Top of Page

Links to move inside this page.

IIJ to Adopt DNSSEC Expansion Method to Improve Security on DNS Services

January 17, 2011

TOKYO--January 17, 2011--Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, TSE1: 3774), one of Japan's leading Internet access and comprehensive network solutions providers, today announced that in order to improve domain name system (DNS) security, it will upgrade all of its DNS-related services, such as the DNS Outsourcing Service, to be compatible with DNS Security Extensions (DNSSEC) on January 31, 2011.

DNS performs a function for linking IP addresses with host names. Normally, when a client computer communicates with a specific server, for example, the client computer sends a request to the DNS that manages the domain information for that server, and based on the information received back from the DNS, the computer communicates with the specified server. However, DNS cache poisoning (*1), a type of attack that exploits this system, become wide spread in the 1990s, which created the risk of receiving false information from the DNS. The Kaminsky Attack (*2), which made DNS cache poisoning relatively easy, was discovered in 2008 and became a very large security risk. Computers that receive false DNS information as a result of these attacks are vulnerable to a number of threats, such as being forwarded to harmful sites or having their webpage or mail content altered, and since the DNS function itself is rendered inoperable, it may have a huge impact on the entire Internet, which is why improving DNS security has become a critical mission.

DNSSEC uses electronic signatures as a means of confirming that DNS data has not be falsified, and since 1994, the IETF (*3) has been examining the specifications. (*4) The integrity of DNS can be verified by using a private key and public key arrangement, and thus this is considered the most effective means of defeating security threats that abuse the DNS system. Adoption of DNSSEC is growing in every country in the world.

As the name suggests, the root server is the source of DNS on the Internet, and as of the summer of 2010, the root servers are fully DNSSEC ready, and with the DNSSEC conversion of Japan Registry Service Co., Ltd. (JPRS), IIJ's DNS services will also be made DNSSEC compatible. By using DNSSEC enabled services, client's can keep their DNS servers secure without any specialized knowledge. DNSSEC has just begun to be adopted around the globe, and because there is not a lot of technological knowledge or expertise available regarding implementation, it is easier to get the benefits of DNSSEC through these services rather than implementing it on one's own.

IIJ will continue to expand the use of DNSSEC enabled services in the future.

  1. (*1)An attack that overwrites DNS information to direct people to other sites and the user cannot access certain domains.
  2. (*2)A new type of attack created by Dan Kaminsky in 2008, which makes DNS cache poisoning more effective.
  3. (*3)Internet Engineering Task Force: A volunteer organization to promote standardization of Internet technology.
  4. (*4)The current specifications (RFC4033, 4034, and 4035) were adopted in 2005 (RFC5155, which sets out the NSEC3 method, was adopted in 2008).

DNSSEC enabled services

Service Implementation
DNS Outsourcing Service Signature and key renewal and management for relevant zone information
DNS Secondary Service When the primary DNS is DNSSEC enabled, the secondary DNS server with IIJ is automatically DNSSEC enabled.
General-use JP domain management service and
Organizational Type JP domain management service
Perform registration of DS (delegation signer) for upper-level DNS servers

About IIJ

Founded in 1992, Internet Initiative Japan Inc. (IIJ, NASDAQ: IIJI, Tokyo Stock Exchange TSE1: 3774) is one of Japan's leading Internet-access and comprehensive network solutions providers. IIJ and its group of companies provide total network solutions that mainly cater to high-end corporate customers. The company's services include high-quality systems integration and security services, Internet access, hosting/housing, and content design. Moreover, the company has built one of the largest Internet backbone networks in Japan, and between Japan and the United States. IIJ was listed on NASDAQ in 1999 and on the First Section of the Tokyo Stock Exchange in 2006. For more information about IIJ, visit the IIJ Web site at

The statements within this release contain forward-looking statements about our future plans that involve risk and uncertainty. These statements may differ materially from actual future events or results. Readers are referred to the documents furnished by Internet Initiative Japan Inc. with the SEC, specifically the most recent reports on Forms 20-F and 6-K, which identify important risk factors that could cause actual results to differ from those contained in the forward-looking statements.

For media inquiries, please contact:

Media Relations Office

Get Adobe Reader
Download Adobe Reader
If you don't have Adobe Reader or are having problems viewing the document after download, please take a few moments to download the latest free Adobe Reader.

End of the page.

Top of Page