摘要
RFC 4033 introduces DNSSEC, the security extensions for DNS, explaining the threat model, security requirements, and operational overview. It describes how DNS responses can be authenticated using public-key cryptography to protect against cache poisoning and other DNS spoofing attacks.