.ORG, The Public Interest Registry (PIR) announced it has inserted its Domain Name System Security Extensions (DNSSEC) key into the Internet root zone, joining the top of the Internet’s “chain of trust.” As the first generic top-level domain (TLD) to offer full DNSSEC deployment, the news dovetails .ORG’s June announcement that the third largest top-level domain is now signing second-level delegations.

The protocol benefits top-level domain (TLD) managers and end-users alike by enabling the publication and location of trust anchors in the root zone and providing a consistent and convenient entry point to DNS security.

“Today is a historic day for DNSSEC and the Internet at large,” said Alexa Raad, chief executive officer of .ORG, The Public Interest Registry. “Now, over 8 million .ORG users—as well as their Internet service providers—can sign their domains and increase protection with relative ease. In addition, with DNSSEC at the root zone, users and domain managers need only trust a single source in order to receive the highest level of Internet security available.”

By deploying DNSSEC, domain name owners benefit from the ability to thwart cache poisoning and man-in-the-middle attacks and the assistance in mitigating attacks like pharming, phishing, DNS redirection and domain hijacking—all of which have been used to commit fraud, distribute malware, and identity theft. Additionally, DNSSEC upgrades the current Internet infrastructure by protecting Internet resolvers from forged DNS data.

On June 23 at ICANN 38 Brussels, PIR—the manager of the .ORG domain—announced that it had enabled the signing of second level domains. The move marked the final step in an extensive two-year process, placing .ORG at the helm of DNSSEC deployment.