DNS Security Extensions (DNSSEC) is an extension to the Domain Name System (DNS). DNSSEC involves adding encrypted signatures to DNS records to protect data transmitted over Internet Protocol (IP) networks. DNSSEC exists because the architecture of DNS does not provide any protocol security measures, leaving room for attackers to forge records and redirect users to fraudulent websites. In this context, the DNSSEC protocol was introduced to enhance the authenticity and integrity of DNS responses.
DNSSEC establishes secure DNS by adding encrypted signatures to existing DNS records. These signatures, associated with common record types (such as AAAA and MX), are stored in DNS name servers. By checking the signature corresponding to the requested DNS record, it can be verified whether the record originates directly from its authoritative name server. This ensures that the record has not been tampered with or poisoned during its digital transmission, preventing the introduction of false records.