Domain Name System Security Extension (DNSSec) is designed to protect against forged and manipulated DNS data, thus ensuring that DNS records received are identical to the records published on the DNS server. Traditional DNS records can be forged/modified however, this becomes extremely difficult with DNSSEC.

How does it work?

DNSSEC works by digitally signing records for DNS lookup using public-key cryptography. The correct DNSKEY record is authenticated via a chain of trust, starting with a set of verified public keys for the DNS root zone.
By checking the digital signature, a DNS resolver is able to check if the information is identical (i.e. unmodified and complete) to the information published by the zone owner and served on an authoritative DNS server. 
DNSSEC can protect any data published in the DNS, including text records (TXT), mail exchange records (MX), etc.

How do I set it up?

Using Rebel's DNS: Currently, we do not offer hosted DNSSec services; however, as a registrar, we provide the tools to allow you to configure your domain to work with third-party DNS providers that offer DNSSec.
To configure the service, you will need to get the Delegation Signer Records (DS) for the domain from your DNSSEC provider and follow these steps:

1.  Sign the domain with DNSSec at your DNS provider and note the information from the DS records that were generated.
2.  Complete the fields below.

• Key Tag:
• DNSKEY Algorithm:
• Digest Type:
• Key Digest:

3.  Send the completed fields to our support team by email, and we will be able to make these updates for your domain.

Using Plesk DNS: Plesk allows you to set up DNSSEC. Through this article, it will walk you through the steps on how to add it properly to your hosting. Once it is set up, you will then have to contact our support team to finalize the updates. Please read the following article for more information: https://docs.plesk.com/en-US/obsidian/administrator-guide/dns/using-dnssec.76434/