2
When I register a domain, and update the DNS records, these changes propagate to other DNS servers around the world. But how do the servers that are accepting these changes know they can trust these changes? How can they make sure that it's not a criminal, redirecting traffic away from example.com to their malware website by changing the DNS records?
The simple answer is that it doesn't know who to trust. Which is the reason two possible replacements to the standard DNS system is being proposed. DNSsec is one of those possible solutions. To make a complex process simple both involve a "circle of trust" where all parties have to agree the change is actually valid. – Ramhound – 2013-04-23T11:06:52.420
Ramhound : DNSSEC is certainly not a "replacement" for DNS, it is an extension of it. – bortzmeyer – 2013-04-24T20:09:52.467