SleepyEgg

Yesterday, the DNS root zone was signed. This is an important step in the deployment of DNSSEC, the mechanism that will finally secure the DNS against manipulation by malicious third parties. 

The Domain Name System is a hierarchical system, where many nameserver operators are in charge of a limited set of information pertaining to a particular place in the hierarchy. To find the address information associated with any given name, it's necessary to traverse the hierarchy. For instance, looking up www.arstechnica.com means talking to a nameserver that knows about the "root," then going to one with information about .com and finally one that knows about arstechnica.com. DNSSEC requires signatures at each of these steps. Several top level domains (TLDs), such as .org, .se and .nl, have already signed their "zone," and can provide a secure pointer to domain names at the next level in the DNS hierarchy.