ICANN, the Internet Corporation for Assigned Names and Numbers, has announced the beginning of DNSSEC deployment.

DNSSEC information is now being served by L-Root, one of the Internet’s 13 root servers, operated by ICANN.

The DNS is very important to the proper operation of almost all services on the net, and the deployment of DNSSEC in the root zone is the biggest structural improvement to the DNS to happen in 20 years. According to ICANN, the deployment of DNSSEC is proceeding with widespread involvement of the Internet’s technical community, and is being carefully staged so that any unintended consequences of the deployment can be identified and mitigated promptly.

The reaction of the root server system as a whole to the change is being closely monitored, with root server operators performing extensive data collection to be analysed centrally. The data collection and analysis is being coordinated by DNS-OARC, the Domain Name System Operations Analysis and Research Center.

Other root server operators will execute similar maintenance procedures in the coming months. Deployment of DNSSEC is proposed to be completed in July 2010.

What is DNSSEC?

The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on Internet Protocol (IP) networks. It is a set of extensions to DNS which provide to DNS clients (resolvers) origin authentication of DNS data, data integrity, but not availability or confidentiality, and authenticated denial of existence (source).

For more information about the deployment of DNSSEC in the root zone, including details of how to contact the deployment team, click here.