DANE is a security protocol that goes beyond the standard HTTPS protocol in securing the trust chain between server, Certificate Authority, and user.
In the current HTTPS protocol it is assumed that certificates issued by a trusted CA are automatically also trusted and secure. The root certificate of the CA is used as a so-called trust anchor. However, this means that if a trusted CA is hacked, browsers wont be able to differentiate between real and falsely issued certificates.
DNSSEC
DNSSEC was created to uplift the security of domains. This protocol means that a separate certificate is created for the nameserver of a domain. A summary of this public certificate is then handed over to the registry handling the TLD. Any time a browser sends a request, the registry responds with not only the nameserver data, but also the signature belonging to the certificate. When this signature does not correspond with the information on the nameserver, or is missing from the response, the DNS data is invalid.
Dutch