DNSSEC - Protection against 'memory poisoning'
The Domain Name System Security Extensions (DNSSEC) methodology was introduced to provide increased protection against cache poisoning. It should no longer be so easy to attack the Domain Name System (DNS), an abuse that has often redirected data traffic to a foreign computer. Denial of Service (DoS) attacks, IP spoofing and DNS hijacking all originated from this security vulnerability.
DNSSEC secures data traffic using an encryption process. In a nutshell, the owner of the information signs every data traffic on the master server with a secret key ('private key'), which only the recipient can resolve with their 'public key'. The keys used have a limited period of validity. The EDNS capability of a computer is required to participate in the procedure. This 'extended DNS' allows protocol extensions to the Domain Name System (DNS).
It should be noted that with the DNSSEC procedure, only the 'traffic routes' via the participating servers are encrypted. The data or 'content' of a message remains unencrypted.