.Org Signed for DNSSEC


The .org top-level domain (TLD) has now been signed with Domain Name System Security Extensions (DNSSEC), marking a significant milestone in better securing key elements of the Internet against security vulnerabilities.

The move toward securing the .org registry with DNS security started back in September 2008, following the Kaminsky DNS flaw disclosure.

The .org TLD is now the first major generic TLD to be secured with DNSSEC, providing its domain holders with the potential to cryptographically ensure the integrity of DNS information . The signing of the .org domain comes ahead of the final signing of the root zone for the Internet, which is set for July.

"We're announcing the deployment of DNSSEC so every .org domain owner can potentially get their domain signed," Alexa Raad, CEO of the Public Interest Registry, which manages .org, told InternetNews.com.

While the .org domain space is now signed, it's now up to individual domain registrars that sell and maintain .org domains to implement DNSSEC for their respective customers.

"I don't want to minimize the effort that the registrants have to make in terms of DNSSEC implementation," Raad said. "However, the hard part, which is the registrar handbook with the step-by-step measures of what is required, that's already been specified and shared."

The expense to .org for implementing DNSSEC on its infrastructure and operations has not been a small one. While Raad did not provide a specific figure as to the cost of DNSSEC implementation, Afilias, which is the technical operator of the .org registry, told InternetNews.com in 2009 that the DNSSEC implementation would be a multi-million dollar effort.

But Raad noted that the cost isn't going to be passed on by .org to domain registrars.

"This was not a commercial motivation for us, but rather more of a public interest motivation," Raad said. "We're not passing on any costs -- we're absorbing the cost."

The move for .org to embrace DNSSEC comes amid a wider push to encourage Internet infrastructure stakeholders and customers to adopt the technology. In addition to driving efforts behind the signing of the Internet's root zone, the Internet Corporation for Assigned Names and Numbers -- the domain name system's chief authority better known as ICANN -- this week is holding meetings in Belgium during which it's been busily encouraging others in the industry to support DNSSEC to better secure Internet infrastructure. While DNSSEC as a technology has been around for years, the need for it accelerated after vulnerabilities like the Kaminsky DNS flaw came to light.

"Up until the Kaminsky bug, there was skepticism about the necessity for DNSSEC," Raad said. "That bug put a stop to that very quickly."

Sean Michael Kerner is a senior editor at InternetNews.com, the news service of Internet.com, the network for technology professionals.