The Doma in Name System (DNS) is a distributed tree-based database largely used to translate a human readable machine name into an IP address. The DNS security extensions (DNSSEC) has been designed to protect the DNS protocol using public key cryptography and digital signatures. In this paper, we show how DNSSEC can be attacked using compromised keys and the consequences of such attacks. Then, we propose a new revocation scheme for DNSSEC based on two new resource records. There is currently no revocation system defined in the DNSSEC standard.