What is DNSSEC?

Domain Name System (DNS)

The Domain Name System (DNS) is a distributed database, arranged hierarchically, containing records for domain names. The DNS system's main aim is to match a domain name to an IP Address. When a user types a domain name in a browser, the DNS translates the domain name to an IP Address.

Vulnerabilities were discovered in the DNS that allow a hacker to hijack this process of looking a site up on the Internet using the domain name. The purpose of such an attack is to take control of the user session to, for example, send the user to the hijacker's own deceptive web site for sensitive data collection. This lead to the introduction of Domain Name System Security Extensions (DNSSEC).

Domain Name System Security Extensions (DNSSEC)

Domain Name System Security Extensions (DNSSEC) is a technology developed to protect against malicious activities like cache poisoning, pharming, and man-in-the-middle attacks. It adds digital signatures to a domain name's DNS to determine the authenticity of the source domain name. DNSSEC is a set of extensions to DNS that provides to DNS clients (resolvers):

  • Origin authentication of DNS data,

  • Authenticated denial of existence,


  • Data integrity.

DNSSEC uses a digital signature to create a chain of authority. Then, it uses the chain to verify that the source domain name, which the DNS resolver returns, matches the DNS record stored at the authoritative DNS. If it cannot validate the source, it discards the response. This ensures that the user is connecting to the actual address for a domain name.

DNSSEC is currently supported for the following TLDs (domain name extensions):

  • 16 Users Found This Useful
Was this answer helpful?

Related Articles

Identifying New gTLD Extensions

Thexyz offers registration of Domain Names under various New gTLD extensions. TLDs in General...

Setup your own domain to use Thexyz Email

Professional Email Hosting With Your Own Domain How to set up a custom domain email address...

How to modify the Whois contact details of Domain Names

If you have a domain name registered then you will also need to supply accurate contact...

Whois Data Reminders

Thexyz sends an email to the Registrant of a domain name (under the extensions listed below) 6...

How to add a domain to cPanel

To add another domain to your cPanel hosting account, login to the cPanel control panel and click...