DNSSEC: Everything you need to know
The concept of DNSSEC
The collection of security extensions known as DNSSEC gives DNS authentication and data integrity.
The Internet Engineering Task Force (IETF) developed it in the 1990s. Its principal objective is to offer an authentication mechanism that uses digital signatures based on open cryptography to demonstrate the data’s origin. With a private key, the data owner can certify the security of DNS data (DNS records). Each recursive server can authenticate the source of the data by comparing it to the public key.
The root server is at the top of the trust chain, which extends down to the specific hostname. Except for the root zone, which has nothing above it, each zone is signed by the one above it.
The recursive server will drop data and try again if, for any reason, it cannot authenticate it. Be safe rather than sorry.