A Solution for Authoritative DNS
I’ve been thinking about improving my DNS setup. So many things will use e-mail verification as a backup authentication measure that it is starting to show as a real weak point. An Ars Technica article earlier this year talked about how “[f]ederal authorities and private researchers are alerting companies to a wave of domain hijacking attacks that use relatively novel techniques to compromise targets at an almost unprecedented scale.” The two attacks that are mentioned in that article, changing the nameserver and changing records, are something that DNSSEC could protect against.