What is DNSSEC?
DNSSEC (short for Domain Name System Security Extensions) applies digital signatures to DNS data to authenticate the data’s origin and verify its integrity as it moves across the Internet. DNSSEC is designed to protect from “man in the middle” and cache poisoning attacks, whereby hackers corrupt DNS data stored on recursive servers to redirect queries to fraudulent sites and unintended addresses. With DNSSEC, poisoning a recursive server’s cache is much more difficult because DNS administrators sign their data. The resulting digital signatures on that DNS data are validated through a “chain of trust” that starts with the public key published today for the root zone.