The Need for Domain Name System Security Extensions (DNSSEC)
Back in 1983 when the modern DNS was being defined (yes, ages ago!), security was not a top of mind issue. After all, the commercial internet had not yet been developed, computer networking was in its infancy and a virus was something that caused a cold.
Now the DNS underlies virtually all IP communications and the need for DNS security is much more understood.
A cornerstone aspect of DNS security is trust. How do we know for certain that a DNS response came from the server authorized to provide the response? How do we know that a DNS response has not been modified by an attacker who intends to redirect unsuspecting users to a fake web site in order to steal financial or confidential information? The scary answer is that we don’t – unless we implement DNSSEC.