VeriSign announced that starting December 9th, .net and .com domains will be authenticated using DNSSEC. Right now, signatures are available for .net and .com, but they are not yet valid. The roll out will happen in stages, similar to the roll out for the root zone.
Verisign also offers a nice DNSSEC debugger . In case you implement DNSSEC, use it to test your zone, as well as a DNSSEC Test site  to check if your resolver uses DNSSEC.
and if you missed it... the solution is out for our DNSSEC related packet challenge: http://johannes.homepc.org/packet.txt
Defending Web Applications Security Essentials - SANS Security West 2019
Nov 4th 2010
8 years ago