DNS plays a key role on the internet by performing the resolution of the domain name to a respective IP address. While it performs a very essential service, it does not provide any data integrity or origin authority. Such a lack of security can be manipulated to spoof the domain name with a malicious IP address and forward all the data toward the malicious server. DNS cache poisoning is one such known attack that leverages this security hole for data leaks.
DNS Security Extension (DNSSEC) is a suite of security extensions to the DNS protocol that introduces the concept of zone signing, thereby helping to provide data integrity and origin authority to the DNS resource records.