Securing the .edu top-level domain with DNSSEC

DNS security continues its slow march to the root servers with today’s announcement that the educational top-level domain “.edu” will roll out the DNSSEC protocol for testing this month, with a full deployment to follow by March 2010.

The domain name system (DNS) resolves Internet addresses like arstechnica.com into a numerical IP address—but the ancient DNS protocol provides little to no security. Hackers have figured out ways to poison the DNS cache, redirecting users who think they’re visiting one site to another, quite different site. The insecurity of this fundamental piece of Internet architecture has been a boon for phishers and other miscreants, and the problems have been recognized for years.