What is DNS Security (DNSSEC)?

What is DNS Security (DNSSEC)?

DNSSEC is an addition to the Domain Name System (DNS) protocols; it is designed to add security to the DNS to protect it from certain attacks, such as any data modification attack (e.g. cache poisoning). It is a set of extensions to DNS, which provide origin authentication of DNS data, data integrity and authenticated denial of existence.

The Domain Name System Security Extensions (DNSSEC) as described in [RFC4033], [RFC4034], and [RFC4035] define new records and protocol modifications to DNS that permit security-aware resolvers to validate DNS Resource Records (RRs).