Which technology provides authentication of DNS traffic?

Authentication of DNS data is achieved by DNSSEC. It adds digital signatures to DNS records and a chain of trust from the DNS root down to individual zones. When a resolver receives DNS data, it can verify the signatures against published public keys (DNSKEYs) to confirm that the information came from the legitimate domain authority and has not been altered in transit. This provides origin authentication and data integrity for DNS responses, helping prevent cache poisoning and spoofing. DNSSEC does not encrypt DNS queries or responses, it only signs them to prove authenticity. The other options describe either attack techniques or security at different layers or for other purposes (for example, TLS secures encrypted channels, IPsec protects IP packets), but they are not designed to authenticate DNS records the way DNSSEC does.