Many private users are totally focused on HTTPS, and forget about their insecure DNS traffic. Cleartext DNS traffic can be modified or logged, and third parties can learn about your surfing habits.

People who are familiar with network protocols and DNS can configure DNSSEC as well as DNS-over-TLS. If configured correctly, you get validated DNS responses, and your DNS traffic is authenticated and encrypted.

@infosechandbook Have you considered posting some kind of "debunking dnssec myths" article?

It seems every time dnssec is mentioned on HN some security experts are critical. A random example:


Maybe we will publish something regarding this in the future.

Sign in to participate in the conversation
Mastodon is a microblogging site that federates with most instances on the Fediverse.