Still this year, the entire DNS root is passing on to DNSSEC this year in order to increase security. In fact DNS is the phone book of the Internet. When you enter a domain name, you surf to a specific site since this domain name is translated to a certain ip-address. DNS realizes this transformation, it’s DNS that translates the name to the ip-address.
The current system is far from perfect. That’s not very suprising since the current DNS system is already 30 years old. 30 years ago, the group of Internet users and – providers was smaller and more based on trust. Those days are over. Therefore, there will be switched to DNSSEC this year.
DNSSEC will increase security as it will add digital signatures to DNS requests. With this system, we could get rid of security problems such as the infamous “KAMINSKY leak”. Through his research KAMINSKY showed that through a bug in the security of DNS it is perfectly possible to hijack domain names and Internet applications. This bug would be a goldmine for malicious people, who can divert people to rogue sites, where for example credit card data could be copied. DNSSEC is the solution to this problem in the longer term.
The first domain to switch to DNSSEC is the .org domain. The switch has started and gradually all .org suppliers will switch to DNSSEC. Normally this conversion will be completed in 2010.