Well this evening I setup DNSSEC for my domain liamsomerville.com
DNSSEC is a technology (defined under RFC 4033, RFC 4034, and RFC 4035) that was developed to, among other things, protect against DNS forgery with by digitally 'signing' data so you can be assured it is valid. However, in order to eliminate the vulnerability from the Internet, it must be deployed at each step in the lookup from root zone to final domain name (e.g., www.icann.org).
Signing the root (deploying DNSSEC on the root zone) is a necessary step in this overall process. Importantly I should point out it does NOT encrypt data. It just attests to the validity of the address of the site you visit.
Why bother? Well lets look at a sample attack scenario, lets say for instance the attacker forges the DNS for a domain where purpose of the attack is to take control of the session to, for example, send the user to the hijacker's own deceptive website, where website looks exactly like that of another site e.g facebook to steal facebook user credentials.