What is Domain Name System Security Extensions (DNSSEC)

edited April 2015 in Domain Names

Domain Name System Security Extensions (DNSSEC) is a
technology developed to protect against malicious activities like cache
poisoning, pharming, and man-in-the-middle attacks. It adds digital
signatures to a domain name's DNS to determine the authenticity of the
source domain name. DNSSEC is a set of extensions to DNS that provides
to DNS clients (resolvers):

  • Origin authentication of DNS data

  • Authenticated denial of existence


  • Data integrity.

DNSSEC uses a digital signature to create a chain of authority. Then,
it uses the chain to verify that the source domain name, which the DNS
resolver returns, matches the DNS record stored at the authoritative
DNS. If it cannot validate the source, it discards the response. This
ensures that the user is connecting to the actual address for a domain
name.

DNSSEC is currently supported for the following TLDs (domain name extensions):

  • By the Registry Operator:

    • .COM

    • .DE

    • .EU

    • .IN

    • .ME

    • .NET

    • .NL

    • .NZ

    • .ORG

    • .UK

    • .US

    • CentralNIC

  • By Thexyz:

    • .COM

    • .IN

    • .ME

    • .NET

    • .ORG

Sign In or Register to comment.