DNSSEC is being deployed across the Internet infrastructure, from the root servers at the top of the DNS hierarchy to the servers that run .org and other top-level domains, down to the servers that cache content for individual Web sites. All of these pieces must be in place for DNSSEC to protect an individual Web site.
The timing of .org's deployment of DNSSEC is ideal, given that the Internet's root zone will be signed on July 1.
Other top-level domains that are in the process of deploying DNSSEC or have already done so include the U.S. federal government's .gov domain and country code top-level domains operated by Sweden, Puerto Rico, Bulgaria and Brazil.
VeriSign says it will support DNSSEC in the .edu domain by the second quarter of 2010, the .net domain in the fourth quarter of 2010, and the .com domain in the first quarter of 2011.
In related news, Comcast is the first U.S. carrier to announce a public trial of its DNSSEC signing and resolution services.
"All of these DNSSEC announcements are coming one after another," Raad says. "The net of it is that if you have customers that are looking for secure applications, if you have customers that want to ensure themselves against identity theft, then you've got to start planning to support DNSSEC, and you've got the lead time to do it."
Galvin says CIOs need to realize that the time to deploy DNSSEC is now.
"The tipping point is here," Galvin says. "With the network operators moving along with products, and the service providers stepping up to offer managed services for enterprises and for individuals, I think that if you're not planning for DNSSEC now, you are behind the curve."
Read more about wide area network in Network World's Wide Area Network section.