In a much awaited improvement and implementation, VeriSign has finally rolled out DNSSEC for the top level domain .com.

This facility will now be available to a massive, 80 million registered domains.

DNSSEC is a secure version of the domain name to IP lookup or the DNS (Domain Name System) protocol and it stands for DNS Security Extension.

DNSSEC was rolled out for the top level .com domain on Thursday (31st March, 2011) which had been anticipated for quite a long time now.

DNSSEC was implemented in July last year i.e. 2010 on the root servers (which are at the top of the DNS hierarch) and since then 25+ top level domains have enabled DNSSEC. These include among others .gov, .edu, .org, .net etc.

DNSSEC is a preventative measure against the DNS Cache poisoning which was one of the most utilized attack vectors to divert traffic internationally to malicious servers.

DNSSEC uses cryptography, cryptographic checks to be more precise, to determine whether the IP received in the response of the DNS query matches to that of the actual IP address corresponding to the domain name.

DNSSEC also allows prevention against certain man-in-the-middle attacks along with the DNS Cache poisoning for which it is mainly used. DNS Cache poisoning was the result of the work carried out by Dan Kaminsky on DNS during the year 2008.

The technology has been around for quite a while now, but the awareness regarding DNSSEC isn’t that wide spread and its importance is still not understood by many in the industry. In a survey that was conducted by IID (Internet Identity), which is a security firm, brings out a startling fact.

More than about 50% of the experts who were surveyed, were either not aware about the protocol at all or merely has a limited or vague familiarity with the protocol.