VeriSign spreads the DNS risk
Published: 20 May 2005 16:05 BST
VeriSign plans to significantly increase the number of DNS servers it operates, a move it says will make a key part of the Internet's infrastructure more resilient to attack.
Over the next year, VeriSign aims to place additional replicas of one of its DNS root servers — kown as the 'J' — in up to 100 data centres around the world, said Aristotle Balogh, VeriSign's senior vice-president of operations and infrastructure.
The company runs two of the DNS root servers — the 'A' is the other — that form an essential part of the Internet's naming system.
Ultimately, VeriSign intends to have machines handling traffic sent to the 'J' DNS server in more than 200 additional locations, a shift from its original strategy of having a few servers in several data centres at key Internet hubs. The company currently runs 'J' replicas in 18 facilities, Balogh said at VeriSign's annual financial analyst event.
"This expansion provides redundancy and reliability, and specifically deals with the increasing attacks we have out there," he said.
The extra DNS servers could make the Internet infrastructure more resilient because even if some machines are offline for whatever reason others will still function.
VeriSign is not the only organisation to run DNS root servers on multiple systems. There are 13 official root servers, which are currently run on about 80 different physical servers, Balogh said.
"We are going to triple that," he added.
DNS servers are a critical part of Internet infrastructure. The servers translate text-based domain names, such as "zdnet.co.uk", into the actual numeric IP addresses, and vice versa. If part of the DNS system goes down, Web sites could become unreachable and email could become undeliverable.
VeriSign plans to use its expanded infrastructure not only for DNS, but also for its other services, such as SSL. This could make the Web-browsing experience faster, especially in the future, when certificate validations are likely to become more important, Balogh said.
"We will be closer to the user on the network, so it won't take as long to get a response," Balogh said. "I want to be less than 50ms away from 90 percent of the world's online users."
The new locations will be scattered around the world, in places including Cape Town; Hong Kong; Madrid; São Paulo; Taipei and Warsaw as well as in unspecified cities in the Middle East. Rather than filling an entire data centre or placing large servers in the new locations, VeriSign plans to fill only about half a standard server rack with hardware, Balogh said.
Did you find this article useful?
40 out of 81 people found this useful
Digg
Slashdot
Del.ici.ous
Stumble
Reddit
