We are currently running a DNSSEC enabled DNS resolver on one of our customer facing production name servers.
This means if a zone fails to validate via DNSSEC, then the server will return an error rather than passing you on to a potentially compromised host.
If all goes well, we will deploy this software on the remaining servers.
For more information on DNSSEC see the following:
http://www.icann.org/en/about/learning/ ... t08-en.htm
http://en.wikipedia.org/wiki/Domain_Nam ... s#Overview
This means if a zone fails to validate via DNSSEC, then the server will return an error rather than passing you on to a potentially compromised host.
If all goes well, we will deploy this software on the remaining servers.
For more information on DNSSEC see the following:
http://www.icann.org/en/about/learning/ ... t08-en.htm
http://en.wikipedia.org/wiki/Domain_Nam ... s#Overview