DNSSEC provides data origin authentication and data integrity verification to the DNS through the use of public key cryptographic signatures. Public key cryptography uses asymmetric key algorithms of mathematically related key pairs in the form of a secure private key and a published public key. The combination of the key pair enables the verification of the authenticity of a DNS message through the creation of a digital signature of the DNS data using the secure private key. This signature can in turn be verified by a recipient security aware resolver using the already published public key from the pair.