Before making a connection, the browser has to retrieve the IP address of the site using DNS. Attackers can still intercept DNS queries and provide false information that would cause the browser to connect to the fake website. DNSSEC provides an additional layer of security where the browser can check to make sure the DNS information is correct and not modified. DNSSEC is not ONLY for the web but also can be used by any other Internet service or protocol. Local DNS resolver will perform "DNSSEC validation" and just automatically block sites that fail because of incorrect DNSSEC signatures. The DNS resolver is either on your ISP or on your local network. An alternate option can be to install a validating DNS resolver on your local desktop or laptop computer. Finally, if you don't have access to any kind of DNSSEC-validating resolvers, another step you can take is to add support for DNSSEC directly into a web browser such as Google Chrome or Mozilla Firefox.
**DNS must be hosted by MJJT Consultants.