DNSSEC: Overcoming DNS Security Limitations

A.

DNSSEC (Domain Name System Security Extensions) was designed to overcome DNS spoofing attacks, also known as DNS cache poisoning attacks. DNS spoofing is a type of attack in which an attacker intercepts and modifies DNS queries and responses to redirect traffic to a malicious website or to intercept sensitive information.

DNSSEC is a set of extensions to DNS that provide a way to digitally sign DNS records. DNSSEC uses cryptographic techniques to ensure the authenticity and integrity of DNS data. With DNSSEC, clients can verify that the DNS records they receive are accurate and haven't been modified by an attacker.

In DNSSEC, each zone in the DNS hierarchy is signed using a private key, and the corresponding public key is published in the DNS. When a client requests a DNS record, the server returns the record along with a digital signature. The client can then use the public key to verify the signature and ensure that the record hasn't been tampered with.

Therefore, the correct answer to the question is A. DNSSEC was designed to overcome DNS man-in-the-middle attacks (also known as DNS spoofing attacks) by providing a way to digitally sign DNS records and ensure their authenticity and integrity. DNS flood attacks, DNS fragmentation attacks, DNS hash attacks, DNS replay attacks, and DNS violation attacks are types of attacks that DNSSEC was not specifically designed to address.