Knowing full well that DNSSEC won’t be the silver bullet that will solve the massive problem that is cyber security, but will at least provide protection against man-in-the-middle and cache poisoning attacks, DNS redirection and domain hijacking to the owners of the signed domains, the Public Interest Registry (responsible for operating .ORG) has announced yesterday that .org has become the first generic top-level domain to deploy Domain Name System Security Extensions.
The active key with which some eight million owners of .org domains will be able to sign them is scheduled to be published on the 15th of July.
“The public’s interest is at the core of our mission at .ORG- especially as Internet usage continues to grow exponentially. DNSSEC serves as tamperproof packaging for DNS by not only preventing identity theft as a result of “man-in-the-middle attacks”, but also enabling innovation in applications that rely on DNS,” said Alexa Raad, CEO of the Public Interest Registry. According to the H Security, she also predicted that customer education about the benefits of DNSSEC will be the biggest challenge to its implementation, since the problem of infrastructure upgrading for zone operators is negated by the constant need for upgrading regardless of this new option.
The list of .org registrars across the world can be found here, and you can check out who has already announced the deployment of DNSSEC. One name that stands out is GoDaddy, one of the largest domain registrars worldwide – a move that will surely make other registrars think and consider DNSSEC deployment.
As with any new technology, it will take some time for most of the providers to jump on the wagon. Some are worried about their advertising possibilities being restricted, since DNSSEC doesn’t allow redirection, while many are concerned with the potential blocking mechanisms employed by authorities.