What does DNSSEC use to create a chain of authority?

DNSSEC, or Domain Name System Security Extensions, employs digital signatures to create a chain of authority within the domain name system. This security extension is designed to protect against certain types of attacks, such as cache poisoning and data spoofing. By using digital signatures, DNSSEC allows a DNS resolver to verify that the responses it receives for DNS queries haven't been tampered with and come from a legitimate source.

When a DNS record is signed with a digital signature, it includes a cryptographic hash value that validates both the source of the data and its integrity. The signature is created using the private key of the zone's DNS server and can be verified by resolvers using the corresponding public key. This mechanism ensures that users are obtaining accurate DNS responses and enhances the overall security of internet communications by building a trust chain from the DNS root down to the specific domain.

Digital signatures thereby provide the foundation for establishing trust in domain name data, making them integral to the DNSSEC framework. Other options, while related to security, do not specifically pertain to the creation of a chain of authority in DNS queries.