Xerocole recently announced that Xerocole AnswerX, which is the DNS recursive resolver within the Xerocole DNS WorX platform, will now enable broadband network operators to support DNSSEC and DNS simultaneously.

Earlier this year, the FCC (News - Alert) had issued a report that recommends ISPs implement their DNS recursive name servers so that they are at a minimum DNSSEC-aware, at the earliest. However, the report also went on to caution that, “Like any significant new functionality, ISPs are well-advised to gradually enable DNSSEC validation in their networks. Simultaneously turning validation on for all users and on all servers would likely pose a significant operational risk. One challenge during the time when only some ISPs perform DNSSEC validation is that some domains may not properly sign their domain, may mismanage key rollovers, or may make other DNSSEC-related configuration errors. This will very likely render their domain unreachable via those ISPs that perform DNSSEC validation.”

In a statement, Rob Fleischman, CTO of Xerocole, said, “While DNSSEC is great for Internet security, its implementation can be complex and risky for Internet service providers. That’s because full DNSSEC support depends not only on a functional solution in a network operator’s own network, but also on correct behaviour from the authoritative DNS servers. Last year, a problem with the DNSSEC configuration at NASA.gov denied access to customers that were using DNSSEC – even though the website was operational and accessible to visitors that were not using DNSSEC. As a result, a carrier can be blamed by their customers for DNSSEC outages that are no fault of their own.”  

The AnswerX for Xerocole DNS WorX is available immediately from Xerocole. It is currently being priced on a subscription basis that offers 24/7 support on a per subscriber per year basis.