DNSSEC comes to .org domains

THE .ORG INTERNET NEIGHBORHOOD has become the first generic top-level domain (TLD) to deploy domain name system security extensions (DNSSEC), though only a small clutch of registrars have signed up to the system so far.

DNSSEC is seen to be the first step in securing the domain name system (DNS) against security threats that simply didn't exist at the Internet's conception. Steve Crocker, co-chair of ICANN's DNSSEC deployment initiative said, "It [DNSSEC] will help curb threats like cache poisoning, DNS redirection and domain hijacking - all of which have been used to distribute malware and commit fraud such as identity theft."

The system revolves around certificates that digitally sign domain name records allowing for a trivial check to be made on the validity of answers returned by DNS servers.

The Public Interest Registry, which is in charge of the .org TLD, first announced its plans to deploy DNSSEC in June, 2009. It has taken over a year to sign up 13 registrars to support the system, although one hopes that this announcement is merely the opening of the floodgates.

A list of registrars that support DNSSEC is already available for anyone thinking of registering a .org domain.

No timeframe has been announced as to when the .com and .net TLDs will support DNSSEC, though a rapid take-up on .org would certainly put pressure on Verisign to get its act together. µ