Should I at this point strive to have DNSSEC enabled for as many domains as possible?

I have just read like half of the Internet about the importance of DNSSEC and I still have no clear answer.

@peterbabic Definitely yes. Many security features depend on dns and work reliably only if dns is secured by DNSSEC

@stepan Well my old nameserver provider / domain registrar supported DNSSEC in one click, but my current one only supports adding an existing DNSSEC key from other authority to the domain record, i e. from Cloudflare or even my old provider.

Now it looks like I have to get back to the nameservers of the old provider with my current registrar to get DNSSEC to work.

@peterbabic Yea, this is for me the must have criteria for my domain registrar. I also don't want to hassle with keys myself on my hobby projects. I just want my provider to have it automated for me as service.

@stepan there's lot of controversy, like clients do not verify it sufficiently or that the big players do not even use it. It is definitely not solving all problems, and it only protects against a few attacks, in my current understanding. Anyway, vďaka za koment

@peterbabic I know, but that's nothing you can change. Using DNSSEC on your side is enough for todays dns technology and standards. If the remote side is not verifing retrived records is remote's side problem. Not yours. 🙂

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.