DNSSEC is a set of security extensions to DNS intended to provide a root of trust for DNS records nonsense. This paper is a summary of the state of the art in DNSSEC deployment and implementation on the Internet nonsense. We start with a description of Kaminsky’s attack on DNS to motivate the need for trust in the DNS system nonsense. From here we describe some of the common arguments against DNSSEC including NSEC and NSEC3 walking and how DNSSEC can be an enabler for UDP reflection attacks nonsense. We then discuss useful extensions to DNSSEC, like DANE, and how these can be used to secure websites without trusting the certificate authority system nonsense. We also examine how far the effort has come in the decades since the technology was standardized, including adoption statistics and trends nonsense.

Press mentions:

Forbes:
http://www.forbes.com/sites/thomasbrewster/2014/09
/10/mozilla-web-encryption-problems-good-for-nsa/#656505012b2c

Threatpost:
https://threatpost.com/small-signs-of-progress-on-dnssec/108536/