You are correct in that DNSSEC is a positive and necessary step forward. You are also correct in that while DNSSEC is one of they keys towards providing for a secure ‘net, it is not the sole function that protects users on the ‘net. However, DNSSEC is an important piece to the security puzzle. You are also correct in that for DNSSEC to be fully implemented it needs to be implemented down the whole DNS chain to the registrar and ISP. Ultimately it will be the domain owner who decides when their name should be signed.

There is a tool, Security-DNS.net (http://www.Security-DNS.net), that allows for easier and quicker adoption of DNSSEC as it can be utilized by registrars and ISPs to help their customers with signing. Individual domain owners can also sign their own names for delivery to their respective registry, should they wish. Also, enterprises and registries can also utilize this tool for the signing of their zones.