As the Internet continues to expand, we are committed to creating and driving advancements that keep the Internet fast, safe and reliable for all users.
Interoperability Lab
Verisign has established the Domain Name System Security Extension (DNSSEC) Interoperability Lab to allow vendors and other members of the IT community to test compatibility of their Internet and enterprise infrastructure components with DNSSEC. Located in Dulles, Virginia, the Lab is a standalone environment with a suite of more than 8,000 test cases. The tests evaluate systems using a battery of DNS queries and responses both with and without DNSSEC. The Lab does not conduct performance or stress testing and does not certify solutions for DNSSEC interoperability.
The Interoperability Lab provides a quick but comprehensive view of how your equipment will interact in a DNSSEC-enabled environment. The Lab is available free of charge to interested members of the Internet community.
Using the test facility, hardware vendors and software developers may determine what impact, if any, DNSSEC will have on the equipment and solutions they offer. Registrars and ISPs can use the Lab to determine how their existing infrastructure components behave in a DNSSEC-enabled environment. In doing so, the IT community will be better equipped to successfully implement DNSSEC.
Potential Compatibility Issues
Because DNSSEC packets can potentially be larger than traditional DNS packets and contain additional cryptographic information (such as public keys and digital signatures), network components like routers, load balancers and firewalls may not handle DNSSEC requests and responses correctly. Compatibility issues may arise from the hardware itself or from how users have configured it.
In addition, some name server software - including legacy versions of BIND - are incompatible with DNSSEC. Even if name server software is DNSSEC-compatible, the size and structure of DNSSEC packets may increase a server’s resource usage and impact performance. Larger packets, for example, will increase capacity requirements for the CPU, server memory and bandwidth for ISP operation.
DNSSEC incompatibility issues can potentially disrupt business operations, destroy user trust and compromise brand reputation by preventing Internet access and causing other DNS communication failures in the Internet infrastructure, enterprise computing environments, or small businesses and home offices.
DNSSEC Leadership
A10 Networks, Bluecat Systems, Brocade Networks, Cisco Systems, Juniper Networks and other members of the Internet community are working collaboratively with Verisign to ensure the successful implementation of DNSSEC. These industry leaders have been using the Interoperability Lab to evaluate system interoperability and make sure they are ready for DNSSEC.
If you would like more information about our DNSSEC Interoperability Lab, please contact us.