

Securing the Internet with DNSSEC - danyork
http://www.cyveillanceblog.com/general-cyberintel/dnssec

======
maeon3
It would be nice if dns would tell us when the dns routing has been tampered
with and or censored. We won't be able to stop governments from routing
legitimate requests to dev/null, maybe we can at least deliver a report to the
requester: "this request was blocked by government xyz, here is the traceroute
and details on the cancerous growth in the tubes."

~~~
danyork
Providing that kind of assurance of integrity is precisely what DNSSEC is
designed to do. With the signatures and "chain of trust" a DNSSEC-validating
DNS resolver could determine whether the DNS info has been tampered with and
provide that feedback back to an application. Now, how the application might
choose to present that info is a different question... and could, in fact,
offer creative error messages like the one you wrote.

~~~
danyork
On that topic of the user experience, you might also be interested in the post
I wrote about that question:

[http://www.internetsociety.org/deploy360/blog/2012/01/what-i...](http://www.internetsociety.org/deploy360/blog/2012/01/what-
is-the-correct-user-experience-for-dnssec-in-a-web-browser/)

which did get some discussion here on HN:

<http://news.ycombinator.com/item?id=3435143>

