Domain Name System Security Extensions

What Does Domain Name System Security Extensions Mean?

The Domain Name System Security Extensions (DNSSEC) is a suite of specifications outlining details for securing certain information being provided by the Domain Name System (DNS) as it is being used on networks using the Internet Protocol (IP). The DNS SEC is a set of extensions of DNS that provide DNS clients with origin authentication of all DNS data, data integrity and authentication denial of existence. It does not provide confidentiality or availability. These standards were created by the Internet Engineering Task Force (IETF).


Techopedia Explains Domain Name System Security Extensions

The Domain Name System is what manages Internet navigation by associating domain names with their respective IP addresses. It has no way of telling if the information really comes from the true domain owner or not, which leaves it vulnerable to some attacks like DNS cache poisoning. In this attack, the attacker replaces the correct IP address in the DNS cache with a different one designed to lead users to websites with viruses, worms or adware.

The DNSSEC uses digital signatures and cryptographic keys to ensure that the lookup table data is intact and that they are pointing to legitimate servers. The implementation of this extension is voluntary and is quite complex, which has resulted to slow adoption. It is offered as a managed service and some vendors sell automation tools for it. Important entities like the U.S. government have mandated that all of its agencies implement DNSSEC.


Related Terms

Latest Cybersecurity Terms

Related Reading

Margaret Rouse

Margaret Rouse is an award-winning technical writer and teacher known for her ability to explain complex technical subjects to a non-technical, business audience. Over the past twenty years her explanations have appeared on TechTarget websites and she's been cited as an authority in articles by the New York Times, Time Magazine, USA Today, ZDNet, PC Magazine and Discovery Magazine.Margaret's idea of a fun day is helping IT and business professionals learn to speak each other’s highly specialized languages. If you have a suggestion for a new definition or how to improve a technical explanation, please email Margaret or contact her…