Security model issues
Can we trust the correctness of the data published using DNS?
- The DNS administrator is normally not a security geek
- DNS service may be outsourced
Is the trust-model used by the DNS the same as for the application?
The integrity of the information needs to be protected all the way from the application to zone signing
- DNSSEC will not automagically help us with this!
- Secure dynamic update might help