What is DNSSEC?
Domain Name System Security Extensions (DNSSEC) add digital signatures to a domain name's DNS (Domain Name System) to determine the authenticity of the source domain name.
DNSSEC is a set of extensions to DNS that provides:
- Origin authentication of DNS data
- Data integrity
- Authenticated denial of existence
DNSSEC addresses an identified security risk and helps prevent malicious activities like cache poisoning, pharming, and man-in-the-middle attacks. It uses a digital signature to create a chain of authority. Then, it uses the chain to verify that the source domain name, which the DNS resolver returns, matches the DNS record stored at the authoritative DNS. If it cannot validate the source, it discards the response.