DNSSEC stands for Domain Name System Security Extensions. It is a set of security additions for DNS, the system that turns a domain name into the server address a computer needs. Normal DNS was designed for speed and compatibility, not strong proof. DNSSEC helps by adding digital signatures to DNS records.
When you type a domain into a browser, a DNS resolver looks up information such as the IP address for that domain. Without DNSSEC, an attacker who can interfere with the lookup might try to send a fake answer. With DNSSEC, the resolver can check whether the DNS answer has a valid signature from the domain's trusted chain.
DNSSEC does not encrypt the DNS request by itself. Its job is authenticity, not privacy. It helps answer the question: "Did this DNS record really come from the correct source, and was it changed on the way?" Other technologies can be used for DNS privacy, but DNSSEC focuses on preventing forged responses.
A simple example is a banking website. If a DNS answer is forged, a user could be sent to the wrong server before the browser even reaches the real site. DNSSEC gives resolvers a way to reject answers that fail validation, reducing the chance of that kind of redirection.
DNSSEC works best when the domain owner, registrar, DNS provider, and resolver all support it correctly. It can be technical to configure, but its purpose is straightforward: make the internet's name system harder to trick.