For Internet users it is essential that they can rely on the integrity of the information they have called on. It must be guaranteed, for instance, that the contents of a website they see on their screen is identical with the data of the website they wanted to access. To achieve this, the path from the query sent to a website up to the response received must be secured. Domain Name Security Extensions (DNSSEC) render a contribution to this security. They authenticate the origin of data for the Domain Name System (DNS), i.e. they secure the path between the DNS servers and the validating DNS clients. The signature applied reveals if the data is authentic, i.e. if it originates from the authoritative zone. At the same time, securing data integrity protects against DNS data that was manipulated on the way.
However, DNSSEC does not warrant the correctness of the initially stored data of a website nor does it prove that the data is harmless. Neither will DNSSEC recognize if a website you call on, and which you have possibly accessed via a link received in an e-mail, is forged (so-called phishing), nor is it able to protect against domain hijacking or manipulations during the registration process.