NEWS VeriSign plans to significantly increase the number of DNS servers it operates, a move it says will make a key part of the internet's infrastructure more resilient to cyber attacks.
Over the next year, VeriSign aims to place additional replicas of one of its Domain Name System root servers - the 'J' - in up to 100 data centres around the world, said Aristotle Balogh, VeriSign's senior vice president of operations and infrastructure.
The company runs two of the DNS root servers - the 'A' is the other - that form an essential part of the internet's naming system.
Ultimately, VeriSign intends to have machines handling traffic sent to the 'J' DNS server in more than 200 additional locations, a shift from its original strategy of having a few servers in several data centres at key internet hubs. The company currently runs 'J' replicas in 18 facilities, Balogh said at VeriSign's annual financial analyst event.
"This expansion provides redundancy and reliability, and specifically deals with the increasing attacks we have out there," he said.
The extra DNS servers could make the internet infrastructure more resilient because even if some machines are downed by a hacker attack, for instance, others will still function.
VeriSign is not the only organisation to run DNS root servers on multiple systems. There are 13 official root servers, which are currently run on about 80 different physical servers, Balogh said.
"We are going to triple that," he added.
DNS servers are a critical part of internet infrastructure. The servers translate text-based domain names, such as "News.com", into the actual numeric IP addresses of servers connected to the internet, and vice versa. If part of the DNS system goes down, websites could become unreachable and email could become undeliverable.
VeriSign plans to use its expanded infrastructure not only for DNS, but also for its other services, such as SSL (Secure Sockets Layer) certificate verification - commonly used in online commerce to secure transactions. This could make the web-browsing experience faster, especially in the future, when certificate validations are likely to become more important, Balogh said.
"We will be closer to the user on the network, so it won't take as long to get a response," Balogh said. "I want to be less than 50 milliseconds away from 90 per cent of the world's online users."
The new locations will be scattered around the world, in places including Cape Town, South Africa; Hong Kong; Madrid, Spain; Sao Paulo, Brazil; Taipei, Taiwan and Warsaw, Poland, as well as in unspecified cities in the Middle East. Rather than filling an entire data centre or placing large servers in the new locations, VeriSign plans to fill only about half a standard server rack with hardware, Balogh said.
Joris Evers writes for CNET News.com
