DNSSEC is a suite of security extensions to the DNS which provide origin authority, data intergity and authenticated denial of existance. Putting that in plain English, DNSSEC allows for a DNS zone to be cryptographically signed (which produces digital signatures), and provides a mechanism for validating the authenticity of the data received using these digital signatures. Validating resolvers and servers must be pre-configured with a Trust Anchor, using which a “chain of trust” will be established to the signed zone. Data from this signed zone can then be validated.
The new and improved DNSSEC RFCs were published in 2005, and since then DNSSEC has seen a steady growth in attention. However this year, things took a much more dramatic turn mainly because of the vulnerabilities that were revealed at BlackHat by researcher Dan Kaminsky. More and more people are showing interest in DNSSEC as a good solution to lock down their DNS infrastructures.