Freely subscribe to our NEWSLETTER

DNS allows the names of web servers, email addresses and VPNs to be mapped to server IP addresses. The DNSSEC specification enables the owners of these services to sign their domain name records and provide proof of the integrity and validity of their IP addresses. DNSSEC uses strong public key cryptography to significantly reduce the risk of an attacker spoofing DNS records and re-directing traffic to a server they control. Like any Public Key Infrastructure (PKI) based application, DNSSEC relies on the integrity of the private keys that underpin this process. The fact that domain name servers are typically deployed in hostile network environments with internet connectivity underscores how critical it is to protect these private keys throughout their lifecycle.

The Infoblox DNSSEC-enabled platform helps simplify IP address management (IPAM), increases reliability of DNS and IP address assignment (DHCP) services, and helps automate many manual and often error-prone network infrastructure related tasks. Infoblox IPAM solutions are designed to deliver highly reliable, manageable and secure DNS services with built-in, automated DNSSEC features, now including support for Thales-secured DNSSEC key generation. The combination simplifies deployment and management by saving significant administrative overhead and reducing repetitive, time-sensitive operations required to maintain DNSSEC.

When Infoblox systems are used together with a Thales nShield hardware security module (HSM), all cryptographic processing and protection of the critically important signing keys used to validate the integrity of DNSSEC-protected records occurs inside a FIPS 140-2 level 3 certified hardware platform. This significantly reduces vulnerability to cache poisoning, man-in-the-middle and other related cyber attacks.