What is DNSSEC?
DNS Security Extensions, known as DNSSEC, provides a way to authenticate DNS response data. Before you connect to a website, your browser has to retrieve the IP address of the site using DNS. However, it is possible for an attacker to intercept your DNS queries and provide false information that would cause your browser to connect to a fake website where you could potentially provide personal information. DNSSEC provides a level of additional security where the web browser can check to make sure the DNS information is correct and was not modified. Note, that DNSSEC is NOT only for the Web, but also can be used by any other Internet service or protocol.
How does DNSSEC work?
DNSSEC creates a secure domain name system by adding cryptographic signatures to existing DNS records. These digital signatures are stored in DNS name servers alongside common record types like A, AAAA, MX, CNAME, etc. By checking its associated signature, you can verify that a requested DNS record comes from its authoritative name server and wasn’t altered en-route, opposed to a fake record injected in a man-in-the-middle attack.
If you wish to enable DNSSEC, please visit the How Do I Enable DNSSEC article.