DNSSEC is a security extension for the DNS-protocol. This extension for the DNS-protocol increases domain name security. With DNSSEC it is no longer possible to manipulate traffic to websites with so called cache poisoning or man in the middle attacks.
To prevent these attacks from happening, DNSSEC couples the response of a DNS-query with a digital signature. Because of this it becomes possible to verify if the records that are sent by a DNS-server are valid. In order to establish this the DNS-servers are equipped with a system for asymmetric cryptography, or better known as 'public-key cryptography'. This results in the DNS-information being signed with a private key. By making use of a public key users can check if the received information is valid.