How Does DNSSEC Work?

DNSSEC was designed to conduct data origin authentication and ensure data integrity through the Key Pairs and Digital Signatures technologies. Key Pairs are just like keys of a safe deposit box, where you would need to use two keys simultaneously in order to open the box. With Key Pairing technology, each DNS query can be verified via the “Chain-of-trust” and conduct data origin authentication.

Digital Signatures are used to verify the unique identity of a DNS record. By verifying the Digital Signature with the DNS record, DNSSEC is able to ensure data integrity.

Without DNSSEC, cyber-attack threats on Internet addresses, such as DNS cache-poisoning and DNS spoofing, can be exposed.