70 likes | 236 Views
Go Daddy ® DNSSEC Support. PRESENTED BY: Wayne Thayer, Go Daddy CTO. TUESDAY, APRIL 3, 2012. About Go Daddy. 52 million Domain Names. 10 billion N ame Server Requests Daily. 2.7 million MySQL Databases. 1 billion W eb Server R esponses D aily. 12
E N D
Go Daddy® DNSSEC Support PRESENTED BY: Wayne Thayer, Go Daddy CTO TUESDAY, APRIL 3, 2012
About Go Daddy 52 million Domain Names 10 billion Name Server Requests Daily 2.7 million MySQLDatabases 1 billion Web Server Responses Daily 12 Worldwide Data Centers(100,000 sq. ft, in use) 10 millionActive Customers(through January 2012) 1.1 million WebSite Tonight®Accounts 5 million Hosted Accounts
Security Services • Go Daddy offers a full array of site protection tools, including SSL Certificates, Website Protection Site Scanner and Premium DNS. • SSL Certificates • #1 in net-new SSL Certificates (according to Netcraft®) • Fastest-growing SSL Certificate Authority • Over 600,000 active SSL Certificates • Go Daddy was closely tied to the development of Extended Validation Certificates • Website Protection Site Scanner • Identifies Malware and website security gaps • Offers recommended solutions • Helps prevent Google® “blacklisting” • Includes free expert support SOME OF THE WORLD’S BIGGEST COMPANIES TRUST OUR SSLs
Security Services cont’d Domain Name System Security Extensions (DNSSEC) • Addresses identified security risks and helps prevent cache poisoning, pharming and man-in-the-middle attacks. • Go Daddy is 1 of only 3 registrars currently supporting DNSSEC for .com as reported by ICANN • Two types of DNSSEC implementation: manual and automated. • Manual signing - ~1000 active DNSSEC records • Gives user complete control over DNSSEC • Can self-host DNS • Offers custom key-rollover schedules • Challenge: Requires technical knowledge – user creates own keys and updates the DNS zones • Automated signing - ~3000 active DNSSEC records • We control the full spectrum, so user errors don’t enter into equation • Automated key rollovers with notification • Insulates end user from specification changes at the registries • Challenge: Must use prescribed nameservers • Manages DS records for the following domain name extensions: • .com • .net • .org • .co, .com.co, .net.co, and .nom.co • .me • .in – added last week • .us • .biz • .eu • .se • .co.uk, .me.uk, and .org.uk
Premium DNS Premium DNS accounts offer a higher level of support and advanced features, adding power, flexibility, and control to DNS management – all hosted on Go Daddy’s world-class infrastructure. DNSSEC is easily enabled and disabled through a simple radio button in DNS Manager Web UI. Supports domains registered at Go Daddy and elsewhere. Zone Signing Keys (ZSK) - 1024-bit RSA with 60-day automated rollover. Key Signing Keys (KSK) - 2048-bit RSA with 365-day automated rollover. DNSSEC zones are automatically re-signed when changes are made to them, with no additional input from the user. PREMIUM DNS MAKES IT EASY TO MANAGE AND SECURE DNS TO IMPROVE PERFORMANCE, ACCESSIBILITY AND SECURITY BY PLACING DNS INFORMATIONON OUR PREMIUM GLOBAL NETWORK.
DNS Infrastructure Through Go Daddy’s global Anycastnetwork, Premium DNS offers faster, more reliable and more secure DNS resolution. Traffic is balanced across multiple Go Daddy data centers throughout the United States, Europe and Asia, eliminating a single point of failure and routing DNS activities for maximized performance. • Homegrown system • Handles 10 billion requests per day • Globally distributed • Employs IP anycastto route traffic • High levels of resilience at all tiers • Multiple types and levels of DDoS • protection employed