Is DNSSEC Adoption Worth It?

By: Anton McClure;

Published: February 11, 2020

Categories: Technology; Internet; DNS;

DNSSEC has a lot of hype surrounding it, but is it worth adopting?


The Domain Name System (DNS) is essentially the "phone book of the Internet". It is what makes sites like antonmcclure.com, google.com, facebook.com, oracle.com, linkedin.com, medium.com, and the many other sites and web applications we use on a day-to-day basis resolve to their domain names. As more and more people use the Internet, more and more malicious people and groups will try and take advantage of this system.

Since the beginning, DNS used UDP packets rather than establishing TCP connections. While this comes with an increase in speed, it makes it easier for addresses to be spoofed. If the address is spoofed, the site you go to might not actually be the site you were looking for. If you wanted to do online banking, purchase a product, make investments, or anything online, you'd want to make sure that you're in the right place.

DNS Is Not Secure

The DNS system, designed in the 1980s, has no way to verify the response except by checking IP addresses, which is not a reliable method since these addresses can easily be spoofed.

An attacker can fake the authoritative servers and spoof the response for certain domains without the user even realizing it.

These attackers can also poison DNS cache on legitimate recursive resolvers by sending a forged DNS response. When a user tries accessing the site with a fake response cached, the domain will resolve to the fraudulent address.

Introducing DNSSEC

DNS Security Extensions (DNSSEC), in comparison to DNS, is the "unspoofable Caller ID of the Internet", designed to add well-needed security to this system. It guarantees that web application traffic gets routed to the correct servers.

Some of the security benefits it provides include:

  1. Authenticating DNS data.
  2. Protecting data integrity.
  3. Authenticated denial of a domain's existence.

DNSSEC ensures that answers are digitally signed, and lets resolvers check if the information is identical to the info provided by the authoritative DNS server. For many internet users, protecting IP addresses and records is a concern. DNSSEC helps by providing that well-needed security for DNS.

Getting Your Domains Protected

DNSSEC is complicated, but that doesn't need to make it impossible for your domains to be secure. I use and recommend Cloudflare for their authoritative DNS servers (including security features and their CDN/Proxy) along with their offer for DNSSEC. The setup process was simple, and the benefits greatly outweighed letting users spoof responses or attempting to "self-host" the authoritative DNS server opening my server and others to various attacks.

Feel free to get started with protecting your domain with DNSSEC if you haven't done so already, learn more about DNSSEC, and know that you're helping make the Internet a safer place for everyone.

Recent Articles


Microsoft Launches New Edge Browser

By: Anton McClure;

Published: January 16, 2020

Categories: Technology; Microsoft;

The stable release of the new Microsoft Edge is now available for download.


Windows 7 Support Ends in 1 Day - What Options do Windows 7 Users Have?

By: Anton McClure;

Published: January 13, 2020

Categories: Technology; Microsoft; Windows;

Support for Microsoft Windows 7 will be ending in less than 24 hours. What options do those still on it have?


Resignation from Head Administrator of Zenith Shell Provider and Web Host (formerly Summit Tilde)

By: Anton McClure;

Published: January 10, 2020

Categories: Unorganized;

Resignation notice for Zenith Shell Provider and Web Host (formerly Summit Tilde).


How I Got Clean URLs For My Blog

By: Anton McClure;

Published: January 9, 2020

Categories: Technology; General;

A simple and free solution for SEO-friendly URLs that can be used with virtually any web app.


New Blog

By: Anton McClure;

Published: January 2, 2020

Categories: General;

Introduction post for new blog.