"DNS has historically been one of the many insecure parts of the
Internet's critical infrastructure – even considering
decade-plus attempts to improve it with technologies like DNSSEC.
Despite DNSSEC, and the global improvements resulting from Dan
Kaminsky's discovery of a critical flaw in the DNS, there remains
an inherent insecurity in the DNS protocol itself: it is
transported in plaintext, unencrypted and in the open.
"This insecure connection between the end user and their DNS
resolver, which might be described as the "last mile," is ripe for
abuse, and has been abused in the past. The insecure nature of that
"last mile" connection enables an array or attacks and privacy
violations. In truth, Internet users have very little privacy when
accessing the Internet on unsecured wireless networks and as a
result, are left highly vulnerable."