Do you know of additional resources we should consider adding here? Or are there additional “basic” questions you feel we should answer here? If so, please send them to us.

Why should I care about DNSSEC?

“DNS Security Extensions,” commonly known as DNSSEC, provide a way to be sure that you are communicating with the correct website or other service. Before you connect to a website, your browser has to retrieve the IP address of the site using DNS. However, it is possible for an attacker to intercept your DNS queries and provide false information that would cause your browser to connect to a fake website where you could potentially provide personal information (for example, what you think is a bank website). DNSSEC provides a level of additional security where the web browser can check to make sure the DNS information is correct and was not modified.

Where can I learn the basics of how DNSSEC works?

As part of this project, we are planning to create some new material specifically explaining how DNSSEC works. In the meantime, though, we thought these resources would be helpful (and please drop us a note if you know of other great tutorials/intros about DNSSEC):

• Video showing how DNS works, how it can be attacked and how DNSSEC can help
• Video explaining DNSSEC from Comcast
• For those seeking more technical information, the NIST Secure DNS Deployment Guidelines provide a tutorial in the beginning before getting into deeper technical information.

As a user, what do I need to do to see DNSSEC information in my daily usage of the web?

(New pages will be created for each of these bullets with further links and information.)

• Ensure that your web browser supports DNSSEC
• How To Add DNSSEC Support To Google Chrome
• How To Add DNSSEC Support To Mozilla Firefox
• Ensure that your local DNS server will pass along DNSSEC records

How do I set up DNSSEC for my domain name?

(New pages will be created for each of these bullets with further links and information. In particular we will have step-by-step instructions for enabling DNSSEC at as many registrars and DNS hosting services as possible.)

• How To Secure and Sign Your Domain With DNSSEC Using Domain Registrars
• Add DNSSEC records directly to your DNS zone

Are there tools I can use to test my DNSSEC implementation?

Our DNSSEC Tools page lists a wide number of tools, including:

• DNSSEC Analyzer from Verisign Labs
• DNSViz from Sandia National Laboratories

Where can I get more technical information to dive into the details?

• The DNSSEC Deployment Initiative publishes a great amount of information about DNSSEC.
• The NIST Secure DNS Deployment Guide explains in great detail how DNS works, the threats to DNS and how those threats can be addressed using DNSSEC and other technologies.
• The actual specification is available in the RFCs related to DNSSEC.
• The Wikipedia entry for DNSSEC also contains many links to additional information.