I was on StackOverflow the other day when I saw a nifty post on using custom DNS servers with NetworkManager. As you can see, in the middle of the post there’s a link to https://dnssec.vs.uni-due.de. Being a curious sort, I opened it up and saw that it’s a DNSSEC tester!
DNSSEC is a protocol for ensuring that DNS results are accurate, using public-key cryptographpy. It prevents cache poisoning and dns hijacking. It also prevents court-ordered DNS bans and hidden redirects, both of which violate RFC standards.
Unfortunately, most computers in the world do not use DNSSEC by default. Most end-users use DNS servers provided by their ISP, which often don’t support DNSSEC at all. Fortunately, configuring it is a simple process for which Google has an extensive walkthrough, as well as an overview of DNS in general.