By Joel Hruska
July 22, 2008 - 09:40PM CT

ICANN has unanimously approved a request by the Public Interest Registry (which handles .org domains) to become the first generic Top Level Domain (gTLD) to switch to the DNS security protocol DNSSEC.

As part of the agreement, PIR will trailblaze DNSSEC, while simultaneously developing an education and adoption plan that can later be disseminated across the Internet's infrastructure, PIR's use of DNSSEC is a significant step forward, but a mixture of contentious political and technological issues have slowed the worldwide development and deployment process.

DNSSEC is intended to fix fundamental flaws in the original DNS protocol that leave it vulnerable to several different attack vectors, including cache poisoning. This is accomplished in part through the use of digital signatures. By using such signatures, the DNS resolver can check to see if information it is receiving is actually from the appropriate address; the digital signatures effectively act as a password (the analogy is not exact).

The DNS flaws themselves aren't anything new—they were discovered back in 1990—but the solution to the problem has been no less than eleven years in the making, putting the length of its development cycle almost on par with Duke Nukem Forever. DNSSEC development lasted from January 1997 to the present day, or roughly 11 years and six months.