What is DNSSEC?

DNSSEC (DNS Security Extensions) adds authentication to DNS:

What it does:

Signs DNS records with cryptographic keys

Resolvers can verify signatures

Detects tampering or forged responses

How it works:

Domain owner signs records with private key

Public key published in DNS

Resolvers verify signature chain from root

Protection provided:

Prevents DNS cache poisoning

Prevents man-in-the-middle DNS attacks

Ensures authenticity of DNS data

Limitations:

Does not encrypt DNS queries

Does not hide what you are looking up

Adds complexity to DNS management

Official seal on registry documents. Verifies the documents have not been altered.