It is a collection of extensions to DNS that offer the DNS clients origin verification of DNS data, data reliability and authenticated defiance of existence.
When you spend some time on the Internet either sending an e-mail or browsing the Web, you make use of domain name servers without even recognizing it. DNS is an extremely important part of the internet but totally to the user. The DNS structure forms one of the principals and most vigorous distributed databases on the globe. With no DNS, the Internet would fail instantly, thus it must be properly maintained and the proper security system put in place to secure it from people with bad intentions. Similar to the majority of the early Internet protocols, DNS was not meant to bear it does nowadays. It was not made with an Internet-as-e-commerce stage in mind as it is today. It was too not made to deal with cache poisoning, phishers, farmers, denial-of-service attacks, spammers or any kind of scammer.
DNS reached its twenty-fifth in 2008, and started showing its age with major flaws in the system. Mimoso (2008, p1) says DNS was made as a "modest" substitute of host tables that were applied in keeping track of network machines. The ending outcome was the DNS we have come to recognize and love: a protocol that interprets domain names into IP addresses. This is what was required back in January 1, 1983 when machines on the ARPANET were needed to change to the TCP/IP protocol. What's required today is DNSSEC, which help defend against various attack against DNS servers, be it enterprise servers or the root DNS servers that control the Internet and have double fruitfully been attacked. DNSSEC offers source authentication of DNS data, data reliability and genuine denial of existence, as per the project's website. Various problems have subdued widespread deployment, including issues with scalability and well-suitability with diverse DNS servers.
It is generally believed that making the DNS safe is critically vital for securing the entire Internet; however implementation of DNSSEC particularly has been held back by the difficulty of working out a backward-compatible set that can scale to the range of the Internet, avoiding "zone enumeration" where necessary, positioning DNSSEC implementations over a wide range of DNS servers and clients, disparity among major players over who ought to own the Top Level Domains such as .com, .net and .org root keys and finally conquering the perceived complication of DNSSEC and DNSSEC operation. A number of these problems are in the course of being determined, and deployments in a range of domains have started to take place.