The Public Interest Registry, operators of the .org top-level domain name, was today granted permission from ICANN to implement Domain Name Security Extensions (DNSSEC). DNS is inherently insecure, which has become more apparent recently with security issues found in most server implementations (to do with easily guessing client ports used for responses) and the lack of a trust mechanism that results in DNS poisoning (the process of injecting a false response to a DNS lookup and redirecting the user to another site)
DNSSEC adds extensions to the DNS protocol that provide a layer of authorization between requesting clients and DNS servers. The extensions provide a way for clients to check the authenticity of a response to protect against both poisoning and other redirection methods used in man-in-the-middle and phishing attacks.
The move could be the impetus for the other TLD managers to also adopt the emerging standard. DNSSec-Deployment, an advocacy website for DNSSEC, estimates that up to 10% of DNS servers on the web today are vulnerable to simple attack techniques that could compromise a visitors web traffic. If DNSSEC works out for the .org group we could see it implemented broadly across .com and .net (with Verisign) and a more secure DNS system for the web.