The Internet's a dangerous place for an innocent Web browser to be searching alone for the right Web page, so the
Domain Name System Security Extensions (DNSSEC) was created to make searching safer. That's the good news. The bad news is that
DNSSEC adoption has been lagging. Now, Google has announced that it's
supporting DNSSEC in its Google Public DNS service.
The DNS is the master address list for the Internet. Thanks to it, you can simply type in a human-readable URL, such as my own Web site's
practical-tech.com, instead of writing out its IPv4 address "209.50.251.116." That's all well and good, but DNS doesn't have any built-in way to make sure that the IP address information it's feeding your browser is the real address.
That security hole has led to a kind of attack known as
DNS cache poisoning. In it, you can click your way to what appears to be the site you want to go to, but under the surface, your browser is directed by a bad DNS address to a malware-loaded site.