Skip to Content

What is Domain Name Security Extensions (DNSSEC)?

Domain Name Security Extensions (DNSSEC) is a critical upgrade to the security of the Internet by protecting users against attacks such as those listed above. DNSSEC provides authentication and integrity to the DNS to end malicious attacks by achieving the following:

  • Origin authentication and data integrity:
    DNSSEC-capable resolvers digitally verify that the DNS data they receive is identical to the information on the authoritative DNSSEC-capable name server. This is done by authenticating the origin and integrity of DNS data as it transits the Internet.
  • Authenticated denial of existence:
    DNSSEC-capable resolvers are able to determine whether or not a resource, such as a name server, actually exists, adding a layer of security.

All answers to queries in DNSSEC are digitally signed. By checking the digital signature, you can verify if the information is identical to the information on the authoritative DNS server, ensuring that what you queried is what resolves.

Owners of websites and email servers that have implemented DNSSEC will have a higher degree of certainty that visitors to their website and emails destined for their mail servers will not be redirected elsewhere.