DNSSEC stands for “Domain Name System Security Extensions” and is an extension of DNS. The standard is defined in several RFCs (including RFCs 4033, 4034, 4035, 5155).

DNSSEC enables the recipient of a DNS response to ensure that the requested information reaches him unadulterated and authentic. The process of signing and verifying the data from the DNS takes place on the basis of the PKI (Public Key Infrastructure). However, the PKI in DNSSEC is not based on the classic CAs (Certification Authorities), but is hierarchically signed on the basis of the DNS.