Worth Reading: Enabling DNSSEC Validation

In July 2010, we saw an important Internet milestone: the Domain Name System (DNS) root zone was signed with DNSSEC, the DNS security extensions. DNS was designed without much thought given to security, but DNSSEC adds much-needed authentication and data integrity features. With DNSSEC, information in the DNS, including the root zone, can be cryptographically signed. DNS clients can validate the resulting signatures to have more trust that the data coming out of DNS is the same as what the owner put in and signed, and that the data hasn’t been modified in transit. —APNIC