I'm new to setting up DNS and need some help. I manage a domain through Cloudflare DNS, where I have several proxied subdomains and services, including an API, WebSocket interface, static assets, and email via ProtonMail. All my domains use HTTPS with Let's Encrypt and I've set up HTTP to HTTPS redirects on my VPS. I'm considering enabling DNSSEC to enhance DNS integrity, but I've heard that misconfiguration can lead to problems with my sites or email services. Some people have even advised against using DNSSEC in specific scenarios, making me hesitant to enable it outright. I'd really appreciate insights from anyone experienced with DNSSEC, especially regarding potential risks with Cloudflare DNS, impacts on ProtonMail MX/email services, safe ways to test DNSSEC before fully enabling it, and an explanation of why DNSSEC sometimes gets a bad rap. Thanks for any guidance!
1 Answer
You're right to be cautious about enabling DNSSEC because the potential for misconfiguration is real. The crux of the matter is that testing DNSSEC can be tricky; most folks recommend trying it on a separate domain if you can. It's not that DNSSEC is useless, but it may not solve as many problems as people assume. I set it up on a new domain, which made it much easier without any headaches.
Thanks for that clarification! I totally see where you're coming from. I'm in learning mode with DNSSEC and just want to make sure I grasp the pitfalls without risking my domain. If you have any simpler ways to explain what can go wrong, I'd appreciate it.