DNSSEC configuration!

As I said in my other question, I’ve just had my results back from my scan and I have an F for my DNSSEC Configuration! Again rather unsatisfactory! Can anyone explain in layman terms what it means and what needs to be done so I can get my A??

1 Like

So I saw your other question and response, would I be correct in saying that maintaining your website security is not your strong suit? If that is the case I would recommend getting a developer or if you are with shopify or a similar company they may be able to assist and help configure your DNSSEC as it can be quite a lengthy process and it may just be one part that is expired. I can explain why it’s important for DNSSEC to be configured properly, if you’re interested?


Ah right okay! Not the easy fix I was hoping for then! I have an independent website, I’m not with shopify, my techy friend is a developer so hopefully they will be able to sort this for me! But if you could still explain in layman terms what the security problems are with an unconfigured DNSSEC I would very much appreciate that!

Yeah sure, so DNSSEC require cryptographic signatures for all legitimate DNS records in the zone, these need to be in date and not expired. If anything is outdated you are leaving your site vulnerable to multitude of attacks such as spoofing DNS records, launch phishing attacks, DDoS or intercepting private information from a sites visitor.


If you want a more in depth simple explanation, this is a great resource:


Wonderful! Thank you! I will read through that link to learn more and hopefully understand my techy friend when we talk through fixing this issue! And Hopefully when this is all resolved I will rescan and get As across the board!