With more than 47 million domain names under management, GoDaddy has a huge DNS infrastructure that it has upgraded to support the emerging Internet security standard known as DNSSEC for DNS Security Extensions.
GoDaddy's year-long engineering effort to prepare for DNSSEC is significant given that the Internet's most popular domain -- .com - will support DNSSEC by the end of March, according to .com operator Verisign
DNSSEC is an emerging Internet standard that allows Web sites to verify their domain names and corresponding IP addresses using digital signatures and public-key encryption. DNSSEC prevents Kaminsky-style attacks, where traffic is redirected from a legitimate Web site to a fake one without the Web site operator or end user knowing.
The next major milestone for DNSSEC is for the security standard to be enabled on the .com domain, which has more than 80 million registered names out of a total of 205 million registered names across all top-level domains (TLD), according to statistics from February 2011.
The world's leading domain name registrar, GoDaddy supports DNSSEC for six top-level domains: .org, .net, .us, .biz, .eu and .se. GoDaddy will add DNSSEC support for .com next week, when Verisign offers this add-on security service.
"Because GoDaddy handles a third of all DNS requests in the world, we have to be careful with anything we do," says Rich Merdinger, senior director of domain registration services with GoDaddy. "We put in a lot of due diligence and a long implementation time" for DNSSEC.
GoDaddy offers DNSSEC as part of its new Premium DNS offering, which also includes DNS hosting and secondary DNS. Premium DNS costs $2.99 per month for five domain names.
GoDaddy engineers wrote their own software to support DNSSEC in the company's homegrown Web-based Domain Manager and Systems Manager platforms.
"We offer a one-click solution where we handle key management and key rollover behind the scenes for the user," Merdinger says.
GoDaddy ran a seven-month trial of DNSSEC for .org names from June 2010 until February 2011, when the company announced its commercial Premium DNS service.
"We started small for the power-user types that were hosting their own DNS," Merdinger says. "It was a very small group, and it was literally early adopters who had the wherewithal to generate their own keys with their domains. We had less than 300 people participate in the early adopter phase. They were IT professionals who were attempting to learn about DNSSEC in the practical, real world."
Sign up for Computerworld eNewsletters.