Google: Where’s Your DNSSEC?

Google: Where’s Your DNSSEC?

Google has invested heavily in IT security, and, I think has done a decent job of it. All services are TLS by default, identity and authorisation is well dealt with.

So I was somewhat surprised this am to see that Google’s own .com (and .ca) are not DNSSEC setup. I wonder why, there must be a reason.

DNSSEC helps to avoid domain spoofing, which in turn can be used to cheat and get TLS certifications. I’m sure this was a conscious decision. Their 8.8.8.8 server does DNSSEC validation. Its an option in their managed Google Domains. Their Cloud DNS supports it. Just not inbound to their corporate domain.

2 Comments on “Google: Where’s Your DNSSEC?

  1. A lot of enterprises have opted out of DNSSEC as it makes DNS amplification attacks worse.

Leave a Reply

Your email address will not be published. Required fields are marked *

*