Home : Internet Terms : DNSSEC Definition


Stands for "Domain Name System Security Extensions." It is an extension of the standard domain name system (DNS), which translates domain names to IP addresses. DNSSEC improves security by validating the authenticity of the DNS data.

The original domain name system was developed in the 1980s with minimal security. For example, when a host requests an IP address from a name server using a standard DNS query, it assumes the name server is valid. However, a name server can pretend to be another server by spoofing (or faking) its IP address. A fake name server could potentially redirect domain names to the wrong websites.

DNSSEC provides extra security by requiring authentication with a digital signature. Each query and response is "signed" using a public/private key pair. The private key is generated by the host and the public key is generated by a DNS zone, or group of trusted servers. These servers create a chain of trust, in which they validate each other's public keys. Each DNSSEC-enabled name server stores its public key in a hashed "DNSKEY" DNS record.

Enabling DNSSEC

While DNSSEC is not required for web servers or mail servers, many web hosts recommend it. To configure DNSSEC, you must use a nameserver that supports it, like PowerDNS or Knot DNS. Then you must enable DNSSEC on your server and configure it within the control panel interface.

If you are using a public nameserver, activating DNSSEC up may be as simple as clicking "Enable DNSSEC." If you are using a custom name server, you may need to manually create one or more delegation signer (DS) records. After you have enabled DNSSEC, it may take several hours to activate since the server must validate the DS records with other servers within the DNS zone.

Updated: June 27, 2020

Cite this definition:


TechTerms - The Tech Terms Computer Dictionary

This page contains a technical definition of DNSSEC. It explains in computing terminology what DNSSEC means and is one of many Internet terms in the TechTerms dictionary.

All definitions on the TechTerms website are written to be technically accurate but also easy to understand. If you find this DNSSEC definition to be helpful, you can reference it using the citation links above. If you think a term should be updated or added to the TechTerms dictionary, please email TechTerms!

Sign up for the free TechTerms Newsletter

How often would you like to receive an email?

You can unsubscribe at any time.
Questions? Please contact us.