A sufficiently powerful quantum computer could break RSA and ECDSA, the cryptographic algorithms that underpin DNSSEC, TLS certificates, DKIM signatures, and virtually every other security mechanism that protects DNS infrastructure today. When that happens, an attacker with a quantum computer could forge DNSSEC signatures, issue fraudulent certificates, and spoof email authentication, all without needing to compromise any keys or servers.
The question isn't whether this will happen. It's when. And the timeline matters more than most organizations realize, because of a threat that exists right now: "harvest now, decrypt later." As the joint CISA, NSA, and NIST factsheet on quantum readiness warns, cyber threat actors could be targeting data today using a "harvest now, decrypt later" operation, intercepting and storing encrypted traffic with the expectation that quantum computers will eventually allow them to decrypt it. For DNS, this means that DNSSEC-signed records captured today could be retroactively forged once quantum capabilities mature.
NIST finalized its first post-quantum cryptography standards in August 2024: ML-KEM for key encapsulation, ML-DSA for digital signatures, and SLH-DSA as a conservative hash-based signature alternative. Under the transition timeline in NIST IR 8547, quantum-vulnerable algorithms like RSA and ECDSA will be deprecated by 2030 and disallowed entirely by 2035.
