Main Page

The short answer: DNSSEC is a protocol extension to the internet's Domain Name System (DNS) that provides assurance that the information received from a Domain Name Server is authentic. For example, when a URL is typed into a browser, a user can be assured the IP address the machine connects with is correct.

For a longer answer look at these sites:

• http://www.dnssec.net/
• http://www.dnssec-deployment.org/

They answer the question as well or better than it will be answered here.

Insert scary story here, but basically DNSSEC should be used so a user can be sure the host to which they want to connect is the host with which their machine actually connects. If you are reading blogs or watching the latest funny myspace video, you probably don't care. If you're buying something online, sending private emails, going to your bank's website to pay bills, or doing online stock trades, it's a lot more important (and while this kind of attack is not known to be happening on a large scale yet, it has happened).

This diagram shows who uses and administers DNS systems, and how DNSSEC is used by everyone. DNSSEC-Tools has tools for everyone:

The DNSSEC-Tools project is an open-source effort designed to make DNSSEC easy. DNSSEC-Tools is a suite of free, open-source software, containing a wide variety of tools and libraries. Its modular organization and the free source code allow you to customize and build your own tools.

• for the Zone Administrator
• for Authoritative Server administrators
• for Recursive Server administrators
• for Application Developers
• for End-Users
• and even more Tutorials!

• The DNSSEC-Tools Home Page
• DNSSEC-Tools Releases
• SVN Source code repository information
• Software User Manual

• http://www.dnssec-deployment.org/
• IETF Working Groups
• DNSEXT
• DNSOP
• External links

• Release Instructions