Word of day...

DNS Security Extensions (DNSSEC)

DNS Security Extensions (DNSSEC) are a set of Internet Engineering Task Force (IETF) standards created to address vulnerabilities in the Domain Name System (DNS) and protect it from online threats.

The Domain Name System manages Internet navigation by locating domain names and mapping them to IP addresses. DNS, as originally designed, has no way to determine whether domain name data comes from the authorized domain owner or has been forged. This security weakness leaves the system vulnerable to a number of attacks, including DNS cache poisoning. In a DNS cache poisoning attack, an intruder replaces a valid IP address cached in a DNS table with a rogue address so that requests for the valid address are redirected.
 
DNSSEC prevents redirects by authenticating the origin of the data and verifying its integrity as it is transmitted across the Internet. The purpose of DNSSEC is to increase the security of the Internet as a whole by addressing DNS security weaknesses. Essentially, DNSSEC adds authentication to DNS by facilitating digital signatures on domain name system (DNS) data and ensuring that digital certificates originate from a legitimate certificate authority