[$] Supporting secure DNS in glibc

One of the many weak links in Internet security is the domain name system(DNS); it is subject to attacks that, among other things, can misleadapplications regarding the IP address of a system they wish to connect to.That, in turn, can cause connections to go to the wrong place, facilitatingman-in-the-middle attacks and more. The DNSSECprotocol extensions are meant to address this threat by setting up acryptographically secure chain of trust for DNS information. When DNSSECis set up properly, applications should be able to trust the results ofdomain lookups. As the discussion over anattempt to better integrate DNSSEC into the GNU C Library shows,though, ensuring that DNS lookups are safe is still not a straightforwardproblem.