ISC joined other key participants of the internet technical community in celebrating the achievement of a significant milestone for the Domain Name System today as the root zone was digitally signed for the first time. This marked the deployment of the DNS Security Extensions (DNSSEC) at the top level of the DNS hierarchy and ushers the way forward for further roll-out of DNSSEC in the top level domains and DNS Service Providers.

The DNS Security Extensions, DNSSEC, extends standard DNS to prove data came from an authoritative source and has not been modified, thwarting the so called 'man-in-the-middle attack' and enabling the development of more secure internet applications and transaction processing. DNSSEC adds new resource records and message header bits which can be used to verify that the received DNS data matches the original data, and has not been altered in transit.

Paul Vixie, President and CEO of ISC stated, “We are very happy with today's achievement! The signing of the root is the catalyst needed for further deployment of DNSSEC, particularly in the TLD registries.”

“ISC has been intimately involved with the development of DNSSEC for more than fourteen years and we have been unwavering advocates of DNSSEC deployment. We applaud the efforts of ICANN and the Department of Commerce in achieving this momentous milestone and encourage other DNS data providers to do the same.”

Today's milestone marked the final step in a seven month process of evaluation and incremental deployment, assuring operational readiness of systems, software, and processes necessary for any significant change to the DNS root. Two ISC staff members, Joao Damas and Norm Ritchie were selected as Trusted Community Representatives that oversaw the generation of the root key at formal ceremonies in the secure facilities located in Culpeper, Virginia and El Segundo, California.

ISC operates the largest DNS root server (F-root), develops and maintains BIND, the world's most widely deployed DNS software, and offers intensive training courses in DNSSEC. Further information on DNSSEC and BIND may be found at http://www.isc.org/software/bind/dnssec. Training information is available at http://www.isc.org/services/training.