Skip to main content Skip to search

January 16, 2018

NS1 Launches DNSSEC for DNS: Security Without Compromise

DNSSEC Implementation Overcomes Obstacles of Traditional DNS Solutions to Deliver Zone Protection and Advanced Traffic Management

NEW YORK – Jan. 16, 2018 – NS1™, a leader in next generation DNS solutions, announced today support for Domain Name System Security Extensions (DNSSEC). Unlike the DNSSEC implementations from traditional managed DNS providers, NS1 enables organizations to gain the benefits of advanced DNS traffic management on zones protected by DNSSEC. Now organizations no longer need to choose between security and the traffic management capabilities that are essential to providing high-quality online services.

DNSSEC prevents attacks that can compromise the integrity of answers to DNS queries. These so-called “DNS cache poisoning” attacks can have serious consequences for online enterprises and their customers. However, many organizations have not protected their zones with DNSSEC because technical barriers to its use have resulted in an unfortunate trade-off between functionality and security.

Mindful of these issues, NS1 has implemented DNSSEC to remove the technical barriers, eliminating the need to choose between usability and protection.

  • The incompatibility problem: DNSSEC implementations on standard DNS platforms and on most DNS managed services are incompatible with traffic management. DNSSEC “breaks” even basic functions, such as geo-routing.
  • A new approach: All of NS1’s advanced traffic management capabilities are available on DNSSEC signed zones, overcoming the incompatibility issue. This includes NS1’s suite of metadata, data feeds and filter chain technology.
  • Redundancy covered: The need for DNS redundancy remains, but DNSSEC incompatibility between providers is often a barrier. NS1’s Managed DNS combined with Turnkey Dedicated DNS provides DNS redundancy and full-featured traffic management for all DNSSEC signed zones.

Jonathan Lewis, vice president of product at NS1, said:
“While there is broad awareness of the need for DNSSEC, adoption is not widespread. Many enterprises have delayed using DNSSEC because it is technically complex and disables the DNS traffic management capabilities they rely on to maintain the quality of their online services. Our DNSSEC implementation is designed specifically to address these concerns. All organizations from the largest web-scale enterprise to small businesses can now quickly and easily ensure they and their customers are protected from highly damaging DNS cache poisoning attacks.”

Eric Hanselman, chief analyst at 451 Research, said: “NS1 has taken a useful, customer-centric approach in enabling organizations to protect their presence on the internet. Widespread DNSSEC adoption has been hampered by trade-offs in performance, manageability and infrastructure flexibility. By breaking down these barriers NS1 is helping organizations achieve the goal of securing their digital identities.”

About NS1

NS1 is the leader in next generation DNS solutions that orchestrate the delivery of the world’s most critical internet and enterprise applications. Only NS1’s purpose-built platform, which is built on a modern API-first architecture, transforms DNS into an intelligent, efficient and automated system, driving dramatic gains in reliability, resiliency, security, and performance of application delivery infrastructure. Many of the highest-trafficked sites and largest global enterprises trust NS1, including Salesforce, LinkedIn, Dropbox, Nielsen, Squarespace, Pandora, Weight Watchers and The Guardian. Visit to learn more.