DNSSEC - pros, cons?

humptydumpty

Has anyone set up DNSSEC before? Is it worth the hassle and what are some cons you've come across?

My domains are hosted with NameSilo and I'm using DNSMadeEasy to manage my domains that point to a VPS with Contabo.

In my NameSilo account, I found the area where to add the DNSSEC keys/info and according to my search, it seems I need to get those keys from my VPS host (Contabo). However, I'm not sure if it would work since I use a middleman (DNSME) to manage my DNS.

A penny for your thoughts!

mehdi

Don't bother. Basically, it's useless, as clients do not rely on it, sadly

humptydumpty

@mehdi That's a shame. Thanks!

gml

I use it, in combination with DANE for certificate pinning in DNS.
mehdi is sort of right - clients dont really use it, some mail providers do. But I know of no one that enforces it (by dropping e-mails or traffic).

I use a browser add on in Firefox that displays me the DNSSEC and DANE status of webpages I'm visiting. With the add on I know at least something is odd when it fails on my own pages / domains.