[deSEC] Action required: Insecure domain

Hi, yesterday I received an Mail from you guys which basicly says register your DNSSEC Key with your registrar or you’ll loose your account. [“Performing this step is required to use deSEC (see §4 of our Terms of Use).”].

I use deSEC quite some time now with an free .tk domain from freenom, just as DDNS address for my homelab.

Freenom as registrar doesn’t support DNSSEC. Will there be some exception or will I loose the ability to use deSEC as my DNS Provider?

Hi hnz101,

Thanks for your message, and welcome to deSEC! :slight_smile:

Actually, we don’t want to be unfriendly to our users. So, as long as resource usage is not problematic, we are not currently planning to actually shut down service for domains for which the domain provider or TLD operators does not allow setting up DNSSEC. (This assessment might change in the future.)

That said, the reason why deSEC exists is that Internet security is a problem, and we’d like to make a contribution to improve the situation together with our users.

In cases where the TLD registry does support setting up DNSSEC (not in your case!), we therefore feel that those who benefit from deSEC’s service – which was a significant development effort, and continues to be an operational and financial one – should consider finding a way to not only use the nice UI and API, but also complete the DNSSEC configuration. To us, that seems like a reasonable trade-off for this free service, and our terms reflect that position.

For those cases where the domain provider and not the TLD registry is the problem: We will be happy to recommend reasonably priced domain providers where things are handled very smoothly. DNSSEC stuff is done automatically (domain owners just have to do the transfer, not the DS setup).

Looking forward to hearing from you!

Stay secure,

1 Like

Thank you for your extensive answer and I am glad to hear that.

I totally understand the idea behind the request to complete the DNSSEC configuration and would like to comply with that, but like already said unfortunately freenom doesn’t support DNSSEC.
If the fact changes I am happy to complete my configuration but at the moment I wouldn’t move to some paid domain for my minimal use of it.

That’s fine. We’re not asking people to change their domain names if the TLD registry doesn’t support DNSSEC. – But if it does, we do appreciate when people switch to a domain provider that allows setting it up correctly.

Stay secure,

Hi, I received a similar email a few days ago, and I’m considering to move to a different provider. So I would be interested in the recommendations you mentioned previously.


Hi p3rj,

Thanks for your message, and welcome to deSEC! :slight_smile:

As a tax-exempt non-profit, we avoid public statements that could be construed as advertisement (because that would threaten our tax-exempt status). I’m happy to recommend something via email, though – feel free to get in touch.

Stay secure,