DNS Security Extensions (DNSSEC) has been deployed for .COM, Internet's largest domain extension with more than 90 million registrations. The announced was made today by VeriSign, the registry operator for .COM.

From today's announcement:

"By reaching this critical milestone in DNSSEC deployment, Verisign and the Internet community have made enormous strides in protecting the integrity of DNS data," said Pat Kane, senior vice president and general manager of Naming Services at Verisign. "But the threats against the Internet ecosystem — whether targeting the DNS or elsewhere — are unrelenting. That's why Verisign continually invests to ensure the security and availability of the Internet infrastructure."

DNSSEC helps close a known vulnerability within the DNS that has increasingly become a target for hackers and identity thieves. The security extensions apply digital signatures to DNS data to authenticate the data's origin and verify its integrity as it moves throughout the Internet. The extensions are designed to protect the DNS from man-in-the-middle attacks that corrupt DNS data stored on recursive name servers. With DNSSEC, poisoning a recursive name server's cache is much more difficult because DNS administrators sign their data. The resulting digital signatures on that DNS data are validated through a "chain of trust."

Related Links:

Tighter security available to .com sites, but upgrades required Network World, Mar.31.2011

DNSSEC Finally Arrives for .Com TLDs SecurityWeek, Mar.31.2011

A Red-Letter Day Cricket Liu, Mar.31.2011