DNSSEC bolsters .com security

VeriSign’s new security feature now available for .com websites domain is certainly good news that could not have come sooner.

To be sure, website administrators are forced to deal with numerous threats every day and any tool which can reasonably lower the risk of attack is more than welcome.

VeriSign announced the rollout plan of DNNSEC (DNS Security Extensions) in February 2009 and has firmly stuck to its aggressive timelines. 

The plan was carefully developed, starting with the smaller of the big three domains – .edu – in August 2010. 

This was followed by the .net domain in December 2010 before taking on the ‘big guy’ – .com – in March 2011. 

So, what is DNSSEC? 

Well, it is basically a feature that prevents traffic meant for a legitimate site being redirected to a spoof site under the radar of the end user, website administrator and website host.

DNSSEC utilizes public key encryption and digital signatures that allow websites to accurately validate their domain names and matching IP addresses.

Prior to its rollout, DNSSEC had been under development for close to a decade.


However, DNSSEC requires “downstream” changes for website owners to enjoy its full security benefits. 

Meaning, the Internet browser, service provider, website host, the domain registrar and top level domain operators all require software and hardware upgrades to support the new features.


Unfortunately, many “downstream” stakeholders are finding it difficult to keep up. 

For example, Mozilla’s Firefox is currently the only browser that provides a plug in for DNSSEC. 

And in the U.S., Comcast is the only internet service provider with a validation service for DNSSEC, while Major domain name registrars like GoDaddy.com have only recently started to offer DNNSEC support.

[Via Network World]