Using DNSSEC
I was on StackOverflow the other day when I saw a nifty post on using custom DNS servers with NetworkManager. As you can see, in the middle of the post there's a link to https://dnssec.vs.uni-due.de. Being a curious sort, I opened it up and saw that it's a DNSSEC tester!
DNSSEC is a protocol for ensuring that DNS results are accurate, using public-key cryptographpy. It prevents cache poisoning and dns hijacking. It also prevents court-ordered DNS bans and hidden redirects, both of which violate RFC standards.
Unfortunately, most computers in the world do not use DNSSEC by default. Most end-users use DNS servers provided by their ISP, which often don't support DNSSEC at all. Fortunately, configuring it is a simple process for which Google has an extensive walkthrough, as well as an overview of DNS in general.
Appendix
- You may also want to see if you can access IPv6 sites
- Google has a web interface for DNS lookups
- Run your own DNS server!
- I've included DNSSEC testers in my own site. Open up the browser console to take a look!