Domain Name System (DNS) is the system for the mapping between easily memorizable host names and their IP addresses. Due to its criticality, security extensions to DNS have been proposed in an Internet Engineering Task Force (IETF) working group to provide authentication. We point out two difficulties in the current DNSSEC (DNS Security Extension) standards in the handling of DNS dynamic updates: the online storage of a zone security key, creating a single point of attack for both inside and outside attackers; and the violation of the role separation principle, which in the context of DNSSEC separates the roles of zone security managers from DNS server administrators. To address these issues, we propose a secure DNS architecture that is based on threshold cryptography. We show that the architecture adheres to the role separation principle without presenting any single point of attack. Our experimental results reveal that, in terms of signature computation times, our architecture incurs negligible performance penalty when using RSA/MD5 signatures but significant overhead when using DSA signatures. It is our belief that the high level of security that can be achieved by the proposed architecture far outweighs its potential overhead, especially in critical DNS zones, such as the .com zone.