[ahf]

It's true that we still haven't secured the connection between the user and his ISP's DNS server, which I agree is a problem. DNSSEC only helps between the DNS servers themselves.

We are now down to either a) run your own DNS server locally on your machine or b) use a third-party DNS server that we trust.

Personally, I use Thomas' (the person mentioned in the article itself) free, uncensored, DNS service called CensurFriDNS. You can read more about it here: http://censurfridns.dk/