We enabled DNSSEC. Here's why.

If you care to check, you would know that DNSSEC is enabled for all of our domain names, including this one, nguyen.org.


The domain name system (DNS) is the phone book of the Internet: it tells computers where to send and retrieve information. Unfortunately, it also accepts any address given to it, no questions asked.


Email servers use DNS to route their messages, which means they’re vulnerable to security issues in the DNS infrastructure. In September 2014, just one year ago, researchers at CMU found email supposed to be sent through Yahoo!, Hotmail, and Gmail servers routing instead through rogue mail servers. Attackers were exploiting a decades-old vulnerability in the Domain Name System (DNS)—it doesn’t check for credentials before accepting an answer.


Relevant sources of information:

  • https://www.cloudflare.com/dns/dnssec/how-dnssec-works/
  • https://www.youtube.com/watch?v=NMzgDt6UD_M

Viet Nguyen