alt Hacker NewsIf you don't absolutely have to, then don't.
That is to say, if you misconfigure it, or try to turn it off, you will have an invalid domain until the TTL runs out, and it's really just not worth the headache unless you have a real use case.
If you don't absolutely have to, then don't.
That is to say, if you misconfigure it, or try to turn it off, you will have an invalid domain until the TTL runs out, and it's really just not worth the headache unless you have a real use case.
I consider it as basic security measure as SSL. Otherwise any MitM can easily redirect users to a phishing resource.
Did DNSSEC for company website, worked with zero maintenance for several years. On a cloud-provided DNS. Would want the same on self-hosted DNS too.