What would we do without DNS? Visit sites based upon their IP address?
Try to visit our website using the ip address http://220.127.116.11. And now try the same for the future IPv6 address: http://2a02:348:56:53ca::80. Was that easy?
The Domain Name System makes your computer follow a series of steps to turn human-readable web addresses into machine-readable IP addresses. This happens every time you use a domain name, whether you are viewing websites or sending email. DNS works so seamlessly and instantaneously that one is usually completely unaware of it.
To add a layer of trust on top of DNS, a protocol called DNSSEC was created to insert cryptographic signatures to existing DNS records. These Domain Name System Security extensions are critical for trustworthy communications and transaction on the Internet. It allows users to validate the DNS records they receive, came from the correct source.
Most of the top-level zones (.com, .net, .org zones) and many country-code top-level zones (.nl, .be,…) were signed by DNSSec in the meantime. While zone signing keys (ZSK) can rotate autonomically, overhead occurs as half yearly communication to the toplevel domain (KSK) requires a manual intervention.
TrueGEN feels a widespread integration of DNSSec is not only fundamental but also essential to assure a safe and secure future.