Being the backbone of the internet, the Domain Name System (DNS) protocol has undergone a series of improvements and enhancements over the past few years. The lack of stringent protections in the original DNS specification and discovery of security weaknesses over time, such as the decade-old Kaminsky bug, gave birth to the Domain Name System Security Extensions (DNSSEC) in 2010.
DNSSEC was created to build cryptographic protections through digital signatures so that the DNS clients around the world could authoritatively verify that a DNS response was coming from an authoritative DNS server and that the response wasn’t altered in transit.
