.ORG is signed

.ORG is signed

dotorgAs of 2009-06-02, at 16:00 UTC, .ORG is DNSSEC-signed. I received this news from a mailing list last week.

Public Interest Registry has announced [link here] the key-signing key (KSK) below to validate signatures on the .ORG zone:

org.			IN DNSKEY 257 3 7 (
				) ; key id = 21366

It uses NSEC3, which is only fully-supported in Bind 9.6.1 and up.

Overall, this is good news for the DNS/Internet¬†community even though .com (the most popular TLD) may still be far. Of course the root is way farther behind, and “until the root is signed…” we have to rely on DLV.¬†ISC announced today that .ORG was inserted into DLV as of July 06, 2009, another reason to celebrate.

Note: DNSSEC (or DNS Security Extensions) adds security to the Domain Name System. It was designed to protect the Internet from certain attacks, such as DNS cache poisoning. It introduces four new resource record types: Resource Record Signature (RRSIG), DNS Public Key (DNSKEY), Delegation Signer (DS), and Next Secure (NSEC).

Comments are closed.