.ORG becomes the first open TLD to sign their zone with DNSSEC
Today we reached a significant milestone in our effort to bolster online security for the .ORG community. We are the first open generic Top-Level Domain to successfully sign our zone with Domain Name Security Extensions (DNSSEC). To date, the .ORG zone is the largest domain registry to implement this needed security measure.
What does it mean that the .ORG Zone is “signed”? Signing our zone is the first part of our DNSSEC test phase. We are now cryptographically signing the authoritative data within the .ORG zone file. This process adds new records to the zone, which allows verification of the origin authenticity and integrity of data. In addition to zone signing, key maintenance will also be tested to include key generation, storage, and rollover. The final component of this initial test phase will be to sign domain names. We will test domain names in a controlled environment, starting first with a small set of names in which we will manually insert DS records into the zone. The focus of this first phase is proper testing to mitigate risks and capture lessons learned to share industry wide.
We believe that sharing lessons learned from our experiences will lead to even more consideration and adoption across the industry, bringing us to the “tipping point” where all Internet users can benefit from the trust and authentication that DNSSEC can offer.
For more detailed information about our DNSSEC initiative, please visit our website at http://pir.org/why/security/dnssec.