DNSSEC Debate

Discussions center on the effectiveness, low adoption, security limitations, and criticisms of DNSSEC, often contrasting it with alternatives like DoH, DoT, and DNSCrypt.

➡️ Stable 0.5x Security

5,116

Comments

Years Active

Top Authors

#2602

Topic ID

Activity Over Time

2008

2009

2010

2011

126

2012

120

2013

134

2014

343

2015

561

2016

330

2017

271

2018

440

2019

505

2020

375

2021

299

2022

376

2023

420

2024

310

2025

393

2026

Top Contributors

tptacek (1044) teddyh (103) tialaramex (75) danyork (64) xorcist (56)

Keywords

COM e.g US OK sockpuppet.org DNS DNSSEC algolia.com HN DOA dnssec dns zones zone signatures domain secure cas attack servers

Sample Comments

hannob • Apr 11, 2019 • View on HN

DNS is usually not secure. DNSSEC is not deployed widely. End of story.

cxseven • Mar 21, 2015 • View on HN

It's no better unless the domain and all such CAs are using DNSSEC.

davidu • Jun 1, 2011 • View on HN

Your understanding of DNSSEC is incorrect.

wbl • Feb 13, 2020 • View on HN

If anyone used DNSSEC it would be a problem.

xvilka • Jun 1, 2023 • View on HN

We need a truly decentralized alternative, DNSSEC isn't that.

core-questions • Dec 17, 2019 • View on HN

Hey, good point. I guess there's not much I can do about that yet, without DNSSEC or whatever.

tptacek • Oct 10, 2018 • View on HN

False. DoH, DNS over TLS, and DNSCrypt/DNSCurve address that problem. DNSSEC does not.

jacooper • Oct 1, 2023 • View on HN

This wouldn't be possible with dnssec right?

wglb • Mar 2, 2025 • View on HN

No.For additional info, see https://sockpuppet.org/stuff/dnssec-qa.html and https://sockpuppet.org/blog/2015/01/15/against-dnssec/

spydum • Nov 16, 2011 • View on HN

Interesting position, care to elaborate how DNSSEC is damaging the internet?