DNS Security Extensions (DNSSEC) as its name suggest is a security extension of the popular Doman Name System (DNS). The primary job of the DNS is to translate "human-memorable" domain names into "machine-readable" IP addresses. DNS is not as secure as it need to be, and DNSSEC was invented to strengthens authentication in DNS using public key cryptography. This prevents Man-in-the-Middle (MITM) attack with a chain of trust as every link in the chain has signed DS record. Use our DNSSEC lookup tool to verify existance and validity of the DNSSEC record.


What is DNSSEC?

DNSSEC (Domain Name System Security Extensions) is a set of security extensions to the Domain Name System (DNS) that provides origin authentication and data integrity for DNS data. DNSSEC provides a way to verify that the data returned by a DNS query is both authentic and has not been tampered with in transit.

DNSSEC works by using digital signatures and public-key cryptography to secure the DNS data. When a client performs a DNS query, the DNSSEC-enabled DNS server returns a digital signature along with the query response, which the client can then use to verify the authenticity and integrity of the data.

DNSSEC helps to protect against several types of attacks on the DNS, including cache poisoning attacks, man-in-the-middle attacks, and attacks that exploit vulnerabilities in the DNS protocol. By providing a way to secure the DNS data, DNSSEC helps to ensure that clients are able to access the correct and authentic data when they perform a DNS query.

DNSSEC is an optional extension to the DNS and is not required for the normal operation of the DNS. However, as more organizations adopt DNSSEC, it is becoming increasingly important for organizations to implement DNSSEC to help secure the DNS and protect against attacks.