How can you tell whether the web site you see on your screen is actually the one you intended to visit? The truth is that you never know, unless it's signed with DNS SEC.
Most internet services are based on converting domain names to IP addresses. This includes surfing the net and sending e-mail, as well as telephony, sending and receiving files, virus and software updates, online messaging, etc. DNS however is an unprotected protocol. The messages exchanged are not encrypted and the origin of the reply cannot be retrieved unequivocally. In particular, the increased bandwidth used by internet hackers these days makes it easier to launch attacks on the DNS protocol. So precisely to fight back against attacks of this kind, a security extension was recently added to the DNS protocol: DNS Security Extensions.
DNS SEC digitally 'signs' all responses from a DNS server, so they can be matched with the original question. Corrupt responses are detected and discarded. The integrity of the DNS answers is protected by cryptographically signing the zon's DNS Resource Records and providing the public key to the resolver or application that validates the integrity of the received Resource Record.
Fraud doesn't get a chance when it's blocked before it even hits the computer screen. DNS SEC intercepts pharming, cache poisoning, redirection attacks or hijacking. Your clients know their online transactions are in safe hands. Your company gets labeled as a trustworthy DNS source.