Latest news of the domain name industry

Recent Posts

VeriSign to deploy DNSSEC in .com next March

Kevin Murphy, October 29, 2010, 16:01:47 (UTC), Domain Tech

VeriSign is to start rolling out the DNSSEC security protocol in .net today, and will sign .com next March, the company said today.

In an email to the dns-ops mailing list, VeriSign vice president Matt Larson said that .net will get a “deliberately unvalidatable zone”, which uses unusable dummy keys for testing purposes, today.

That test is set to end on December 9, when .net will become fully DNSSEC-compatible.

The .com TLD will get its own unvalidatable zone in March, but registrars will be able to start submitting cryptographic keys for the domains they manage from February.

The .com zone will be validatable later in March.

The DNSSEC standard allows resolvers to confirm that DNS traffic has not been tampered with, reducing the risk of attacks such as cache poisoning.

Signing .com is viewed as the last major registry-level hurdle to jump before adoption kicks off more widely. The root zone was signed in July and a few dozen other TLDs, such as .org, are already signed.

Tagged: , , ,

Comments (2)

  1. […] The DNSSEC standard helps prevent domains being hijacked through cache poisoning attacks by signing each domain’s zone with a validatable cryptographic key. The technology will be available for .com domains early next year. […]

  2. […] VeriSign to deploy DNSSEC in .com next March […]

Add Your Comment