Skip to Main Content
DNS Security Extensions (DNSSEC) became standardized more than 15 years ago, but its adoption is still limited. The recent publication of several new, off-path DNS cache-poisoning and wide-scale man-in-the-middle attacks should motivate DNSSEC adoption. However, significant challenges and pitfalls have resulted in severely limited deployment, which is furthermore often incorrect (and hence vulnerable). The authors outline these problems and suggest directions for improvement and further research.