The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF) specifications for securing certain kinds of information provided by the Domain Name System (DNS) as used on IP networks.

It is a set of extensions which provide DNS clients (resolvers) origin authentication of DNS data, authenticated denial of existence, and data integrity, but not availability or confidentiality.

Since the original specification of the DNS did not include any security details, DNSSEC attempts --while maintaining backward compatibility-- to protect applications (and caching resolvers serving those applications) from using forged or manipulated DNS data (such as that created by DNS cache poisoning).

All answers from DNSSEC protected zones are digitally signed, verifying their authenticity.
 
Please note that the initial DNSSEC specification RFC 2535 has become obsolete, due to scalability concerns. DNSSEC-bis is the current protocol. For further information, see: RFC 4033, RFC 4034, and RFC 4035

OnDMARC will display the DNSSEC status of your domains in your Control Panel.

Create a free OnDMARC account.

Did this answer your question?