As the title really. Should I make the effort to enable DNSSEC for my start-up? At the moment I'm currently using Amazon Route 53 but could move to custom DNS servers if supporting DNSSEC is considered important enough.<p>My start-up is directed at very technical users (developers primarily) so I get the feeling that they will appreciate the extra security that DNSSEC provides but at the same time running my own DNS is an extra expense that might be better used for something else.<p>Another advantage of running my own DNS servers is that I can supply DNS services to clients as well which would be a nice little add-on for them.<p>What would you do?
What compelling business need is there for DNSSEC? The only thing I can think of are some of the compliancy rules for gov/corp work coming up in 2014 & 2015. Unless DNSSEC makes you money youre wasting your time.<p>Secondly any comment that trivializes DNSSEC implementation has little real world experience. Go read the DNS OARC archives. Major orgs, .gov, TLDs, etc, <i>regularly</i> break DNSSEC deployments. These are the domain experts who are pushing Wider adoption. If they can't consistently execute why do you believe you will be successful?
Pro: It's not much trouble, DANE and other things will make it worthwhile, and it's easier to do when you can still have a bit of downtime without pain.<p>Contra: There's always much to do in a startup. Deferring tasks is good, even though they'll be more difficult later.<p>There are a few providers around who'll do most of the job for you. It's called a "hidden primary", and easydns offers it, among others.