F5 and Infoblox Integrate DNS security with server load balancing

F5 and Infoblox have combined to develop a product that combines DNSSEC and global server load balancing


F5 Networks and Infoblox have teamed up to develop what they claim is the first product that combines DNS Security Extensions (DNSSEC) management capabilities with server load balancing.

Infoblox and F5 said they have integrated their network appliances to make it easier for corporations to deploy DNSSEC on their websites.

Infoblox has built-in DNSSEC features in its DNS appliances, while F5's BIG-IP Global Traffic Manager offers hardware acceleration features for real-time signing of DNSSEC signature queries. Now F5 applicances can be used to load balance several Infoblox appliances to support real-time DNSSEC services.

DNSSEC is an Internet standard that prevents spoofing attacks by allowing websites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. It  is being deployed across the Internet infrastructure, from the root servers at the top of the DNS heirarchy to the servers that run .com and .net and other top-level domains, and then down to the servers that cache content for individual websites.

"The static way, the pre-signed way, that Infoblox or anybody else does DNSSEC today does not work with a dynamic, distributed environment, where you might have one mail server in Seattle and one in Washington, DC, and you're using global server load balancing to direct the user to the appropriate mail server," said Eric Giesa, F5 vice president of product management and marketing. "Because we do the real-time signing, it can be done."

F5 said the combination of the two companies' products should remove a barrier to DNSSEC adoption that has tripped up many large enterprises, including US government agencies who missed a 2009 deadline to deploy DNSSEC. An EU study last year found that many European organisations were wary of the technology too.

"The vast majority of our beta customers that have implemented this solution are government agencies," Giesa says. "We've finally removed all the barriers to DNSSEC adoption, so [agencies] no longer have an excuse."

"Recommended For You"

ICANN, Verisign put DNSSEC in Internet root New open-source DNS server released