The DNS protocol is over 30 years old. It is amazing that it is still working so well. But it has a massive flaw, the security. So here comes the security extension called DNSSEC that provides digital signatures (keys) that let DNS clients validate and prove that the DNS data was not modified on the way, and it can also prove a negative answer (the requested item does not exist).

​What is DNSSEC? 

Continue reading →