Dot-Org TLD Signed For DNSSEC

graychase writes "A major milestone is reached as the first major top-level domain (.org) is now secured with DNSSEC. The expense to .org for implementing DNSSEC on its infrastructure and operations has not been a small one. While specific figures as to the cost of DNSSEC implementation haven't been released, Afilias, which is the technical operator of the .org registry, told InternetNews.com in 2009 that the DNSSEC implementation would be a multi-million-dollar effort. The cost isn't going to be passed on by .org to domain registrars. The move toward securing the .org registry with DNS security started in September 2008, following the Kaminsky DNS flaw disclosure."

As an end-user, is there some way to tell?

[JSBiff]

As an end-user, is there some way for me to tell if a domain has been authenticated along the whole chain by DNSSEC? Do any of the web-browsers, for example, include DNSSEC support, to show that a domain has been verified? Or, is DNSSEC only a server-to-server tech, but doesn't extend to end users? If it does extend to the end-user computer, can I use DNSSEC on an un-trusted network, to connect securely to my ISP's DNS Server (or google dns, or OpenDNS, etc), to make sure I'm getting back the correct DNS info (I suppose the 'real' answer for such a situation, at least currently, is a VPN, although some organizations [like where I work] have VPN's that only tunnel traffic to the secured network, and won't tunnel any other traffic, so such a VPN doesn't protect you when visiting any other sites/hosts on the internet).

I think it would be nice, if I don't have access to a real VPN connection, to at least be able to make sure that DNS is secured and trustworthy (although that, of course, doesn't guarantee that there aren't any man-in-the-middle attacks).