The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on IP networks.
It is a set of extensions which provide DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.
Since the original specification of DNS did not include any security details, DNSSEC attempts --while maintaining backward compatibility-- to protect applications (and caching resolvers serving those applications) from using forged or manipulated DNS data (such as that created by DNS cache poisoning).
All answers from DNSSEC protected zones are digitally signed, verifying their authenticity.
Please note that the initial DNSSEC specification RFC 2535 has become obsolete, due to scalability concerns. DNSSEC-bis is the current protocol. For further information, see: RFC 4033, RFC 4034, and RFC 4035.
DNSSEC Complexities:
Before you consider turning on DNSSEC for you domain, there are a few things to consider and discuss with your DNS provider:
Zone Content Exposure
Key Management
Reflection/Amplification Threat protection
OnDMARC will display the DNSSEC status of your domains in your Control Panel.
Create a free OnDMARC account.