The 13 name servers operating the root zone of the Internet's Domain Name Servers (DNS) are now digitally signed with DNSSEC, or the Domain Name Server Security Extensions protocol. This will help prevent or at least make it much more difficult to mount attacks that exploit the trust-based nature of the domain name resolution process.

Ken Silva, senior vice president and chief technology officer at VeriSign, elaborated on the significance to InternetNews.com, "The milestone is crucial because it means that administrators of recursive name servers--the servers that look up Internet addresses using data from the Domain Name System (DNS)--can in most cases enable validation of DNS data by configuring just the root's public key."

Of course, the hierarchical nature of DNS means that it has to be employed at every level to the individual ISPs to be truly effective. As such, it might be some time yet before DNS is properly secured, though this is certainly an important and necessary start.

For more on this story:
- check out this article at eSecurity Planet
- check out this article at PC Pro 

Related Articles:
Kaminsky pushes for DNS patching
IETF mulls the option of ignoring Kaminsky DNS bug
Free Firefox add-on helps boost security
DNS flaws opens the door to an array of attacks
Exploit code for DNS flaw released