What does DNSSEC protect against?

What does DNSSEC protect against?

DNSSEC is designed to protect Internet resolvers (clients) from forged DNS data, such as that created by DNS cache poisoning. Currently, a DNS resolver sends a query out to the Internet and then accepts the first response it receives, without question. If a malicious system were to send back an incorrect response, the resolver would use this address until its cache expired. This is bad enough if it’s a single user’s computer that gets this bad data, it’s much worse if it’s another name server that answers queries for an ISP – affecting thousands of users.