DNSSEC

Domain Name System Security Extensions

DNSSEC introduces security at the infrastructure level through a

hierarchy of cryptographic signatures attached to the DNS records.

Users are assured that the source of the data is verifi ably the stated

source, and that the mapping of name to Internet Protocol (IP) address

is accurate. DNSSEC-compliant name servers also provide denial of

existence, that is, they tell a user that a name does not exist. There are

two dominant strategies: (1) a process that zone operators can initiate

for digitally signing their own zones by employing public-private key

pairs and (2) a chain of trust between parent and child that enables

the system eventually to become trustworthy.