Skip to main content
Help Center
The GoDaddy Community will undergo maintenance starting on Wednesday, August 4th at 3pm PST / 6pm EST. Learn more
cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Go to solution
BulldogX
New

To DNSSEC or Not to DNSSEC - That is the Question

I'm unsure about whether I should add DNSSEC to my domain. While it increases trust, it also adds overhead and is not that widely implemented. What is people's thinking about adding DNSSEC?

1 ACCEPTED SOLUTION
BulldogX
New

I was fortunate to chat with a Guide who is a native English speaker, and she provided my answer:

 

DNSSEC adds overhead to DNS lookups, and not all name servers support DNSSEC at present. Implementing DNSSEC across the internet is a big project that requires considerable effort and expense. Implementation is moving forward, but slowly.

 

While there's no absolute reason that a domain shouldn't use DNSSEC, the added overhead can reduce site performance and can increase the chances that a website won't resolve.

 

Someone whose website is not a regular target of malicious activity (e.g., a high profile public figure) and/or doesn't collect sensitive data may want to forgo DNSSEC. GoDaddy only recommends DNSSEC to users whose websites or data is hit with malware quite often. It makes otherwise simple DNS operations more complicated. DNSSEC is something to add only if you really need it. You can upgrade to it anytime if it's needed.

 

In addition, and as a practical matter, hackers usually attack the content of a website or data it hosts, rather than its DNS record.

View solution in original post

1 REPLY 1
BulldogX
New

I was fortunate to chat with a Guide who is a native English speaker, and she provided my answer:

 

DNSSEC adds overhead to DNS lookups, and not all name servers support DNSSEC at present. Implementing DNSSEC across the internet is a big project that requires considerable effort and expense. Implementation is moving forward, but slowly.

 

While there's no absolute reason that a domain shouldn't use DNSSEC, the added overhead can reduce site performance and can increase the chances that a website won't resolve.

 

Someone whose website is not a regular target of malicious activity (e.g., a high profile public figure) and/or doesn't collect sensitive data may want to forgo DNSSEC. GoDaddy only recommends DNSSEC to users whose websites or data is hit with malware quite often. It makes otherwise simple DNS operations more complicated. DNSSEC is something to add only if you really need it. You can upgrade to it anytime if it's needed.

 

In addition, and as a practical matter, hackers usually attack the content of a website or data it hosts, rather than its DNS record.

View solution in original post