DNSSEC: How far have we come?

DNSSEC is a set of security extensions to DNS intended to provide a root of trust for DNS records. This paper is a summary of the state of the art in DNSSEC deployment and implementation on the Internet. We start with a description of Kaminsky’s attack on DNS to motivate the need for trust in the DNS system. From here we describe some of the common arguments against DNSSEC including NSEC and NSEC3 walking and how DNSSEC can be an enabler for UDP reflection attacks. We then discuss useful extensions to DNSSEC, like DANE, and how these can be used to secure websites without trusting the certificate authority system. We also examine how far the effort has come in the decades since the technology was standardized, including adoption statistics and trends.

Press mentions:

Forbes:
http://www.forbes.com/sites/thomasbrewster/2014/09
/10/mozilla-web-encryption-problems-good-for-nsa/#656505012b2c

Threatpost:
https://threatpost.com/small-signs-of-progress-on-dnssec/108536/

For
Virus Bulletin
Date
September, 2014
URL
www.youtube.com/watch?v=6AWh2kp_frM