DNSSEC is something you’ve no doubt heard of, especially this past summer with the discovery of the Kaminsky DNS bug which led to a small panic and widespread patching from vendors. DNSSEC (sometimes called DNSSECbis) has existed as a proposal for about 10 years, but has undergone significant changes as recently as March 2008, and has only lately seen a major push to implementation. This post discusses both the need for DNSSEC and tackles the complex topic of how it works, as simply as possible. Though this really only scratches the surface, it should serve as a good intro for those who want to know more. A fundamental understanding of DNS is assumed.

Continue reading