The Domain Name System Security Extensions (DNSSECs) are concerned with various internet standards that extend the domain name system to source identification and, in doing so, ensure the authenticity and integrity of the data. After the initial DNSSEC version from 1999 turned out to be unsuitable for larger networks, it was a few years until the extensions for DNS security were finally published in the three RFCs (Requests for Comments) RFC 4033, RFC 4034, and RFC 4035 in 2005, making DNSSEC standard practice in the US. In 2010, this technology was applied to the root level of the internet, namely on the 13 root name servers that are responsible for the name resolution of top-level domains (.com, .co.uk, etc.)
DNSSEC is based on a public key cryptosystem, an asymmetric encryption method in which the two parties involved exchange a pair of keys containing a public key and a private key, as opposed to one, shared, secret key. The private key carries all pieces of DNS information, known as resource records, and a unique digital signature. Through the public key, the clients can verify this signature and so the authenticity of the source can be confirmed.