DNS does not strongly validate the source of the information received through its queries. As a result, attackers can use methods such as DNS cache poisoning to provide forged data to DNS clients and trick these clients into visiting spoofed sites or addresses.

DNSSEC was created to stop the threat of forged DNS data. DNSSEC is an optional DNS server feature that provides digital signatures for its records and validates the signatures received from other DNSSEC-enabled servers. In Windows networks, DNSSEC is used as a server-to-server protocol that validates responses on behalf of Windows 7 clients.

Support for the latest version of DNSSEC is new to Windows Server 2008 R2 and Windows 7.