Yesterday,the Germany registry DENIC has launched DNSSEC for .DE domain names .This is another important step towards security on the internet .
You can read the press release after the jump :
"On 31 May 2011, the German registry DENIC took the last step required to launch DNSSEC for .de: The .de zone now contains the final public key, which is suited for validation.
Moreover, DENIC has submitted to the Internet Assigned Numbers Authority (IANA) the so-called DS record for publication in the root zone. The DS record refers to the public key for .de and is a mandatory prerequisite for validating DNSSEC-signed domains. It will probably become visible in the root zone by mid-June and from then on allow validation of signed .de domains all across the Internet.
Signing of a domain can be carried out either through the web or domain service provider or by the domain holders themselves. If signing is performed by one of these service providers – which may be an optional service – this provider also is responsible for generating the keys, signing the zone data, carrying out re-signing before signatures expire, and for changing the keys at the required intervals. Domain holders who want to protect their domains with DNSSEC can do this from now on. They are kindly requested to contact their registrar, who will also register the keys with DENIC.
To be able to benefit from DNSSEC as an Internet user you need a validating resolver that is capable to interpret the additional information supplied by DNSSEC. If you do not operate a validating resolver yourself, your Internet service provider (ISP) will normally operate such a resolver for you. When you visit a website, the operating system installed on the computer automatically directs the DNS query to the DNS server defined by the respective ISP. That server will validate data authenticity.
Operators of validating resolvers do not need to configure a trust anchor for .de in addition to the one used for the root zone. It is not recommended either, since such a configuration might lead to later key rollovers not being noticed. This, in turn, might entail validation errors and failures."