DNSSEC
E37203
DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
All labels observed (11)
How this entity was disambiguated
This entity first appeared as the object of triple T287275 — resolving that mention is where its identity was fixed. The disambiguator weighed these candidate entities and picked the highlighted one (or “None”, minting a new entity). This is how homonymy is resolved: the same surface form can point to different entities.
Target entity: DNSSEC Context triple: [Domain Name System root zone, usesStandard, DNSSEC]
-
A.
Domain Name System root zone
The Domain Name System root zone is the top-level, authoritative directory of the internet’s domain name hierarchy, mapping top-level domains to their corresponding name servers.
-
B.
Domain Name System
The Domain Name System (DNS) is the hierarchical, distributed naming infrastructure of the internet that translates human-readable domain names into numerical IP addresses used by computers.
-
C.
RFC 1035
RFC 1035 is an Internet standards document that defines the implementation details, message formats, and operational procedures for the Domain Name System (DNS).
-
D.
OpenDNS
OpenDNS is a cloud-delivered DNS and security service provider known for web filtering, phishing protection, and enterprise network security solutions.
-
E.
SSL
SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure, encrypted communication over a computer network, commonly used to protect data transmitted between clients and servers.
- F. None of above. chosen
- G. Unsure - the case is ambiguous/there is not enough information to decide.
Target entity: DNSSEC Target entity description: DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
-
A.
Domain Name System root zone
The Domain Name System root zone is the top-level, authoritative directory of the internet’s domain name hierarchy, mapping top-level domains to their corresponding name servers.
-
B.
Domain Name System
The Domain Name System (DNS) is the hierarchical, distributed naming infrastructure of the internet that translates human-readable domain names into numerical IP addresses used by computers.
-
C.
RFC 1035
RFC 1035 is an Internet standards document that defines the implementation details, message formats, and operational procedures for the Domain Name System (DNS).
-
D.
OpenDNS
OpenDNS is a cloud-delivered DNS and security service provider known for web filtering, phishing protection, and enterprise network security solutions.
-
E.
SSL
SSL (Secure Sockets Layer) is a cryptographic protocol designed to provide secure, encrypted communication over a computer network, commonly used to protect data transmitted between clients and servers.
- F. None of above. chosen
Statements (51)
| Predicate | Object |
|---|---|
| instanceOf |
DNS extension
ⓘ
internet security protocol suite ⓘ |
| abbreviation | DNSSEC self-link ⓘ |
| appliesTo |
forward DNS zones
ⓘ
reverse DNS zones ⓘ |
| definedInRFC |
RFC 4033
ⓘ
RFC 4034 ⓘ RFC 4035 ⓘ RFC 4509 ⓘ RFC 5011 ⓘ RFC 5155 ⓘ RFC 5702 ⓘ RFC 6605 ⓘ RFC 6840 ⓘ RFC 8080 ⓘ |
| deploymentStatus | partially deployed on the public internet ⓘ |
| doesNotProvide | confidentiality ⓘ |
| fullName |
DNSSEC
self-linksurface differs
ⓘ
surface form:
Domain Name System Security Extensions
|
| introducesRecordType |
CDNSKEY
ⓘ
CDS ⓘ DNSKEY ⓘ DS ⓘ NSEC ⓘ NSEC3 ⓘ NSEC3PARAM ⓘ RRSIG ⓘ |
| mitigates |
DNS cache poisoning
ⓘ
DNS spoofing ⓘ |
| operatesOn | DNS resource records ⓘ |
| provides |
data integrity
ⓘ
data origin authentication ⓘ |
| relatedStandard |
DANE
ⓘ
TSIG ⓘ |
| requires |
DNSSEC-aware authoritative name servers
ⓘ
DNSSEC-validating resolvers ⓘ |
| rootZoneManagedBy |
Internet Corporation for Assigned Names and Numbers
ⓘ
surface form:
ICANN
U.S. Department of Commerce ⓘ VeriSign ⓘ
surface form:
Verisign
|
| rootZoneSigned | 2010-07-15 ⓘ |
| standardizedBy |
Internet Engineering Task Force
ⓘ
surface form:
IETF
|
| supportsAlgorithm |
DSA
ⓘ
ECDSA ⓘ Ed25519 ⓘ Ed448 ⓘ RSA ⓘ |
| usesCryptography | public key cryptography ⓘ |
| usesMechanism |
chain of trust
ⓘ
delegation signer records ⓘ key signing key ⓘ zone signing key ⓘ |
| verificationPerformedBy | validating resolver ⓘ |
How these facts were elicited
The pipeline generated the facts above by prompting gpt-5.1 with this entity's name + description and the instruction below.
You are a knowledge base construction expert. Given a subject entity and a description of it, return factual statements that you know for the subject as a JSON list of dictionaries(triples), where keys must be "subject", "predicate" and "object". The number of facts may be very high, between 25 to 50 or more, for very popular subjects. For less popular subjects, the number of facts can be very low, like 5 or 10. # Requirements - If you don't know the subject at all, return an empty list. - If the subject is not a named entity, return an empty list. - Include at least one triple where predicate is "instanceOf". - Do not get too wordy. - Separate several objects into multiple triples with one object.
Subject: DNSSEC Description of subject: DNSSEC (Domain Name System Security Extensions) is a suite of specifications that adds cryptographic authentication and integrity protection to DNS data to prevent attacks such as cache poisoning and spoofing.
Referenced by (44)
Full triples — surface form annotated when it differs from this entity's canonical label.