DNSSEC adds a signature to each and every DNS query and response on the Internet. When you sign your domain name with DNSSEC, each piece of your domain name’s DNS information adds a digital signature. When your customer types in your website address, or clicks on a link, a security-aware DNS resolver will only trust answers that have this signature attached to it. If the signature does not match, the security-aware DNS resolver discards the response. Technically speaking, DNSSEC ensures that the answer you receive came from a trusted name server. All answers in DNSSEC are digitally signed. By checking the digital signature, a DNS resolver is able to check if the information is identical (correct and complete) to the information on the authoritative DNS server.
