DNS/DNSSEC/FAQについて、ここに記述してください。

あまり参考にしない方がよさそうだが、目次は使える。

DNSSEC: Frequently Asked Questions

    What is DNSSEC?
    What problem does DNSSEC solve?
    Which problems does DNSSEC NOT solve?
    How does DNSSEC work?
    What's the process for implementing DNSSEC?
    Did DNSSEC at the TLD registry-level impact the signing of the root zone, and vice-versa?
    When will DNSSEC be available to .US and .BIZ registrars?
    Is there a requirement that registrars implement DNSSEC?
    When will DNSSEC be available to registrants for their domain names?
    How is a DNSSEC query formed?
    How does a registrant sign a zone?
    Where can more information be found?

4. How does DNSSEC work?

DNSSEC uses cryptographic electronic signatures (referred to as public and private keys) to determine the authenticity of data.
DNS clients that are DNSSEC-enabled will validate
any DNS response received by automatically checking the authenticity of the cryptographic signatures.
If the key is missing or not recognized,
the response is not validated and the DNS will not pass the false information on to the user.

検証できなかった情報はなかったものと同じ。 (end-to-endでの話)