With the release of latest DNS Cache poisoning attack, DNSSEC is gaining some attention. As it is supposed to provide cryptographic means to prevent such attacks. Though it doesn’t prevent DDOS attacks that have come to known in the DNS space, it is a good step forward to consider DNSSEC.
But, why DNSSEC implementation efforts are not moving forward? The issue with this is much the same set of complications as PKI deployments. And there are no commercial value additions that’ll give push to the vendors to adopt DNSSEC.
Here’s an old paper that discusses the reasons, also proposing alternative means to deploy DNSSEC, http://www.research.att.com/~trevor/papers/dnssec-incentives.pdf
Few steps forward,
.ORG Becomes First Generic Top Level Domain to Start DNSSEC Implementation ,
http://pir.org/index.php?db=content/News&tbl=Press&id=9
Domain Name Security Paper Released,
http://www.icann.org/en/announcements/announcement-24jul08-en.htm