Don't miss an insight. Subscribe to Techopedia for free.


Domain Name System Security Extensions

What Does Domain Name System Security Extensions Mean?

The Domain Name System Security Extensions (DNSSEC) is a suite of specifications outlining details for securing certain information being provided by the Domain Name System (DNS) as it is being used on networks using the Internet Protocol (IP). The DNS SEC is a set of extensions of DNS that provide DNS clients with origin authentication of all DNS data, data integrity and authentication denial of existence. It does not provide confidentiality or availability. These standards were created by the Internet Engineering Task Force (IETF).


Techopedia Explains Domain Name System Security Extensions

The Domain Name System is what manages Internet navigation by associating domain names with their respective IP addresses. It has no way of telling if the information really comes from the true domain owner or not, which leaves it vulnerable to some attacks like DNS cache poisoning. In this attack, the attacker replaces the correct IP address in the DNS cache with a different one designed to lead users to websites with viruses, worms or adware.

The DNSSEC uses digital signatures and cryptographic keys to ensure that the lookup table data is intact and that they are pointing to legitimate servers. The implementation of this extension is voluntary and is quite complex, which has resulted to slow adoption. It is offered as a managed service and some vendors sell automation tools for it. Important entities like the U.S. government have mandated that all of its agencies implement DNSSEC.


Related Terms