DNS was designed back in the 1980’s, when security wasn’t a primary focus of the internet. Without extra protection, a man-in-the-middle attack can possibly spoof DNS and lead users to phishing sites. DNSSEC, also known as DNS Security Extensions, helps put a stop to such attacks.
DNSSEC secures DNS lookups by signing the LEA’s domain DNS records using public keys. If an LEA enables DNSSEC, if a user gets back a malicious response when trying to go to the LEA’s domain, the user's browser can detect it. The hackers do not have the private key used to sign the legitimate LEA domain records and can no longer pass off a forgery.
Most domain registrars make it easy to enable DNSSEC for your domain.
Enable DNSSEC at NameCheap
If the LEA runs its DNS servers locally, just Google how to add DNSSEC to BIND, Microsoft, or the DNS server the LEA is using for more information.