DNSSEC
DNSSEC guides and tutorials: sign and validate DNS zones to strengthen your infrastructure security.
12 articles

NIST SP 800-81r3: what the new DNS security guide changes
Full analysis of NIST SP 800-81r3, released March 19, 2026. Protective DNS, DNSSEC, encrypted DNS: the key recommendations for securing your infrastructure.

Ballot SC-085v2: certificate authorities now verify DNSSEC before issuing a TLS certificate
Since March 15, 2026, the CA/Browser Forum requires CAs to verify DNSSEC during domain validation. This guide covers the context, impact, and how to check your configuration.

SC-081v3: 47-day TLS certificates, why it matters and how to prepare
The CA/Browser Forum voted to progressively reduce TLS certificate lifetimes from 398 to 47 days by March 2029. Timeline, rationale, impact, and practical guide.

Microsoft 365 MX Migration to mx.microsoft: Automatic DNSSEC, Mandatory Graph API, and Action Items Before July 2026
Microsoft is changing DNS provisioning for Exchange Online domains. MX records are moving from mail.protection.outlook.com to mx.microsoft to streamline DNSSEC adoption. Here's what's changing and what you need to do.

SERVFAIL after enabling DNSSEC: diagnosis and fix
A SERVFAIL after enabling DNSSEC points to a broken chain of trust. This guide covers the five causes, three diagnostic commands, and exact fixes for each scenario.

Understand the DNSSEC chain of trust in 5 minutes
The chain of trust is the core principle behind DNSSEC. This guide explains every link, from the DNS root to your domain, with clear diagrams.

Enable DNSSEC: step-by-step guide by registrar
DNSSEC protects your visitors from DNS spoofing. This guide covers step-by-step activation for the 6 most popular registrars, with instant verification.




