All the components of the DNS resolving system must be DNSSEC-“signed” or capable in order to receive a DNSSEC authenticated DNS response.
These elements include:
- Top Level Domain (TLD), such as a “.com” for example, must be DNSSEC-signed or compatible. We have 14 DNSSEC-signed extensions that support it.
- DNS that the domain uses must be DNSSEC capable.
All these elements should be in place and be working properly in order to receive a DNSSEC- authenticated response from the DNS system.
Here is the list of the TLDs that support DNSSEC: