VeriSign has enabled DNSSEC on the top-level domain '.com', the first bold step by a registry operator to deploy the security standard on a global scale.

The company, which among others also operates two of the root servers and the '.net', '.name' and '.gov' domains, hopes this initiative will close a known vulnerability within the DNS infrastructure that has long been a target for hackers and identity thieves.

DNSSEC, short for DNS Security Extensions, ensures integrity of DNS records passed around by DNS servers using digital signatures to authenticate their origin. The extensions are designed to protect the DNS from man-in-the-middle attacks that corrupt DNS data stored on recursive name servers.

"With DNSSEC, poisoning a recursive name server's cache is much more difficult because DNS administrators sign their data. The resulting digital signatures on that DNS data are validated through a 'chain of trust'," VeriSign said in a press statement.

"Dotcom" is the Internet's largest domain with more than 90 million domain name registrations worldwide. VeriSign is also the contracted registry operator of country code top-level domains '.cc' (Cocos Islands) and '.tv' (Tuvalu) as well as the primary technical subcontractor for the '.edu' and '.jobs' top-level domains. You can read the full-text of VeriSign's press release here.