To prevent someone poisoning DNS records, DNSSEC was introduced to protect the DNS traffic. Each DNS Record is digitally signed, creating an RRSIG record to protect against attacks assuring you that they are valid and their integrity has been maintained.

Exam tip: DNSSEC produces a RRSIG record for each host.

Get CompTIA Security+ Certification Guide now with O’Reilly online learning.

O’Reilly members experience live online training, plus books, videos, and digital content from 200+ publishers.