INTERNET INFRASTRUCTURE OUTFIT Verisign has rolled out DNSSEC on the .com top level domain (TLD).
Verisign, which runs two of the Internet's 13 root domain name service (DNS) servers and the .com and .net TLDs, announced that it has deployed DNSSEC on the .com TLD. The firm announced that this was a "critical milestone to improve the integrity" of the Internet.
One of the main advantages of using DNSSEC is that DNS records can be verified because they are digitally signed using public-key cryptography. This should, in theory, mitigate the possibility of DNS hijacking attacks, where users are unwittingly sent to the wrong website by having a domain name resolved to an incorrect quad-dot numerical Internet address.
Pat Kane, SVP and general manager of naming services at Verisign is under no illusions that DNSSEC is some sort of magic bullet, saying, "The threats against the Internet ecosystem - whether targeting the DNS or elsewhere - are unrelenting." Of course Kane is right, but once DNSSEC is in place, as it is now with the .com TLD, it is a relatively simple procedure to put yet another barrier up to guard against hackers hijacking DNS resolution.
Verisign says it has worked with domain registrars, ISPs, ICANN and hardware and software vendors to get DNSSEC in place. Back in December 2010, Verisign deployed DNSSEC to its .net TLD, and prior to that on the .edu TLD.
While DNSSEC does have significant security benefits, it also helps Verisign flog DNS signing certificates. And there you were, thinking that Verisign did this out of the goodness of its heart. µ