Close on the heels of the fuss over the security dent in DNS server, the U.S. government has decided to take steps to ensure trusted look-ups of domain information.

According to a memo issued by Karen Evans, Administrator, Office of E-Government and Information Technology to Chief Information Officers, all major agencies should adopt a proposed technology to enable trusted lookups of domain information by December 2009.

The technology, known as Domain Name System Security ( DNSSEC), promises to secure the domain name system (DNS) against attempts to subvert the infrastructure, such as the cache poisoning attack found by researcher Dan Kaminsky earlier this year. DNSSEC provides cryptographic protections to DNS communication exchanges, thereby removing threats of DNS-based attacks and improving the overall integrity and authenticity of information processed over the Internet.

According to the memorandum, it addresses two important issues in following through with the existing policy and expanding its scope to address all USG information systems.

The Federal Government will deploy DNSSEC to the top level .gov domain by January 2009. The top level .gov domain includes the registrar, registry, and DNS server operations. This policy requires that the top level .gov domain will be DNSSEC signed and processes to enable secure delegated sub-domains will be developed. Signing the top level .gov domain is a critical procedure necessary for broad deployment of DNSSEC, increases the utility of DNSSEC, and simplifies lower level deployment by agencies.

"Your agency must now develop a plan of action and milestones for the deployment of DNSSEC to all applicable information systems. Appropriate DNSSEC capabilities must be deployed and operational by December 2009," the memorandum says.

Owing to the technical hurdles and the political problems in designating companies or governments to hold the keys to the domain-name system, both governments and private sector companies have held off deploying DNSSEC for more than a decade.