DNSSec Works for Consumers, Almost

Every since I found heard about Dan Kaminsky’s research on flaws in DNS in 2008 I have been looking forward to the industry’s response, DNSSEC (Domain Name System Security Extensions). Unfortunately DNSSEC required an end-to-end solution from the root DNS servers to ISP servers to routers to operating systems to browsers. Parts have been working for awhile like my ISP’s DNS server. Finally this weekend with some beta software from my home router my dream of seeing DNSSEC for consumers has been completed.

My Verizon’s DNS server supports DNSSEC (note that as of today not all of Verizon’s servers are supporting DNSSEC). My Asatro router has implemented DNSSEC. Firefox and Windows 8 support it. With the help of the Firefox DNSSEC validator plug in you can see in the screenshot below the validation that Symantec’s website is the real site and could not have been spoofed by a DNS exploit. Yeah!

Now its time for Cisco/Linksys, Netgear, D-Link, etc. to support DNSSEC.