RSA '07 - VeriSign announces $100 million investment in DNS

Company officials say upgrade will make DNS better able to withstand Internet attacks like the one earlier this week.

VeriSign has announced a three-year, $100 million project to upgrade the servers and network infrastructure that power several critical components of the Internet’s Domain Name System, including the .com and .net registries and two root servers that it operates.

VeriSign has announced a three-year, $100 million project to upgrade the servers and network infrastructure that power several critical components of the Internet’s Domain Name System, including the .com and .net registries and two root servers that it operates.


See our compilation of stories from RSA.


VeriSign announced the initiative -- dubbed Project Titan – at the RSA Conference in San Francisco on Thursday.

Project Titan will allow VeriSign to increase the capacity of its share of the Internet’s DNS infrastructure 10-fold by the year 2010. The DNS is a global distributed database that matches domain names with corresponding IP addresses.

"The bottom line is that when the DNS doesn’t work, the Internet doesn’t work," says Ken Silva, CSO for VeriSign.

VeriSign executives said Project Titan will help make the DNS better able to withstand hacking attacks such as those that damaged three root servers earlier this week.

The upgrades also will allow the DNS to support myriad new applications that service providers and corporations are rolling out including VoIP, IPTV and fixed/mobile convergence.

"We are investing in the DNS infrastructure for the very reason that more and more people are migrating to IP," Silva says. "We are making significant investments to make the infrastructure more resilient for .com and .net as well as the root."

With its latest upgrades, VeriSign will add more DNS servers in locations around the world to improve the redundancy and reduce latency of this highly distributed system. VeriSign also will add monitoring and security systems to support continued growth in Internet traffic.

"Some of the investments we are making are migrating our services to data centers that have direct peering with carriers like Comcast, Verizon and some of the smaller carriers, so when attacks come we can have finer grained metering and controls," Silva explains. "Some is for R&D for servers to perform as much as 10 times better. Some is investing in processes to monitor and predict attacks in a better way."

VeriSign says it can now handle 400 billion queries a day on its share of the DNS and supports bandwidth of 20Gbps. When Project Titan is done, VeriSign will be able to support 4 trillion queries a day and bandwidth of 200Gbps.

The investment includes "over-provisioning, preparing for scaling. It’s lots of things that have to be done,’’ Silva says. ``It’s not something that comes for free."

VeriSign is under contract with the Internet Corporation for Assigned Names and Numbers to operate the .com registry until 2012 and the .net registry until 2011. VeriSign operates two of the 13 root servers – A and J – on a volunteer basis.

VeriSign recommends that other root server operators – including the U.S. Department of Defense, NASA Ames Research Center and the University of Maryland – upgrade their infrastructure, too.

"Others need to follow our lead," Silva says. "Internet usage is going to continue to grow, and it’s going to continue to place demands on the infrastructure…This cannot be run as a hobby. It cannot be shortchanged."

Silva says these kinds of Internet infrastructure investments will be more important with the advent of new applications such as streaming media.

"Windows Vista is the most connected operating system that we’ve seen," Silva says. "People are now going to be streaming information into their PCs. There will be a lot more RSS feeds. When machines are doing all of this for you, behind the scenes it’s going to generate hundreds or thousands of DNS queries."

VeriSign manages an average of 24 billion DNS queries a day. A DNS query occurs every time an Internet user clicks on a Web site, checks e-mail or their computer applications use the .com and .net infrastructures.

VeriSign will increase the number of locations where it houses its DNS servers from 20 to 100. VeriSign also is deploying additional network operations centers in the United States and Europe for traffic management and monitoring of cyberthreats.

Learn more about this topic

UPDATE: Lessons learned from Internet root server attack

02/08/07

Hackers slow Internet root servers with attack

02/07/07

VeriSign announces major initiative to strengthen and diversify its global internet infrastructure by 2010

RSA - Microsoft to push new anti-phishing technology

01/26/07

VeriSign embracing mobile content services

04/10/06

Join the Network World communities on Facebook and LinkedIn to comment on topics that are top of mind.

Copyright © 2007 IDG Communications, Inc.

IT Salary Survey: The results are in