DNSSEC

RU: DNSSEC

A suite of IETF extensions (RFC 4033–4035) that adds cryptographic signatures to DNS records. Each zone signs its resource sets with a private key; a resolver verifies the chain of trust from the root DNSKEY down to the record, protecting against cache poisoning. DNSSEC proves authenticity and integrity but not confidentiality, and zone enumeration via NSEC remains a known weakness.