Encrypted DNS may not make much of a contribution to the security of the internet, according to IBM identity expert Ron Williams.
While the DNSSEC protocol allows DNS servers to authenticate each other, that's no guarantee of trust, Williams told ZDNet UK on Friday. The DNS servers themselves may be controlled by malicious people, said Williams.
"In practice does it make a difference?" said Williams. "It doesn't help the global infrastructure because we don't know who runs the DNS domains. There's no mechanism for registering DNS servers."
John Crain, Icann's senior director of security, stability and resiliency, told ZDNet UK on Friday that while DNSSEC would help with DNS spoofing, and solves the problem of authentication, it doesn't solve the problem of identification.
"DNSSEC secures no specific thing, we still need secure routing," said Crain.