com domain was also enabled last year, with big registrars like jumping on board.

Sandia computer scientist Casey Deccio says in a statement: “DNSSEC is hard to configure correctly and has to undergo regular maintenance. It adds a great deal of complexity to IT systems, and if configured improperly or deployed onto servers that aren’t fully compatible, it keeps users from accessing .gov sites. They just get error responses.” (See more from Deccio in the video below)


Sandia Labs is looking for funding and partners to extend the tool, such as by enabling historical analysis to improve monitoring. Deccio envisions DNSViz becoming available as open source software, though currently it's accessible only via the Web interface.

As colleague Carolyn Duffy Marsan writes, "DNSSEC is an emerging Internet standard that allows Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. DNSSEC prevents Kaminsky-style attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing"

Comcast this week said it is the first large ISP serving North America to have rolled out DNSSEC across its network.

Follow Bob on Twitter at

Copyright © 2012 IDG Communications, Inc.

The 10 most powerful companies in enterprise networking 2022