The Domain Name System Security Extensions (DNSSEC) are an extension of the Domain Name System (DNS) to ensure the authenticity and integrity of DNS data.

The recipient of a DNS message (DNS response) can use a signature embedded in it and two cryptographic keys to check whether the transmitted DNS information is genuine and authentic, i.e. whether it actually comes from the responsible DNS server. If both checks yield positive results, the DNS response is considered to be trustworthy (valid).

By doing this, attackers are prevented from redirecting requests for a website to a fraudulent site by using so-called (DNS) cache poisoning.