DNSSEC (DNS Security Extensions) is a security add-on for the DNS service which gives unbeatable protection against falsified DNS data, since it is based on cryptography and digital signatures. Put simply, the service is used to match a domain name with a specific computer on the internet. The principle is the same as for an SSL certificate, except that it checks the authenticity of the DNS enquiry instead of the publisher of the page. DNSSEC, which provides comprehensive protection against DNS attacks, was developed due to weaknesses in the DNS.

How does DNSSEC work?
If you use DNSSEC for your domains, all records will be digitally signed. The correct DNS record will be authenticated by a chain of trust. In other words, every hardware and software component is validated from the bottom up, right to the top layer. DNSSEC begins by verifying the public keys for the root zone, e.g. .se

When looking up something in a zone with DNSSEC, the computer checks that the zone contains an RRSIG DNS record. An RRSIG record saves digital signatures that are created through a special locator type (resource record), which comes from using a DNS key for the domain.