VeriSign to deploy DNSSEC in .com next March
VeriSign is to start rolling out the DNSSEC security protocol in .net today, and will sign .com next March, the company said today.
In an email to the dns-ops mailing list, VeriSign vice president Matt Larson said that .net will get a “deliberately unvalidatable zone”, which uses unusable dummy keys for testing purposes, today.
That test is set to end on December 9, when .net will become fully DNSSEC-compatible.
The .com TLD will get its own unvalidatable zone in March, but registrars will be able to start submitting cryptographic keys for the domains they manage from February.
The .com zone will be validatable later in March.
The DNSSEC standard allows resolvers to confirm that DNS traffic has not been tampered with, reducing the risk of attacks such as cache poisoning.
Signing .com is viewed as the last major registry-level hurdle to jump before adoption kicks off more widely. The root zone was signed in July and a few dozen other TLDs, such as .org, are already signed.
If you find this post or this blog useful or interestjng, please support Domain Incite, the independent source of news, analysis and opinion for the domain name industry and ICANN community.
[…] The DNSSEC standard helps prevent domains being hijacked through cache poisoning attacks by signing each domain’s zone with a validatable cryptographic key. The technology will be available for .com domains early next year. […]
[…] VeriSign to deploy DNSSEC in .com next March […]